| | 161.97.102.40 | | 1.4 kB |
IP161.97.102.40:0
File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators Hash4c9e82ba65994ec4186c4afaef6ed084 e7de675b4392a6777b4d028bdc47b6d476914371 583158c976abf1da481dd4c14a4c3ddb58c5eeef31b3ffed972106e431212839
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
ETag: W/"fa5-595nW0OSpnd7TQKL3Ee21HaRQ3E"
Content-Encoding: gzip
|
|
| 161.97.102.40/css/custom.css | 161.97.102.40 | 200 OK | 685 B |
URL GET HTTP/1.1161.97.102.40/css/custom.css IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeassembler source, ASCII text Hash4e7f887c5d4f30ecc94b7a59270280c6 f57a3eb7894cc6cb4a9ec1c7fbbd18a22cdd4bb0 386bae14885723ea44232a92cf67c328dc541928afb042326885bf0fec1b8984
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /css/custom.css HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:31 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 685
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sun, 25 Aug 2019 19:00:38 GMT
ETag: W/"2ad-16cca26d3f0"
|
|
| www.googletagmanager.com/gtag/js?id=G-W6SP16VJD5 | 142.250.74.168 | 200 OK | 93 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-W6SP16VJD5 IP142.250.74.168:443
Requested byhttp://161.97.102.40/login CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (3034) Hash8869245928b2cfef7a93b060f5aca1a3 e70953056cd1568cd1b7d8fc57f6961d01f1d4fb 8c9e4d4f4fdfee315c73f80862f3864c9962a5b975dddcd86bd8051ac5f0bbdc
GET /gtag/js?id=G-W6SP16VJD5 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 13:34:31 GMT
expires: Wed, 24 Apr 2024 13:34:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92992
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 161.97.102.40/js/jquery-3.4.1.min.js | 161.97.102.40 | 200 OK | 88 kB |
URL GET HTTP/1.1161.97.102.40/js/jquery-3.4.1.min.js IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery-3.4.1.min.js HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:31 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 88145
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 21 Aug 2019 17:29:46 GMT
ETag: W/"15851-16cb53a3310"
|
|
| 161.97.102.40/js/snackbar.min.js | 161.97.102.40 | 200 OK | 3.4 kB |
URL GET HTTP/1.1161.97.102.40/js/snackbar.min.js IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeJavaScript source, ASCII text, with very long lines (1083) Hash3331bae64bb768b66ff42d3cdf84b9d4 310c07435fb42b09af3ffe6fa2a86c8dcf3037ea 8394b5e437c5fd4a50d0c3ce8fa00a062859959b041c2feabd96c7848d65a1a3
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /js/snackbar.min.js HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:31 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 3386
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 24 Aug 2019 22:24:06 GMT
ETag: W/"d3a-16cc5babf70"
|
|
| 161.97.102.40/js/main.js | 161.97.102.40 | 200 OK | 1.2 kB |
IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeASCII text, with CRLF line terminators Hash6c3dc22930cc1ef3dc4b5dfbf2dffaad 627bdeb526a505cb45cea6e507466f79b6e8c838 75bea9d908ddb42abc52f07b0b0102df35d646ebe989d7d228a6e2f5216f2bb1
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /js/main.js HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:32 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 1233
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 24 Aug 2019 23:04:18 GMT
ETag: W/"4d1-16cc5df8d50"
|
|
| 161.97.102.40/js/semantic.min.js | 161.97.102.40 | 200 OK | 276 kB |
URL GET HTTP/1.1161.97.102.40/js/semantic.min.js IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeJavaScript source, ASCII text, with very long lines (65316) Size276 kB (275730 bytes) Hash5e7273015cebd8d647f801625b68783c 3d1f50123702e8d7353d98f04b5d819ed50be836 0a04a8582f70e7036623568df1d20c2bee833de95412dbc3afe05cda6ff4371f
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /js/semantic.min.js HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:31 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 275730
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 20 Aug 2019 19:54:46 GMT
ETag: W/"43512-16cb0989770"
|
|
| 161.97.102.40/css/snackbar.min.css | 161.97.102.40 | 200 OK | 1.3 kB |
URL GET HTTP/1.1161.97.102.40/css/snackbar.min.css IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeASCII text, with very long lines (1279), with no line terminators Hash4220368aced9a5ce011f2ce9bd8b1035 a410e3754656f7dfc63749cfcf0bae3b62ca93ae a9fb1d56a55e28f572e7c1f1f6a0889fc36c761d93535ca2704ec1e441e2f92b
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /css/snackbar.min.css HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:31 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 1279
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 24 Aug 2019 22:24:14 GMT
ETag: W/"4ff-16cc5badeb0"
|
|
| 161.97.102.40/css/semantic.min.css | 161.97.102.40 | 200 OK | 628 kB |
URL GET HTTP/1.1161.97.102.40/css/semantic.min.css IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeASCII text, with very long lines (59894) Size628 kB (628536 bytes) Hashd4bf675e63729054e6efe9bde86a761e c41b559e345ce6988e259c8529b864d10c7160e4 5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /css/semantic.min.css HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:31 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 628536
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 20 Aug 2019 19:54:00 GMT
ETag: W/"99738-16cb097e3c0"
|
|
| 161.97.102.40/logo.png | 161.97.102.40 | 200 OK | 4.0 kB |
IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typePNG image data, 298 x 100, 8-bit/color RGBA, non-interlaced Hasha3537929c1ed046f93df0ce80fa6ba16 5460805d1393a68c1b823e5faae2dfc1242ed3d5 a4bd5a6140b726dca0b97a2b6f4f7d3166a5e0e98d33f065e689922f33e144f6
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /logo.png HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:40 GMT
Content-Type: image/png
Content-Length: 3972
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 23 Aug 2019 22:30:04 GMT
ETag: W/"f84-16cc099d9e0"
|
|
| fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 | 216.58.207.227 | 200 OK | 24 kB |
URL GET HTTP/2fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 IP216.58.207.227:443
Requested byhttp://161.97.102.40/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23580, version 1.0 Hashe1b3b5908c9cf23dfb2b9c52b9a023ab fcd4136085f2a03481d9958cc6793a5ed98e714c 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://161.97.102.40
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:21:46 GMT
expires: Fri, 18 Apr 2025 17:21:46 GMT
cache-control: public, max-age=31536000
age: 504774
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 | 216.58.207.227 | 200 OK | 23 kB |
URL GET HTTP/2fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 IP216.58.207.227:443
Requested byhttp://161.97.102.40/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23040, version 1.0 Hashde69cf9e514df447d1b0bb16f49d2457 2ac78601179c3a63ba3f3f3081556b12ddcaf655 c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://161.97.102.40
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 02:02:48 GMT
expires: Wed, 23 Apr 2025 02:02:48 GMT
cache-control: public, max-age=31536000
age: 127912
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin | 142.250.74.106 | 200 OK | 585 B |
URL GET HTTP/2fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin IP142.250.74.106:443
Requested byhttp://161.97.102.40/login CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeHTML document, ASCII text Hashe30d33063f191eb2f4f529c1b4da8720 11a82001e66d212613802b07d5ea6f69b10f26ee 406a5cae3747cc55ca2eed35088a9d66efdcf995a7d5f2f9be7111dc06bacc6b
GET /css?family=Lato:400,700,400italic,700italic&subset=latin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 13:34:40 GMT
date: Wed, 24 Apr 2024 13:34:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 161.97.102.40/css/themes/default/assets/fonts/icons.woff2 | 161.97.102.40 | 200 OK | 40 kB |
URL GET HTTP/1.1161.97.102.40/css/themes/default/assets/fonts/icons.woff2 IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeWeb Open Font Format (Version 2), TrueType, length 40148, version 1.0 Hash0ab54153eeeca0ce03978cc463b257f7 6ec6d36cb2464b4e821cfabb532f310bd342601c 434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /css/themes/default/assets/fonts/icons.woff2 HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/css/semantic.min.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:40 GMT
Content-Type: font/woff2
Content-Length: 40148
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 20 Aug 2019 19:57:12 GMT
ETag: W/"9cd4-16cb09ad1c0"
|
|
| 161.97.102.40/favicon.ico | 161.97.102.40 | 404 Not Found | 150 B |
URL GET HTTP/1.1161.97.102.40/favicon.ico IP161.97.102.40:80
Requested byhttp://161.97.102.40/login
File typeHTML document, ASCII text, with no line terminators Hash40dcd24c1edf14a0849c8254193aea92 45ba992f3f8ae064e209777705fcdf50a735b021 015dbc3ffe8058c12556f8609416fa99a10b8fa2df699162a894488c3047b846
Analyzer | Verdict | Alert | urlquery | malware | Malware - Botnet panel | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 161.97.102.40
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://161.97.102.40/login
Cookie: _ga_W6SP16VJD5=GS1.1.1713965680.1.0.1713965680.0.0.0; _ga=GA1.1.1980671272.1713965681
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 13:34:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Encoding: gzip
|
|