r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eb76c0b3adf4098ad8a9d1e38250758f
99610ddb2b4ec6d04250ac244f966951695d4f00
01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19215
Expires: Mon, 21 Nov 2022 01:56:01 GMT
Date: Sun, 20 Nov 2022 20:35:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cee7787feebac18f9eca273e56e3741
3a7dac544172921e24c2a1701beef5079b21d01b
79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18866
Expires: Mon, 21 Nov 2022 01:50:12 GMT
Date: Sun, 20 Nov 2022 20:35:46 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2061bb5a62c7dbe5a39e49a98bf7d214
812ff4923fc0fa69fa7db7c362d5af728e297099
6f0c1ecd37ba47802a386c487e3c2eb1794a06e8b9f56e016326686e3d80ef92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5667
Cache-Control: max-age=142205
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:35:46 GMT
Etag: "637a01fc-1d7"
Expires: Tue, 22 Nov 2022 12:05:51 GMT
Last-Modified: Sun, 20 Nov 2022 10:31:24 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vgM8xcR4VVBQ8m3GXBPPcLsYpjVaUL6TwjcNfoCCn1uuWZyw1bGjmE7hxBsThwaZnOwB5QHI5Pk=
x-amz-request-id: 1DT7J1BKP8NG2ZX8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 19:38:51 GMT
age: 3415
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 19:45:02 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3044
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 20:35:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
95.214.24.140/panel/login.php
95.214.24.140200 OK 4.7 kB URL HTTP/1.1 95.214.24.140/panel/login.php
IP 95.214.24.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5eab9224cbe9a11f8b61495dd83d0b27
36878fb06dad676a478878e6d04a7a65b9fc5af0
320b83dbf91c4a31c5457fc37a91889ff33fcacd69cbe2dc9440cfe57b828cc9
Analyzer Verdict Alert quad9 Sinkholed
GET /panel/login.php HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
X-Powered-By: PHP/8.1.10
Set-Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4664
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.css
95.214.24.140200 OK 28 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.css
IP 95.214.24.140:0
Hash 144a36af355bc95cc269a4cf64e20770
b347fc6e8f57e95c61c168334620ea3355106774
bf3ab263ff09bec0414e42ef446c17d2f3e178661c863d5a07b2dbd746ba7836
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/jquery-confirm/jquery-confirm.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "6b88-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 27528
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/select2/css/select2.min.css
95.214.24.140200 OK 15 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/select2/css/select2.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (14965)
Hash 9f54e6414f87e0d14b9e966f19a174f9
ae5735562faabd1a2d9803bbd7bf4c502b5e4f51
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/select2/css/select2.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "3a76-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 14966
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
95.214.24.140200 OK 20 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (19782)
Hash 35f138a4df47405b346f885ffb7ecd4a
c4dea04ad659f49d14c1913fb89eb0ad6e8c34e0
049e2dc17a8284c5c1140795fd26abad33357be3ad012e71482a40c47e7d567b
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4e29-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 20009
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.css
95.214.24.140200 OK 24 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (24454), with no line terminators
Hash b1ab0f2f72a18c5131a1969b88549c8c
397e30c517bde3fd86c22962dec839a3d6a3e512
e6e66c379d6664d3e2c2cc6516d66f7917216c21dc1e43e82231bb376638ac85
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/sweetalert2/sweetalert2.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "5f86-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 24454
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/izitoast/css/iziToast.css
95.214.24.140200 OK 50 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/izitoast/css/iziToast.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (1938)
Hash f81337ac106aed3bf571881f088de109
cac1e6481962be968c90f79c32717bca5cac3ec7
a4e0cd56d2b7b8e84bf0550d596bc540ad10a10a15dd803dc061a783a99b6741
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/izitoast/css/iziToast.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "c1e2-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 49634
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
95.214.24.140200 OK 5.2 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
IP 95.214.24.140:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (5224)
Hash 6793296e50f11c03fe545979f320ef77
41cec9c68f51ad59cce97603aad993a6f1876c10
493a6fee3f77804e876157d95a1bf2597351ef6d1179dc85bbaec8b3d45b0589
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1470-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 5232
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
95.214.24.140200 OK 4.5 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (4462)
Hash 2f83eb031ec3fb725d8d8e3716d8f19c
428c5c9108a20aa97c1590b208f3240e56157cc8
53b70abc117de82792aa9ccd127c4ee911ff84e25be57c3cf39b6eb134d7eb02
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "116f-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 4463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
95.214.24.140200 OK 3.5 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (3498)
Hash a5d9eaa2aef5836154c5cab76a7df8f3
105407577d3f2c88cc21b7e6db0fedcc7832fbfa
806eda23f13babc6e43195840238aeb3e965565f863d3a6c7dc712d6cd94179c
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "dab-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 3499
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/css/custom.css
95.214.24.140200 OK 5.1 kB URL HTTP/1.1 95.214.24.140/panel/assets/css/custom.css
IP 95.214.24.140:0
File type assembler source, ASCII text
Hash 3d4a4650fcf50daaaef0a7dd4156136b
0849d47e21a447d9083a08abeaa31638a8ae9b99
0350001b740228482b6f74ad0533d8613d90f17dc705d0616404479d2cc7bec4
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/css/custom.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "13ed-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 5101
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js
95.214.24.140200 OK 52 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js
IP 95.214.24.140:0
Hash df1ed42a0caed3f4867c6656d60b2dbc
bcb86d530cee14f8c64579d8a563358981d14254
f5900e20c660838c78b743c2353df7df3988f28900446b33a97d7efdda33d810
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/jquery-confirm/jquery-confirm.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "c958-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 51544
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/jquery/jquery.min.js
95.214.24.140200 OK 90 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery/jquery.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/jquery/jquery.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "15d9d-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 89501
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
95.214.24.140200 OK 2.1 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (510)
Hash f6efabd85fb5c418a848f5f0e0ba0f9f
fb6d36d07455c93fb3e3f6543b2f2e6e2cd7f89c
c7b7abf54cc3c6d4c454c090efb0446086b32f4398bd1d17b398116c2f5aec53
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "832-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2098
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js
95.214.24.140200 OK 84 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (539)
Hash 2ecadb4a04d1e60e9a8b3e6c70bc2896
aee29a94a6aa066fad6d5bfae51a4b71eb37c949
8ad9b517ea8585c8df1a7aeffafd7c000f856bbb00f2b4084fb27461e9cd1fae
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables/jquery.dataTables.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "14692-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 83602
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
95.214.24.140200 OK 14 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (554)
Hash 9c08197a623203cd1bf273541b694308
fa895deac972f0ca3d77169039aca0ee1a04f34e
94d8439fdad60af6fb881f9aa512fe6e2e12b14ac728ba29bd8f251399ec7322
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "36b6-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 14006
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
95.214.24.140200 OK 1.2 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (808)
Hash a730f5bddecca0c8889a2e91415cc30a
a9aa68f014eb6986c467b859832327b46af6da26
69754ee3b45beece7c1613130b06ccdfd7a7ff55dc9b31a40a547305ee6dc4ab
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4dc-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1244
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 19:44:50 GMT
cache-control: public,max-age=3600
age: 3056
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
95.214.24.140200 OK 20 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (560)
Hash ce1c42a949303738ab70169d21456bd7
e737541ee14e75d59678382292e648d3431ec995
13baf10b24bc6d992af9b590b1c7d9be2ab0421bf6eb8623ba34457a3d0f9c81
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4f57-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 20311
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js
95.214.24.140200 OK 25 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (10031)
Hash f005b2c8334ed73115c800f84065dde7
5b8aca189d9e6ffb95eef23b4742e58343c79cbc
a272893a5e916e3e420effe9fb328cbeeef12232bf239755142f9ad8be371540
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.html5.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "6102-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 24834
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
95.214.24.140200 OK 1.0 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (531)
Hash 8e408dcb8dd84d21b97885b1675eca9a
f7e12468c6c350e87856c822de464e971bdbf8dc
c9580b9667720a8755d81eb5d10c7ea8f44580958ff77c86148e2924d781acff
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "413-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1043
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js
95.214.24.140200 OK 2.2 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js
IP 95.214.24.140:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (526)
Hash dc359e6634a9b1b70b33f4709291ac52
890bfbb06a5a65103b16a3fe22de6dc62a3cd46d
43c9c663cdacecedbae7c913386783e1363bc8fbdc9a4c613b4d1abf98a83f95
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.print.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "8a4-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2212
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/css/adminlte.min.css
95.214.24.140200 OK 1.4 MB URL HTTP/1.1 95.214.24.140/panel/assets/css/adminlte.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (65158)
Size 1.4 MB (1382975 bytes)
Hash 3761431942d1adad52b80e4e4d174449
97a30cba1aabe8de821bde5b2d2822c188fbb55a
150fa4d262057d65d54da5b56ab877a8ac7c2175f9066e5fe901bed299148da1
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/css/adminlte.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "151a3f-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1382975
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 27138f8625c320bd1434ccd92263b641
6a8f18728c9f324c1c631ffc85901d84ec4d0e0c
02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2498
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 20:35:46 GMT
Last-Modified: Sun, 20 Nov 2022 19:54:08 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js
95.214.24.140200 OK 18 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (18398)
Hash a05a127c793145cec6b721f14fced3e5
5d753b1c803de12f4d2217ab0d143d4dcf047010
ac860be79a4cfe434ea68f002638f79371d9a85a3b045a1aaf10dc98df551497
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/izitoast/js/iziToast.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4831-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 18481
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js
95.214.24.140200 OK 2.8 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (558)
Hash 3305195e00cd4f7b288e4d1c38501146
c0522cdc03ddc90b931d65fee6721c3eb988e079
07be9aff38f58c96fc1e979aa5424b0fa8c5b79bbcab53ff1eefd18dfc97f8fe
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "b16-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2838
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js
95.214.24.140200 OK 48 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (47965), with no line terminators
Hash c7cffc8b283719a988fa85b6b5f77a85
9a62bf49bbd6ca0dc23ef1c4c6bc55e83e00b5a8
cad04f1e55ed6543d1dbd9672e6ea9f9d658c0053e8345e9c8cb160f88b4947e
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/sweetalert2/sweetalert2.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "bb5d-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 47965
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js
95.214.24.140200 OK 84 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (65299)
Hash f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1499a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 84378
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js
95.214.24.140200 OK 8.3 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js
IP 95.214.24.140:0
Hash 409ac3648bba069c079fedc1ca107913
3a333a49aaab27466584fdb54902d15f821cba27
55296ec9c96490404114d67a4bc2363a4abf47a5b42271e4a9dba436b78460e6
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "204b-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 8267
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
95.214.24.140200 OK 43 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (42375)
Hash e3577d030f0182d92ad8ed5b9c554b3a
c2ac0fb3b8ebc3b832eee3455967a59a140514cb
b41777f2e5a5be07e9b37cc73eb51bd9e3c183e67c12331fd1096814e373a6f5
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "a66a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 42602
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/raphael/raphael.min.js
95.214.24.140200 OK 93 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/raphael/raphael.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Hash d215c2fcffdaa7759bf99e6da9f7c402
eee7f2ccba4c7fbbcd87057694221985db44fa45
4da6e9aca75e3576d27ac0962ccadc6d6483cd486901d70d3dee50e77ae7f588
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/raphael/raphael.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "16bef-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 93167
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/__UNAM_LIB/unam_lib.js
95.214.24.140200 OK 928 B URL HTTP/1.1 95.214.24.140/panel/__UNAM_LIB/unam_lib.js
IP 95.214.24.140:0
Hash 7fa82422409fedd9fbc1d63b3de7e75a
1be72e17ed2e99222f4afb820dd3fac010601fc0
c9636b6900533ccd3ba88d5337207a5f5aa31d1dc3222dce0e8d7c71af7400a7
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/__UNAM_LIB/unam_lib.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "3a0-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 928
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
35.160.51.228101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.51.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yj4puGNvcd8C6CgMC1ThOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2bA7T6d2roqcPXpq2mM7N4tzTS0=
95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
95.214.24.140200 OK 59 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (59158)
Hash 74bab4578692993514e7f882cc15c218
b6293bcfd851f963edbe859498570c4c0c7eaae4
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/fontawesome-free/css/all.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:47 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "e7d0-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 59344
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
95.214.24.140200 OK 78 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
IP 95.214.24.140:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:47 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "13174-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 78196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff2
95.214.24.140/favicon.ico
95.214.24.140404 Not Found 300 B URL HTTP/1.1 95.214.24.140/favicon.ico
IP 95.214.24.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cfdfbc99310e10ecc2ce64eba9a72385
77d3c50ab096523e27b82c2afddfedc049ea5a34
b65447ca206340be81f109531d3a75a97c18d1f6453e67fe502a0f639d98d93c
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 404 Not Found
Date: Sun, 20 Nov 2022 20:35:47 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Content-Length: 300
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2794
Expires: Sun, 20 Nov 2022 21:22:22 GMT
Date: Sun, 20 Nov 2022 20:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2794
Expires: Sun, 20 Nov 2022 21:22:22 GMT
Date: Sun, 20 Nov 2022 20:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2794
Expires: Sun, 20 Nov 2022 21:22:22 GMT
Date: Sun, 20 Nov 2022 20:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2794
Expires: Sun, 20 Nov 2022 21:22:22 GMT
Date: Sun, 20 Nov 2022 20:35:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032a7640-4af2-49ea-b184-de5b0ed996a4.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032a7640-4af2-49ea-b184-de5b0ed996a4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 79ccaf63b8e37223509518f540b26f54
fd48bd3737d35bc53a0ec4593c8769ea9fe1cc71
950ae082472515d39c9e3440cee399376e99840651ff04c4d2581951e44163de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032a7640-4af2-49ea-b184-de5b0ed996a4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9653
x-amzn-requestid: 06932e2b-59fa-4e05-aad3-65d7e2045e13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3i5fHJEoAMF8Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794b6f-0062640e7868cf664bcf26d2;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:32:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6eFgEWflu3zqDd4J838DeZiPxNafliBVrce95D_29-oviwINWR2bkw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:41:44 GMT
etag: "fd48bd3737d35bc53a0ec4593c8769ea9fe1cc71"
content-type: image/jpeg
age: 82444
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a4c45ae-b32f-41fd-b114-30dd881b4ef3.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a4c45ae-b32f-41fd-b114-30dd881b4ef3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1e751db3c22be366e4bef8b30644677
a2147825fc70ee46cdff2c5857646078c7cc3dad
713e83ce024a939bbc34268a18ea20e6e18fedeeeb6c5e5788df9b473c1c1c27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a4c45ae-b32f-41fd-b114-30dd881b4ef3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7659
x-amzn-requestid: 78936c00-59d6-45ae-97fe-b038a9748078
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3i0BFtdoAMFZwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794b4c-45f909677dc2cece6f0e27aa;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:31:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -B6mMWjuXxI3rVMu78ut9_BICmn-XzHWHfmj5Xi6H0OoXSAMCPNm0Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:41:44 GMT
etag: "a2147825fc70ee46cdff2c5857646078c7cc3dad"
content-type: image/jpeg
age: 82444
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e33cec1fb25538471758ee73cffc0c88
351f0afdd289e84c829401b80645c8803b47bc39
d826e4a0f0f53e95864b1e40d6bf13d2e82ad5806f988b7d54bb97e21b45da8e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b47e52f-9db3-4562-a907-fad72a31cf1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6744
x-amzn-requestid: 489adc2f-8725-4361-ae81-542f845b43f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3i5BFzmIAMFXEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794b6c-4200af255e86aad05e3e95f8;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:32:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: IEkibE17YLbyAKc32r0cdG9f46d-qA9Tr_JN_iA1XAnWikKEgHvywQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:35:16 GMT
etag: "351f0afdd289e84c829401b80645c8803b47bc39"
content-type: image/jpeg
age: 79232
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6847812-c6dd-4bf9-a8fc-9fdd19604f07.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6847812-c6dd-4bf9-a8fc-9fdd19604f07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa9aba4cb1cc96d2b04905f45c902c45
dd7c1a17f049319bc8f11a5ee6905fa240d1ffc5
2f18c3906096fcead96dc14f0b5976e6573c4825e8c4948f171a67c5920ca684
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6847812-c6dd-4bf9-a8fc-9fdd19604f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11597
x-amzn-requestid: 28c7761b-1ffd-4abf-ae2b-51a2d1b07538
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1jHdGbwoAMFqrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63787efc-2f2258bb2fcd48340e08110f;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: PONP22tGAWF-ZUrQ-FpTAV6_hoaILBamhC-eSqkPL50-OdxlFJannA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 08:02:14 GMT
age: 45214
etag: "dd7c1a17f049319bc8f11a5ee6905fa240d1ffc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dcdeb5df10dd86dbc155dbefc4fd72b
b0a20213cdedc7fa472dbdad4e1152152009433e
ba98ae058e591f010056de61cdc58e09b5a2742be08421e0ba57ac2a0de36422
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11915
x-amzn-requestid: 93e2bad9-148f-4b10-9c07-8ab77bcaafcf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jW6F0BoAMFU3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c2c-19e415980648396973718d73;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3vxezxpU1re737vRthcDcV3hDb1NAhhZrslBYjIHE7hdtD40FslmzA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:35:16 GMT
age: 79232
etag: "b0a20213cdedc7fa472dbdad4e1152152009433e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iGM_HV13dzz5eOswbOJfjj14jlFW4jy2YsW7eJumS_TM5TxxG8VMwQ==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 03:36:47 GMT
age: 61141
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
95.214.24.140/panel/assets/modules/select2/js/select2.min.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/modules/select2/js/select2.min.js
IP 95.214.24.140:0
Analyzer Verdict Alert quad9 Sinkholed
GET /panel/assets/modules/select2/js/select2.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "114c3-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 70851
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/js/adminlte.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/js/adminlte.js
IP 95.214.24.140:0
Analyzer Verdict Alert quad9 Sinkholed
GET /panel/assets/js/adminlte.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=cl12cdae030tvj3npr4s8ms97i
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 20:35:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1866a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 99946
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript