95.214.24.140/panel/login.php
95.214.24.140200 OK 4.7 kB URL HTTP/1.1 95.214.24.140/panel/login.php
IP 95.214.24.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f09a19d659b8d09c21c395f6aaf9d03c
21add86a4a28d0dc1ae33a3fc9ca1aa212bc386a
ca1ce7c25cf30c9418ec01da95518686bf188bb25ec998d36e9c1ad8ef2d5b64
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /panel/login.php HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:23 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
X-Powered-By: PHP/8.1.10
Set-Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4664
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9898
Expires: Sat, 26 Nov 2022 05:22:21 GMT
Date: Sat, 26 Nov 2022 02:37:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3029
Cache-Control: max-age=117860
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 02:37:23 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:21:43 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 02:17:29 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1195
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12125
Expires: Sat, 26 Nov 2022 05:59:29 GMT
Date: Sat, 26 Nov 2022 02:37:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0gfY4SQ5e3IkGkqO3haHNCtasPX86YRj5NHQyqPAupaYb5ZwzoVXJv6dM+hGheKb/P7q825MTl4=
x-amz-request-id: S1Z2M68ZM7KRHYRJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 01:41:01 GMT
age: 3383
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 02:37:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
95.214.24.140200 OK 59 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (59158)
Hash 74bab4578692993514e7f882cc15c218
b6293bcfd851f963edbe859498570c4c0c7eaae4
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/fontawesome-free/css/all.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "e7d0-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 59344
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.css
95.214.24.140200 OK 28 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.css
IP 95.214.24.140:0
Hash 144a36af355bc95cc269a4cf64e20770
b347fc6e8f57e95c61c168334620ea3355106774
bf3ab263ff09bec0414e42ef446c17d2f3e178661c863d5a07b2dbd746ba7836
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/jquery-confirm/jquery-confirm.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "6b88-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 27528
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/select2/css/select2.min.css
95.214.24.140200 OK 15 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/select2/css/select2.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (14965)
Hash 9f54e6414f87e0d14b9e966f19a174f9
ae5735562faabd1a2d9803bbd7bf4c502b5e4f51
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/select2/css/select2.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "3a76-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 14966
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
95.214.24.140200 OK 20 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (19782)
Hash 35f138a4df47405b346f885ffb7ecd4a
c4dea04ad659f49d14c1913fb89eb0ad6e8c34e0
049e2dc17a8284c5c1140795fd26abad33357be3ad012e71482a40c47e7d567b
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4e29-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 20009
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.css
95.214.24.140200 OK 24 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (24454), with no line terminators
Hash b1ab0f2f72a18c5131a1969b88549c8c
397e30c517bde3fd86c22962dec839a3d6a3e512
e6e66c379d6664d3e2c2cc6516d66f7917216c21dc1e43e82231bb376638ac85
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/sweetalert2/sweetalert2.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "5f86-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 24454
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/izitoast/css/iziToast.css
95.214.24.140200 OK 50 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/izitoast/css/iziToast.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (1938)
Hash f81337ac106aed3bf571881f088de109
cac1e6481962be968c90f79c32717bca5cac3ec7
a4e0cd56d2b7b8e84bf0550d596bc540ad10a10a15dd803dc061a783a99b6741
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/izitoast/css/iziToast.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "c1e2-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 49634
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
95.214.24.140200 OK 5.2 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
IP 95.214.24.140:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (5224)
Hash 6793296e50f11c03fe545979f320ef77
41cec9c68f51ad59cce97603aad993a6f1876c10
493a6fee3f77804e876157d95a1bf2597351ef6d1179dc85bbaec8b3d45b0589
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1470-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 5232
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
95.214.24.140200 OK 4.5 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (4462)
Hash 2f83eb031ec3fb725d8d8e3716d8f19c
428c5c9108a20aa97c1590b208f3240e56157cc8
53b70abc117de82792aa9ccd127c4ee911ff84e25be57c3cf39b6eb134d7eb02
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "116f-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 4463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
95.214.24.140200 OK 3.5 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (3498)
Hash a5d9eaa2aef5836154c5cab76a7df8f3
105407577d3f2c88cc21b7e6db0fedcc7832fbfa
806eda23f13babc6e43195840238aeb3e965565f863d3a6c7dc712d6cd94179c
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "dab-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 3499
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/css/custom.css
95.214.24.140200 OK 5.1 kB URL HTTP/1.1 95.214.24.140/panel/assets/css/custom.css
IP 95.214.24.140:0
File type assembler source, ASCII text
Hash 3d4a4650fcf50daaaef0a7dd4156136b
0849d47e21a447d9083a08abeaa31638a8ae9b99
0350001b740228482b6f74ad0533d8613d90f17dc705d0616404479d2cc7bec4
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/css/custom.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "13ed-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 5101
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js
95.214.24.140200 OK 52 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js
IP 95.214.24.140:0
Hash df1ed42a0caed3f4867c6656d60b2dbc
bcb86d530cee14f8c64579d8a563358981d14254
f5900e20c660838c78b743c2353df7df3988f28900446b33a97d7efdda33d810
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/jquery-confirm/jquery-confirm.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "c958-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 51544
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
95.214.24.140200 OK 2.1 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (510)
Hash f6efabd85fb5c418a848f5f0e0ba0f9f
fb6d36d07455c93fb3e3f6543b2f2e6e2cd7f89c
c7b7abf54cc3c6d4c454c090efb0446086b32f4398bd1d17b398116c2f5aec53
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "832-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2098
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
95.214.24.140200 OK 14 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (554)
Hash 9c08197a623203cd1bf273541b694308
fa895deac972f0ca3d77169039aca0ee1a04f34e
94d8439fdad60af6fb881f9aa512fe6e2e12b14ac728ba29bd8f251399ec7322
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "36b6-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 14006
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
95.214.24.140200 OK 1.2 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (808)
Hash a730f5bddecca0c8889a2e91415cc30a
a9aa68f014eb6986c467b859832327b46af6da26
69754ee3b45beece7c1613130b06ccdfd7a7ff55dc9b31a40a547305ee6dc4ab
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4dc-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1244
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
95.214.24.140200 OK 20 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (560)
Hash ce1c42a949303738ab70169d21456bd7
e737541ee14e75d59678382292e648d3431ec995
13baf10b24bc6d992af9b590b1c7d9be2ab0421bf6eb8623ba34457a3d0f9c81
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4f57-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 20311
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
95.214.24.140200 OK 1.0 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (531)
Hash 8e408dcb8dd84d21b97885b1675eca9a
f7e12468c6c350e87856c822de464e971bdbf8dc
c9580b9667720a8755d81eb5d10c7ea8f44580958ff77c86148e2924d781acff
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "413-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1043
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js
95.214.24.140200 OK 25 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (10031)
Hash f005b2c8334ed73115c800f84065dde7
5b8aca189d9e6ffb95eef23b4742e58343c79cbc
a272893a5e916e3e420effe9fb328cbeeef12232bf239755142f9ad8be371540
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.html5.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "6102-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 24834
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js
95.214.24.140200 OK 2.2 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js
IP 95.214.24.140:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (526)
Hash dc359e6634a9b1b70b33f4709291ac52
890bfbb06a5a65103b16a3fe22de6dc62a3cd46d
43c9c663cdacecedbae7c913386783e1363bc8fbdc9a4c613b4d1abf98a83f95
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.print.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "8a4-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2212
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js
95.214.24.140200 OK 2.8 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (558)
Hash 3305195e00cd4f7b288e4d1c38501146
c0522cdc03ddc90b931d65fee6721c3eb988e079
07be9aff38f58c96fc1e979aa5424b0fa8c5b79bbcab53ff1eefd18dfc97f8fe
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "b16-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2838
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js
95.214.24.140200 OK 18 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js
IP 95.214.24.140:0
File type Unicode text, UTF-8 text, with very long lines (18398)
Hash a05a127c793145cec6b721f14fced3e5
5d753b1c803de12f4d2217ab0d143d4dcf047010
ac860be79a4cfe434ea68f002638f79371d9a85a3b045a1aaf10dc98df551497
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/izitoast/js/iziToast.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4831-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 18481
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js
95.214.24.140200 OK 84 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (65299)
Hash f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1499a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 84378
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/css/adminlte.min.css
95.214.24.140200 OK 1.4 MB URL HTTP/1.1 95.214.24.140/panel/assets/css/adminlte.min.css
IP 95.214.24.140:0
File type ASCII text, with very long lines (65158)
Size 1.4 MB (1382975 bytes)
Hash 3761431942d1adad52b80e4e4d174449
97a30cba1aabe8de821bde5b2d2822c188fbb55a
150fa4d262057d65d54da5b56ab877a8ac7c2175f9066e5fe901bed299148da1
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /panel/assets/css/adminlte.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "151a3f-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1382975
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
95.214.24.140/panel/assets/js/adminlte.js
95.214.24.140200 OK 100 kB URL HTTP/1.1 95.214.24.140/panel/assets/js/adminlte.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (377)
Hash c920148b02d267b16a5f77762fb82e0d
72cfd2c4c999c6a43ec5fc552c2813bd4026d17a
24db05f7655f1274887227317c6d32bff52ee799aaf9d19b8e6c436d86c40a80
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/js/adminlte.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1866a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 99946
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
95.214.24.140200 OK 43 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (42375)
Hash e3577d030f0182d92ad8ed5b9c554b3a
c2ac0fb3b8ebc3b832eee3455967a59a140514cb
b41777f2e5a5be07e9b37cc73eb51bd9e3c183e67c12331fd1096814e373a6f5
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "a66a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 42602
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js
95.214.24.140200 OK 48 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js
IP 95.214.24.140:0
File type ASCII text, with very long lines (47965), with no line terminators
Hash c7cffc8b283719a988fa85b6b5f77a85
9a62bf49bbd6ca0dc23ef1c4c6bc55e83e00b5a8
cad04f1e55ed6543d1dbd9672e6ea9f9d658c0053e8345e9c8cb160f88b4947e
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/sweetalert2/sweetalert2.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "bb5d-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 47965
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/__UNAM_LIB/unam_lib.js
95.214.24.140200 OK 928 B URL HTTP/1.1 95.214.24.140/panel/__UNAM_LIB/unam_lib.js
IP 95.214.24.140:0
Hash 7fa82422409fedd9fbc1d63b3de7e75a
1be72e17ed2e99222f4afb820dd3fac010601fc0
c9636b6900533ccd3ba88d5337207a5f5aa31d1dc3222dce0e8d7c71af7400a7
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/__UNAM_LIB/unam_lib.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "3a0-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 928
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
95.214.24.140200 OK 78 kB URL HTTP/1.1 95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
IP 95.214.24.140:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert urlquery Malware - Botnet panel
fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "13174-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 78196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 02:08:53 GMT
cache-control: public,max-age=3600
age: 1711
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
95.214.24.140/favicon.ico
95.214.24.140404 Not Found 300 B URL HTTP/1.1 95.214.24.140/favicon.ico
IP 95.214.24.140:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cfdfbc99310e10ecc2ce64eba9a72385
77d3c50ab096523e27b82c2afddfedc049ea5a34
b65447ca206340be81f109531d3a75a97c18d1f6453e67fe502a0f639d98d93c
Analyzer Verdict Alert urlquery Malware - Botnet panel
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 404 Not Found
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Content-Length: 300
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5156
Cache-Control: max-age=114923
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 02:37:24 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:32:47 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wBXONkFxJcdFocQy3T+6nQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JrYAm12Xi/aeqrChQZGjLy56jIk=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16076
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 02:37:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16076
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 02:37:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16076
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 02:37:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 801dd70f0c591086062e2a9054f78efc
6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d
ba28f27ea906aaa6db1fbdca53ecbd4366b99d2696fb888e47b731e21c0f82da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6431
x-amzn-requestid: 0daa58b7-3fd8-463f-85f5-6f84fdb17661
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOBEpEIAMF87A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358c-3f8b9c18598ba2532518668d;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PuOd4PnHQfvwM2zDA15uprEEgoy7BfUUgjvkrf89DYmN43XfEfyJvg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:49:35 GMT
age: 17271
etag: "6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70fae9ac56bb7676177d4252757f0180
bd3027af47f20f4bb9ac36cd9e4493e28e6b041c
1378749f1b28b6c56b8e76418fc5dd59cf608a4e64c1e1067b4f19df10233afc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: e199b062-09f2-46b8-a8ee-6d7b782f7359
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC7GT2oAMF5XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-485ea8fd3e785be748834efd;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yJdSAEHw1AFVsBFBSX5G6rqED3Kpi_P69vtTrVVE1vFDtl3XMsyJ4g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:03:54 GMT
age: 16412
etag: "bd3027af47f20f4bb9ac36cd9e4493e28e6b041c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e0c5064718601e80b7bfc931120ff70
741e5e48c4fb170efee9b611be5638d999a09bd2
d0b1537f43277e7f59152e6272d4f3888ab4618fa7fe0e4b24e2f851dbf0f4cd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7025
x-amzn-requestid: 2c9cd3bc-80d4-4578-a0aa-4f1ff7f19d30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNYGwaIAMFU8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-0c66a293144f894f001ae0cf;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gxs4AeIklafRh02vSn6hA5r7MZagrQsqNR0zhpl5HHiQhQEswFc8RQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:35 GMT
age: 17331
etag: "741e5e48c4fb170efee9b611be5638d999a09bd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b25450-4da4-45fe-97c4-620a26a2ac8f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b25450-4da4-45fe-97c4-620a26a2ac8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f470fab0957e148a9c58dfeedc72463
2f88534696701cfdaf7e2aa78f6d4b8766a2b77f
c2c5617f8fbf3860578a9bcf821dea13e3225ccd02774f29f4bf022e4abd9ff9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b25450-4da4-45fe-97c4-620a26a2ac8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11186
x-amzn-requestid: 67dbfbd2-ba7f-4540-8d2c-5c2c4de21cae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUf7HGdIAMFhow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813465-36b0d8fc4bdb5faf328bd99d;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:21 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aWg_mLQcRYtCNYfaypt-rqwKNbzd4FOFd3mMT8sSQU_dmO7KP29Rsw==
via: 1.1 7b00c3fd9220034414107b03e53b1b8e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:01:51 GMT
age: 16535
etag: "2f88534696701cfdaf7e2aa78f6d4b8766a2b77f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash abd79421a3c44a8df11ad2cc50083309
8665e5f3026f2c2b9505eb139c478f4d359851c3
3a66b00498fa1322730705b1c4502614b5a520ac3f884f494d65e27a5bb62c3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4366
x-amzn-requestid: ce25f5ab-0c92-431e-ae4e-618829594a74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNZFjHoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-6a3a8dff70e717011e3a0606;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75AMMfa7oq0Y51YPEC_FEDOoNVc9cgfjg9bOSOXwikONPdhW7OG3uQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:10 GMT
age: 17356
etag: "8665e5f3026f2c2b9505eb139c478f4d359851c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 77578
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js
IP 95.214.24.140:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "204b-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 8267
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/jquery/jquery.min.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/modules/jquery/jquery.min.js
IP 95.214.24.140:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/jquery/jquery.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "15d9d-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 89501
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js
IP 95.214.24.140:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/datatables/jquery.dataTables.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "14692-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 83602
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/select2/js/select2.min.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/modules/select2/js/select2.min.js
IP 95.214.24.140:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/select2/js/select2.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "114c3-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 70851
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
95.214.24.140/panel/assets/modules/raphael/raphael.min.js
95.214.24.140200 OK 0 B URL HTTP/1.1 95.214.24.140/panel/assets/modules/raphael/raphael.min.js
IP 95.214.24.140:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /panel/assets/modules/raphael/raphael.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "16bef-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 93167
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript