Report - 95.214.24.140/panel/login.php

Report Overview

Submitted URL
95.214.24.140/panel/login.php
IP
95.214.24.140
ASN
#0
Submitted
2022-11-26 02:37:35
Access
Website Title
Final URL
Tags
None
urlquery detections
Malware - Botnet panel
Malware - Botnet panel

Detections

urlquery
30
Network Intrusion Detection
0
Threat Detection Systems
112

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.242.3.166
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
95.214.24.140	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	2.1 MB	95.214.24.140
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	95.214.24.140/panel/login.php	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/js/adminlte.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/__UNAM_LIB/unam_lib.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/jquery/jquery.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/select2/js/select2.min.js	Malware
2022-11-26	medium	95.214.24.140/panel/assets/modules/raphael/raphael.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed
2022-11-26	medium	95.214.24.140	Sinkholed

JavaScript (20)

	URL	Size	First Seen	Last Seen
	95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js	84 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen109 Hash 2ecadb4a04d1e60e9a8b3e6c70bc2896 aee29a94a6aa066fad6d5bfae51a4b71eb37c949 8ad9b517ea8585c8df1a7aeffafd7c000f856bbb00f2b4084fb27461e9cd1fae Loading...

	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js	25 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen224 Hash f005b2c8334ed73115c800f84065dde7 5b8aca189d9e6ffb95eef23b4742e58343c79cbc a272893a5e916e3e420effe9fb328cbeeef12232bf239755142f9ad8be371540 Loading...

	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js	1.0 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen233 Hash 8e408dcb8dd84d21b97885b1675eca9a f7e12468c6c350e87856c822de464e971bdbf8dc c9580b9667720a8755d81eb5d10c7ea8f44580958ff77c86148e2924d781acff Loading...

	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js	2.8 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen237 Hash 3305195e00cd4f7b288e4d1c38501146 c0522cdc03ddc90b931d65fee6721c3eb988e079 07be9aff38f58c96fc1e979aa5424b0fa8c5b79bbcab53ff1eefd18dfc97f8fe Loading...

	95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js	14 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen221 Hash 9c08197a623203cd1bf273541b694308 fa895deac972f0ca3d77169039aca0ee1a04f34e 94d8439fdad60af6fb881f9aa512fe6e2e12b14ac728ba29bd8f251399ec7322 Loading...

	95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js	18 kB	2023-03-07	2024-04-23
Pretty URL 95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-23 13:24:16 Times Seen594 Hash a05a127c793145cec6b721f14fced3e5 5d753b1c803de12f4d2217ab0d143d4dcf047010 ac860be79a4cfe434ea68f002638f79371d9a85a3b045a1aaf10dc98df551497 Loading...

	95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js	8.3 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:48 Last Seen2024-04-18 01:04:41 Times Seen409 Hash 409ac3648bba069c079fedc1ca107913 3a333a49aaab27466584fdb54902d15f821cba27 55296ec9c96490404114d67a4bc2363a4abf47a5b42271e4a9dba436b78460e6 Loading...

	95.214.24.140/panel/assets/modules/raphael/raphael.min.js	93 kB	2023-03-07	2024-04-23
Pretty URL 95.214.24.140/panel/assets/modules/raphael/raphael.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-23 04:18:14 Times Seen500 Hash d215c2fcffdaa7759bf99e6da9f7c402 eee7f2ccba4c7fbbcd87057694221985db44fa45 4da6e9aca75e3576d27ac0962ccadc6d6483cd486901d70d3dee50e77ae7f588 Loading...

	95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js	52 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:48 Last Seen2024-04-18 01:04:41 Times Seen326 Hash df1ed42a0caed3f4867c6656d60b2dbc bcb86d530cee14f8c64579d8a563358981d14254 f5900e20c660838c78b743c2353df7df3988f28900446b33a97d7efdda33d810 Loading...

	95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js	2.1 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen228 Hash f6efabd85fb5c418a848f5f0e0ba0f9f fb6d36d07455c93fb3e3f6543b2f2e6e2cd7f89c c7b7abf54cc3c6d4c454c090efb0446086b32f4398bd1d17b398116c2f5aec53 Loading...

	95.214.24.140/panel/login.php	284 B	2023-03-07	2024-03-24
Pretty URL 95.214.24.140/panel/login.php IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-03-24 01:38:54 Times Seen14 Hash 6b1694729f50fc920b01689101634239 90086548da2b6afbf762f9a35cf934623116d926 fb9b4c61107c817cc6a0846f476388baaeba8b7ccf96b9695a69fef5f821acab Loading...

	95.214.24.140/panel/assets/modules/jquery/jquery.min.js	90 kB	2023-03-07	2024-04-24
Pretty URL 95.214.24.140/panel/assets/modules/jquery/jquery.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-24 06:39:06 Times Seen260896 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	95.214.24.140/panel/assets/modules/select2/js/select2.min.js	71 kB	2023-03-07	2024-04-23
Pretty URL 95.214.24.140/panel/assets/modules/select2/js/select2.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-23 23:55:02 Times Seen4276 Hash 0f64f3a3a0c620a6756d36abaff1b4a6 4738d7f9885db2cb9370766974c8f6b22e9ec29d 00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b Loading...

	95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js	84 kB	2023-03-07	2024-04-24
Pretty URL 95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-24 00:05:00 Times Seen5278 Hash f81d0a1705048649befc8b595e455a94 aec551e4d573463088fca7d14fb644eb389f1839 b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 07:16:26 Times Seen37033888 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js	43 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen271 Hash e3577d030f0182d92ad8ed5b9c554b3a c2ac0fb3b8ebc3b832eee3455967a59a140514cb b41777f2e5a5be07e9b37cc73eb51bd9e3c183e67c12331fd1096814e373a6f5 Loading...

	95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js	1.2 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen277 Hash a730f5bddecca0c8889a2e91415cc30a a9aa68f014eb6986c467b859832327b46af6da26 69754ee3b45beece7c1613130b06ccdfd7a7ff55dc9b31a40a547305ee6dc4ab Loading...

	95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js	2.2 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen249 Hash dc359e6634a9b1b70b33f4709291ac52 890bfbb06a5a65103b16a3fe22de6dc62a3cd46d 43c9c663cdacecedbae7c913386783e1363bc8fbdc9a4c613b4d1abf98a83f95 Loading...

	95.214.24.140/panel/__UNAM_LIB/unam_lib.js	928 B	2023-03-07	2024-04-23
Pretty URL 95.214.24.140/panel/__UNAM_LIB/unam_lib.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:48 Last Seen2024-04-23 13:24:16 Times Seen222 Hash 7fa82422409fedd9fbc1d63b3de7e75a 1be72e17ed2e99222f4afb820dd3fac010601fc0 c9636b6900533ccd3ba88d5337207a5f5aa31d1dc3222dce0e8d7c71af7400a7 Loading...

	95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js	20 kB	2023-03-07	2024-04-18
Pretty URL 95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js IP 95.214.24.140 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:25 Last Seen2024-04-18 01:04:41 Times Seen103 Hash ce1c42a949303738ab70169d21456bd7 e737541ee14e75d59678382292e648d3431ec995 13baf10b24bc6d992af9b590b1c7d9be2ab0421bf6eb8623ba34457a3d0f9c81 Loading...

HTTP Transactions (52)

URL IP Response Size

95.214.24.140/panel/login.php

95.214.24.140

200 OK

4.7 kB

URL HTTP/1.1
95.214.24.140/panel/login.php
IP
95.214.24.140:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
4.7 kB (4664 bytes)
Hash
f09a19d659b8d09c21c395f6aaf9d03c
21add86a4a28d0dc1ae33a3fc9ca1aa212bc386a
ca1ce7c25cf30c9418ec01da95518686bf188bb25ec998d36e9c1ad8ef2d5b64

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/login.php HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:23 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
X-Powered-By: PHP/8.1.10
Set-Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4664
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9898
Expires: Sat, 26 Nov 2022 05:22:21 GMT
Date: Sat, 26 Nov 2022 02:37:23 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3029
Cache-Control: max-age=117860
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 02:37:23 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:21:43 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 02:17:29 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1195
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12125
Expires: Sat, 26 Nov 2022 05:59:29 GMT
Date: Sat, 26 Nov 2022 02:37:24 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 0gfY4SQ5e3IkGkqO3haHNCtasPX86YRj5NHQyqPAupaYb5ZwzoVXJv6dM+hGheKb/P7q825MTl4=
x-amz-request-id: S1Z2M68ZM7KRHYRJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 01:41:01 GMT
age: 3383
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 02:37:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css

95.214.24.140

200 OK

59 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (59158)
Size
59 kB (59344 bytes)
Hash
74bab4578692993514e7f882cc15c218
b6293bcfd851f963edbe859498570c4c0c7eaae4
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/fontawesome-free/css/all.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "e7d0-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 59344
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.css

95.214.24.140

200 OK

28 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text
Size
28 kB (27528 bytes)
Hash
144a36af355bc95cc269a4cf64e20770
b347fc6e8f57e95c61c168334620ea3355106774
bf3ab263ff09bec0414e42ef446c17d2f3e178661c863d5a07b2dbd746ba7836

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/jquery-confirm/jquery-confirm.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "6b88-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 27528
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/select2/css/select2.min.css

95.214.24.140

200 OK

15 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/select2/css/select2.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (14965)
Size
15 kB (14966 bytes)
Hash
9f54e6414f87e0d14b9e966f19a174f9
ae5735562faabd1a2d9803bbd7bf4c502b5e4f51
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/select2/css/select2.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "3a76-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 14966
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css

95.214.24.140

200 OK

20 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (19782)
Size
20 kB (20009 bytes)
Hash
35f138a4df47405b346f885ffb7ecd4a
c4dea04ad659f49d14c1913fb89eb0ad6e8c34e0
049e2dc17a8284c5c1140795fd26abad33357be3ad012e71482a40c47e7d567b

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4e29-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 20009
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.css

95.214.24.140

200 OK

24 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (24454), with no line terminators
Size
24 kB (24454 bytes)
Hash
b1ab0f2f72a18c5131a1969b88549c8c
397e30c517bde3fd86c22962dec839a3d6a3e512
e6e66c379d6664d3e2c2cc6516d66f7917216c21dc1e43e82231bb376638ac85

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/sweetalert2/sweetalert2.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "5f86-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 24454
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/izitoast/css/iziToast.css

95.214.24.140

200 OK

50 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/izitoast/css/iziToast.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (1938)
Size
50 kB (49634 bytes)
Hash
f81337ac106aed3bf571881f088de109
cac1e6481962be968c90f79c32717bca5cac3ec7
a4e0cd56d2b7b8e84bf0550d596bc540ad10a10a15dd803dc061a783a99b6741

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/izitoast/css/iziToast.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "c1e2-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 49634
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css

95.214.24.140

200 OK

5.2 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (5224)
Size
5.2 kB (5232 bytes)
Hash
6793296e50f11c03fe545979f320ef77
41cec9c68f51ad59cce97603aad993a6f1876c10
493a6fee3f77804e876157d95a1bf2597351ef6d1179dc85bbaec8b3d45b0589

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1470-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 5232
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css

95.214.24.140

200 OK

4.5 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (4462)
Size
4.5 kB (4463 bytes)
Hash
2f83eb031ec3fb725d8d8e3716d8f19c
428c5c9108a20aa97c1590b208f3240e56157cc8
53b70abc117de82792aa9ccd127c4ee911ff84e25be57c3cf39b6eb134d7eb02

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "116f-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 4463
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css

95.214.24.140

200 OK

3.5 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (3498)
Size
3.5 kB (3499 bytes)
Hash
a5d9eaa2aef5836154c5cab76a7df8f3
105407577d3f2c88cc21b7e6db0fedcc7832fbfa
806eda23f13babc6e43195840238aeb3e965565f863d3a6c7dc712d6cd94179c

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "dab-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 3499
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/css/custom.css

95.214.24.140

200 OK

5.1 kB

URL HTTP/1.1
95.214.24.140/panel/assets/css/custom.css
IP
95.214.24.140:0
ASN
#0

File type
assembler source, ASCII text
Size
5.1 kB (5101 bytes)
Hash
3d4a4650fcf50daaaef0a7dd4156136b
0849d47e21a447d9083a08abeaa31638a8ae9b99
0350001b740228482b6f74ad0533d8613d90f17dc705d0616404479d2cc7bec4

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/css/custom.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "13ed-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 5101
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js

95.214.24.140

200 OK

52 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/jquery-confirm/jquery-confirm.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text
Size
52 kB (51544 bytes)
Hash
df1ed42a0caed3f4867c6656d60b2dbc
bcb86d530cee14f8c64579d8a563358981d14254
f5900e20c660838c78b743c2353df7df3988f28900446b33a97d7efdda33d810

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/jquery-confirm/jquery-confirm.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "c958-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 51544
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js

95.214.24.140

200 OK

2.1 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 text, with very long lines (510)
Size
2.1 kB (2098 bytes)
Hash
f6efabd85fb5c418a848f5f0e0ba0f9f
fb6d36d07455c93fb3e3f6543b2f2e6e2cd7f89c
c7b7abf54cc3c6d4c454c090efb0446086b32f4398bd1d17b398116c2f5aec53

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "832-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2098
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js

95.214.24.140

200 OK

14 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (554)
Size
14 kB (14006 bytes)
Hash
9c08197a623203cd1bf273541b694308
fa895deac972f0ca3d77169039aca0ee1a04f34e
94d8439fdad60af6fb881f9aa512fe6e2e12b14ac728ba29bd8f251399ec7322

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-responsive/js/dataTables.responsive.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "36b6-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 14006
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js

95.214.24.140

200 OK

1.2 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 text, with very long lines (808)
Size
1.2 kB (1244 bytes)
Hash
a730f5bddecca0c8889a2e91415cc30a
a9aa68f014eb6986c467b859832327b46af6da26
69754ee3b45beece7c1613130b06ccdfd7a7ff55dc9b31a40a547305ee6dc4ab

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4dc-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1244
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js

95.214.24.140

200 OK

20 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 text, with very long lines (560)
Size
20 kB (20311 bytes)
Hash
ce1c42a949303738ab70169d21456bd7
e737541ee14e75d59678382292e648d3431ec995
13baf10b24bc6d992af9b590b1c7d9be2ab0421bf6eb8623ba34457a3d0f9c81

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-buttons/js/dataTables.buttons.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4f57-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 20311
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js

95.214.24.140

200 OK

1.0 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 text, with very long lines (531)
Size
1.0 kB (1043 bytes)
Hash
8e408dcb8dd84d21b97885b1675eca9a
f7e12468c6c350e87856c822de464e971bdbf8dc
c9580b9667720a8755d81eb5d10c7ea8f44580958ff77c86148e2924d781acff

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "413-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1043
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js

95.214.24.140

200 OK

25 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.html5.min.js
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 text, with very long lines (10031)
Size
25 kB (24834 bytes)
Hash
f005b2c8334ed73115c800f84065dde7
5b8aca189d9e6ffb95eef23b4742e58343c79cbc
a272893a5e916e3e420effe9fb328cbeeef12232bf239755142f9ad8be371540

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-buttons/js/buttons.html5.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "6102-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 24834
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js

95.214.24.140

200 OK

2.2 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.print.min.js
IP
95.214.24.140:0
ASN
#0

File type
HTML document text\012- HTML document, ASCII text, with very long lines (526)
Size
2.2 kB (2212 bytes)
Hash
dc359e6634a9b1b70b33f4709291ac52
890bfbb06a5a65103b16a3fe22de6dc62a3cd46d
43c9c663cdacecedbae7c913386783e1363bc8fbdc9a4c613b4d1abf98a83f95

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-buttons/js/buttons.print.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "8a4-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2212
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js

95.214.24.140

200 OK

2.8 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (558)
Size
2.8 kB (2838 bytes)
Hash
3305195e00cd4f7b288e4d1c38501146
c0522cdc03ddc90b931d65fee6721c3eb988e079
07be9aff38f58c96fc1e979aa5424b0fa8c5b79bbcab53ff1eefd18dfc97f8fe

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables-buttons/js/buttons.colVis.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "b16-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 2838
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js

95.214.24.140

200 OK

18 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/izitoast/js/iziToast.min.js
IP
95.214.24.140:0
ASN
#0

File type
Unicode text, UTF-8 text, with very long lines (18398)
Size
18 kB (18481 bytes)
Hash
a05a127c793145cec6b721f14fced3e5
5d753b1c803de12f4d2217ab0d143d4dcf047010
ac860be79a4cfe434ea68f002638f79371d9a85a3b045a1aaf10dc98df551497

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/izitoast/js/iziToast.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "4831-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 18481
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js

95.214.24.140

200 OK

84 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (65299)
Size
84 kB (84378 bytes)
Hash
f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1499a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 84378
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/css/adminlte.min.css

95.214.24.140

200 OK

1.4 MB

URL HTTP/1.1
95.214.24.140/panel/assets/css/adminlte.min.css
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (65158)
Size
1.4 MB (1382975 bytes)
Hash
3761431942d1adad52b80e4e4d174449
97a30cba1aabe8de821bde5b2d2822c188fbb55a
150fa4d262057d65d54da5b56ab877a8ac7c2175f9066e5fe901bed299148da1

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /panel/assets/css/adminlte.min.css HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "151a3f-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 1382975
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

95.214.24.140/panel/assets/js/adminlte.js

95.214.24.140

200 OK

100 kB

URL HTTP/1.1
95.214.24.140/panel/assets/js/adminlte.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (377)
Size
100 kB (99946 bytes)
Hash
c920148b02d267b16a5f77762fb82e0d
72cfd2c4c999c6a43ec5fc552c2813bd4026d17a
24db05f7655f1274887227317c6d32bff52ee799aaf9d19b8e6c436d86c40a80

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/js/adminlte.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "1866a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 99946
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js

95.214.24.140

200 OK

43 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (42375)
Size
43 kB (42602 bytes)
Hash
e3577d030f0182d92ad8ed5b9c554b3a
c2ac0fb3b8ebc3b832eee3455967a59a140514cb
b41777f2e5a5be07e9b37cc73eb51bd9e3c183e67c12331fd1096814e373a6f5

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "a66a-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 42602
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js

95.214.24.140

200 OK

48 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/sweetalert2/sweetalert2.min.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text, with very long lines (47965), with no line terminators
Size
48 kB (47965 bytes)
Hash
c7cffc8b283719a988fa85b6b5f77a85
9a62bf49bbd6ca0dc23ef1c4c6bc55e83e00b5a8
cad04f1e55ed6543d1dbd9672e6ea9f9d658c0053e8345e9c8cb160f88b4947e

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/sweetalert2/sweetalert2.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "bb5d-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 47965
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/__UNAM_LIB/unam_lib.js

95.214.24.140

200 OK

928 B

URL HTTP/1.1
95.214.24.140/panel/__UNAM_LIB/unam_lib.js
IP
95.214.24.140:0
ASN
#0

File type
ASCII text
Size
928 B (928 bytes)
Hash
7fa82422409fedd9fbc1d63b3de7e75a
1be72e17ed2e99222f4afb820dd3fac010601fc0
c9636b6900533ccd3ba88d5337207a5f5aa31d1dc3222dce0e8d7c71af7400a7

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/__UNAM_LIB/unam_lib.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "3a0-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 928
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2

95.214.24.140

200 OK

78 kB

URL HTTP/1.1
95.214.24.140/panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
IP
95.214.24.140:0
ASN
#0

File type
Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Size
78 kB (78196 bytes)
Hash
e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://95.214.24.140/panel/assets/modules/fontawesome-free/css/all.min.css
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "13174-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 78196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 02:08:53 GMT
cache-control: public,max-age=3600
age: 1711
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

95.214.24.140/favicon.ico

95.214.24.140

404 Not Found

300 B

URL HTTP/1.1
95.214.24.140/favicon.ico
IP
95.214.24.140:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
300 B (300 bytes)
Hash
cfdfbc99310e10ecc2ce64eba9a72385
77d3c50ab096523e27b82c2afddfedc049ea5a34
b65447ca206340be81f109531d3a75a97c18d1f6453e67fe502a0f639d98d93c

Detections

Analyzer	Verdict	Alert
urlquery		Malware - Botnet panel
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 404 Not Found
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Content-Length: 300
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5156
Cache-Control: max-age=114923
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 02:37:24 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:32:47 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.242.3.166

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.3.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wBXONkFxJcdFocQy3T+6nQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JrYAm12Xi/aeqrChQZGjLy56jIk=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16076
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 02:37:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16076
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 02:37:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16076
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 02:37:26 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6431 bytes)
Hash
801dd70f0c591086062e2a9054f78efc
6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d
ba28f27ea906aaa6db1fbdca53ecbd4366b99d2696fb888e47b731e21c0f82da

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88ca6be9-2485-4243-a3fe-1e61449736dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6431
x-amzn-requestid: 0daa58b7-3fd8-463f-85f5-6f84fdb17661
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOBEpEIAMF87A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358c-3f8b9c18598ba2532518668d;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PuOd4PnHQfvwM2zDA15uprEEgoy7BfUUgjvkrf89DYmN43XfEfyJvg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:49:35 GMT
age: 17271
etag: "6a2f4d4bfec41d16fa84b0a9b0b13f7dcff2be3d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8078 bytes)
Hash
70fae9ac56bb7676177d4252757f0180
bd3027af47f20f4bb9ac36cd9e4493e28e6b041c
1378749f1b28b6c56b8e76418fc5dd59cf608a4e64c1e1067b4f19df10233afc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: e199b062-09f2-46b8-a8ee-6d7b782f7359
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC7GT2oAMF5XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-485ea8fd3e785be748834efd;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yJdSAEHw1AFVsBFBSX5G6rqED3Kpi_P69vtTrVVE1vFDtl3XMsyJ4g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:03:54 GMT
age: 16412
etag: "bd3027af47f20f4bb9ac36cd9e4493e28e6b041c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7025 bytes)
Hash
7e0c5064718601e80b7bfc931120ff70
741e5e48c4fb170efee9b611be5638d999a09bd2
d0b1537f43277e7f59152e6272d4f3888ab4618fa7fe0e4b24e2f851dbf0f4cd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30fddcf4-c88b-41c3-90f7-a4530639de73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7025
x-amzn-requestid: 2c9cd3bc-80d4-4578-a0aa-4f1ff7f19d30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNYGwaIAMFU8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-0c66a293144f894f001ae0cf;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gxs4AeIklafRh02vSn6hA5r7MZagrQsqNR0zhpl5HHiQhQEswFc8RQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:35 GMT
age: 17331
etag: "741e5e48c4fb170efee9b611be5638d999a09bd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b25450-4da4-45fe-97c4-620a26a2ac8f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11186 bytes)
Hash
2f470fab0957e148a9c58dfeedc72463
2f88534696701cfdaf7e2aa78f6d4b8766a2b77f
c2c5617f8fbf3860578a9bcf821dea13e3225ccd02774f29f4bf022e4abd9ff9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b25450-4da4-45fe-97c4-620a26a2ac8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11186
x-amzn-requestid: 67dbfbd2-ba7f-4540-8d2c-5c2c4de21cae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUf7HGdIAMFhow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813465-36b0d8fc4bdb5faf328bd99d;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:21 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aWg_mLQcRYtCNYfaypt-rqwKNbzd4FOFd3mMT8sSQU_dmO7KP29Rsw==
via: 1.1 7b00c3fd9220034414107b03e53b1b8e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:01:51 GMT
age: 16535
etag: "2f88534696701cfdaf7e2aa78f6d4b8766a2b77f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4366 bytes)
Hash
abd79421a3c44a8df11ad2cc50083309
8665e5f3026f2c2b9505eb139c478f4d359851c3
3a66b00498fa1322730705b1c4502614b5a520ac3f884f494d65e27a5bb62c3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4366
x-amzn-requestid: ce25f5ab-0c92-431e-ae4e-618829594a74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNZFjHoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-6a3a8dff70e717011e3a0606;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75AMMfa7oq0Y51YPEC_FEDOoNVc9cgfjg9bOSOXwikONPdhW7OG3uQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:10 GMT
age: 17356
etag: "8665e5f3026f2c2b9505eb139c478f4d359851c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 77578
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js

95.214.24.140

200 OK

0 B

URL HTTP/1.1
95.214.24.140/panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js
IP
95.214.24.140:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/jquery-mousewheel/jquery.mousewheel.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "204b-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 8267
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/jquery/jquery.min.js

95.214.24.140

200 OK

0 B

URL HTTP/1.1
95.214.24.140/panel/assets/modules/jquery/jquery.min.js
IP
95.214.24.140:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/jquery/jquery.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "15d9d-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 89501
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js

95.214.24.140

200 OK

0 B

URL HTTP/1.1
95.214.24.140/panel/assets/modules/datatables/jquery.dataTables.min.js
IP
95.214.24.140:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/datatables/jquery.dataTables.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "14692-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 83602
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/select2/js/select2.min.js

95.214.24.140

200 OK

0 B

URL HTTP/1.1
95.214.24.140/panel/assets/modules/select2/js/select2.min.js
IP
95.214.24.140:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/select2/js/select2.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "114c3-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 70851
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

95.214.24.140/panel/assets/modules/raphael/raphael.min.js

95.214.24.140

200 OK

0 B

URL HTTP/1.1
95.214.24.140/panel/assets/modules/raphael/raphael.min.js
IP
95.214.24.140:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /panel/assets/modules/raphael/raphael.min.js HTTP/1.1
Host: 95.214.24.140
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://95.214.24.140/panel/login.php
Cookie: PHPSESSID=muptigobhjn9rlfpgda0jaf7u6

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 02:37:24 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
Last-Modified: Wed, 01 Jun 2022 15:15:50 GMT
ETag: "16bef-5e0645d497580"
Accept-Ranges: bytes
Content-Length: 93167
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations