Report - 202.191.140.165/bsebregjan24/resctet

Report Overview

Visitedpublic

2024-11-06 16:37:50

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-11-06	512 B	6.5 kB	35.244.181.201
202.191.140.165	unknown	unknown	2014-07-01	2024-03-20	4.6 kB	87 kB	202.191.140.165
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-11-06	875 B	178 kB	142.250.74.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed
2024-11-06	medium	202.191.140.165	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	unknown	EventHandler	0 B	0001-01-01	2025-08-06
URL IP / ASN 0.0.0.0 #0 Introduced by EventHandler Embedded false Resource Info First Seen 0001-01-01 Last Seen 2025-08-06 Times Seen 5689127 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php	ScriptElement	0 B	0001-01-01	2025-08-06
URL 202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-06 Times Seen 5689127 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php	ScriptElement	0 B	0001-01-01	2025-08-06
URL 202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-06 Times Seen 5689127 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-08-06
URL www.google-analytics.com/analytics.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-06 Times Seen 420920 Size 4.7 kB (4691 bytes) MD5 f24128d0c9cba7be2916c693427a3483 SHA1 1b6397d496ea896ebc2018b01b995cee4f166029 SHA256 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-QWCPC5FCTD&l=dataLayer&cx=c	ScriptElement	271 kB	2024-11-06	2024-11-06
URL www.googletagmanager.com/gtag/js?id=G-QWCPC5FCTD&l=dataLayer&cx=c IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-11-06 Last Seen 2024-11-06 Times Seen 1 Size 271 kB (271079 bytes) MD5 aaf7bed5bd48f3a6ec7fb4e3993f560f SHA1 1e9308112f31fbee82aca659804b596fbd780690 SHA256 aca1b026c635bd43425c662589f00e8687db9cb595039c982195f5c661ee84e9 Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php	ScriptElement	0 B	0001-01-01	2025-08-06
URL 202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-06 Times Seen 5689127 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/js/bootstrap.min.js	ScriptElement	37 kB	2023-11-18	2025-05-30
URL 202.191.140.165/bsebregjan24/resctet_mar24/js/bootstrap.min.js IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-11-18 Last Seen 2025-05-30 Times Seen 18 Size 37 kB (36817 bytes) MD5 b9e4790d5a1e45966694732219bf8968 SHA1 9cdcfd914a44b9769b035926dd3ca6fc65bb29b5 SHA256 85bdcec0e0c4bad209a8c3ff3a13aa362827fc6607f47ec00bcb27d62d5795da Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.validate.min.js	ScriptElement	22 kB	2023-04-07	2025-08-05
URL 202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.validate.min.js IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-07 Last Seen 2025-08-05 Times Seen 645 Size 22 kB (21600 bytes) MD5 de35625281fdf2867bc18828db9819eb SHA1 7540c6a43158ff23760b049c3edaad32535e630e SHA256 2bc760b36b21f2d114a0d6a778515ce9387362d20bd910e4f6f8ac5dbf20e023 Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.placeholder.min.js	ScriptElement	3.3 kB	2023-03-07	2025-08-02
URL 202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.placeholder.min.js IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 271 Size 3.3 kB (3289 bytes) MD5 ee60835ea8faa661d4e1ce6c1a97b141 SHA1 9a104e99d521e20ba205be6fae4668d4eb2f1594 SHA256 be8e211636765e2b05f2a97b3fa9065420c06ee5baf21e8fd96ba7c03f90239e Format Code Loading...

	www.googletagmanager.com/gtag/js?id=UA-113264311-1	ScriptElement	226 kB	2024-11-06	2024-11-06
URL www.googletagmanager.com/gtag/js?id=UA-113264311-1 IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-11-06 Last Seen 2024-11-06 Times Seen 1 Size 226 kB (226432 bytes) MD5 a92c95c7072cc0f377df0060d9317c55 SHA1 434ef5f09528a7cdde1a2b8164a511d55b05b589 SHA256 6bfda0c0fc007534bdcd1cdd30da5caba6b919369db1e3c765d23abccfa7e0a4 Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/sandbox%20eval%20code		147 B	2023-04-11	2025-08-06
URL 202.191.140.165/bsebregjan24/resctet_mar24/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-06 Times Seen 421652 Size 147 B (147 bytes) MD5 92b651082ce234f66bb544e678befda3 SHA1 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 SHA256 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Format Code Loading...

	202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-08-06
URL 202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.min.js IP / ASN 202.191.140.165 #9583 Sify Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 10664 Size 96 kB (95992 bytes) MD5 f03e5a3bf534f4a738bc350631fd05bd SHA1 37b1db88b57438f1072a8ebc7559c909c9d3a682 SHA256 aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947 Format Code Loading...

HTTP Transactions (14)

URL IP Response Size

GET 202.191.140.165/bsebregjan24/resctet_mar24/login.php

202.191.140.165

302 Found

1 B

URL User Request GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/login.php

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byN/A

Resource Info

File typevery short file (no magic)

First Seen2023-03-07

Last Seen2025-08-06

Times Seen15701

Size1 B (1 bytes)

MD57215ee9c7d9dc229d2921a40e899ec5f

SHA1b858cb282617fb0956d960215c8e84d1ccf909c6

SHA25636a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/login.php HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Wed, 06 Nov 2024 16:37:26 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 06 Nov 2024 16:37:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: downloadClose.php
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 1
Connection: close
Content-Type: text/html; charset=UTF-8

GET 202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

202.191.140.165

200 OK

1.1 kB

URL User Request GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2024-11-06

Last Seen2024-11-06

Times Seen1

Size1.1 kB (1077 bytes)

MD55356a44bc82e7065934d4f35aef9fa3c

SHA19756c332a879f75787d89c0052e28c9880019ff0

SHA256ebf56b47e4921e1019489198eafce68da27c58d31285d00588e408b82630530b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/downloadClose.php HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 06 Nov 2024 16:37:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 1077
Connection: close
Content-Type: text/html; charset=UTF-8

GET www.googletagmanager.com/gtag/js?id=UA-113264311-1

142.250.74.136

200 OK

81 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=UA-113264311-1

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (3835)

First Seen2024-11-06

Last Seen2024-11-06

Times Seen1

Size81 kB (80742 bytes)

MD5a92c95c7072cc0f377df0060d9317c55

SHA1434ef5f09528a7cdde1a2b8164a511d55b05b589

SHA2566bfda0c0fc007534bdcd1cdd30da5caba6b919369db1e3c765d23abccfa7e0a4

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint4E:4C:D9:C3:F2:89:66:5F:0F:4D:32:39:FA:F7:AC:3F:3E:19:DE:D8

ValidityMon, 07 Oct 2024 08:23:31 GMT - Mon, 30 Dec 2024 08:23:30 GMT

HTTP Headers

GET /gtag/js?id=UA-113264311-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 06 Nov 2024 16:37:27 GMT
expires: Wed, 06 Nov 2024 16:37:27 GMT
cache-control: private, max-age=900
last-modified: Wed, 06 Nov 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 80742
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 202.191.140.165/bsebregjan24/resctet_mar24/css/common.css

202.191.140.165

200 OK

1.7 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/css/common.css

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeASCII text

First Seen2024-08-19

Last Seen2024-11-06

Times Seen2

Size1.7 kB (1748 bytes)

MD53953ef88e63cb3233fab02a7dccff480

SHA180cc77c4f0296bdedc1f0af95d3d9ffd47d97092

SHA2562526d85d3368bdb03af1c2fc3302d22ff17a7c9fede9c6d60e76b645f4e3d62e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/css/common.css HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 1748
Connection: close
Content-Type: text/css

GET 202.191.140.165/bsebregjan24/resctet_mar24/js/bootstrap.min.js

202.191.140.165

200 OK

9.7 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/js/bootstrap.min.js

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32034)

First Seen2023-11-18

Last Seen2025-05-30

Times Seen18

Size9.7 kB (9745 bytes)

MD5b9e4790d5a1e45966694732219bf8968

SHA19cdcfd914a44b9769b035926dd3ca6fc65bb29b5

SHA25685bdcec0e0c4bad209a8c3ff3a13aa362827fc6607f47ec00bcb27d62d5795da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/js/bootstrap.min.js HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 9745
Connection: close
Content-Type: application/javascript

GET 202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.placeholder.min.js

202.191.140.165

200 OK

1.3 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.placeholder.min.js

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (3191)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen271

Size1.3 kB (1322 bytes)

MD5ee60835ea8faa661d4e1ce6c1a97b141

SHA19a104e99d521e20ba205be6fae4668d4eb2f1594

SHA256be8e211636765e2b05f2a97b3fa9065420c06ee5baf21e8fd96ba7c03f90239e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/js/jquery.placeholder.min.js HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 1322
Connection: close
Content-Type: application/javascript

GET 202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.validate.min.js

202.191.140.165

200 OK

6.5 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.validate.min.js

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1290)

First Seen2023-03-07

Last Seen2025-02-25

Times Seen376

Size6.5 kB (6503 bytes)

MD5c593e70ef041ab387fefad5fe38a724c

SHA13fd459c1468e1bb456d4ae04c6d0bd6e875e91e0

SHA256a931d758e10b5f646f42e4b1100ee31b7ce4cdf5a86d59133424b65c8802788b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/js/jquery.validate.min.js HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 6503
Connection: close
Content-Type: application/javascript

GET 202.191.140.165/bsebregjan24/resctet_mar24/css/bootstrap.min.css

202.191.140.165

200 OK

20 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/css/bootstrap.min.css

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeASCII text, with very long lines (65371)

First Seen2023-11-18

Last Seen2025-05-30

Times Seen18

Size20 kB (19877 bytes)

MD52d785941df98de443d031a02d820487b

SHA10d90474e3509e14f7b364e91e7157a80ebdf4c62

SHA256e426678e3245a3cbf1adc2833f4dedfa8b310dd08d48088d4bd0452f9c5f1735

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/css/bootstrap.min.css HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 19877
Connection: close
Content-Type: text/css

GET 202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.min.js

202.191.140.165

200 OK

33 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/js/jquery.min.js

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32038)

First Seen2023-03-07

Last Seen2025-08-06

Times Seen10664

Size33 kB (33303 bytes)

MD5f03e5a3bf534f4a738bc350631fd05bd

SHA137b1db88b57438f1072a8ebc7559c909c9d3a682

SHA256aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/js/jquery.min.js HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:27 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-FRAME-OPTIONS: SAMEORIGIN
Content-Length: 33303
Connection: close
Content-Type: application/javascript

GET www.googletagmanager.com/gtag/js?id=G-QWCPC5FCTD&l=dataLayer&cx=c

142.250.74.136

200 OK

96 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=G-QWCPC5FCTD&l=dataLayer&cx=c

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (3835)

First Seen2024-11-06

Last Seen2024-11-06

Times Seen1

Size96 kB (95509 bytes)

MD5aaf7bed5bd48f3a6ec7fb4e3993f560f

SHA11e9308112f31fbee82aca659804b596fbd780690

SHA256aca1b026c635bd43425c662589f00e8687db9cb595039c982195f5c661ee84e9

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint4E:4C:D9:C3:F2:89:66:5F:0F:4D:32:39:FA:F7:AC:3F:3E:19:DE:D8

ValidityMon, 07 Oct 2024 08:23:31 GMT - Mon, 30 Dec 2024 08:23:30 GMT

HTTP Headers

GET /gtag/js?id=G-QWCPC5FCTD&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 06 Nov 2024 16:37:28 GMT
expires: Wed, 06 Nov 2024 16:37:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 95509
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET 202.191.140.165/bsebregjan24/logo.jpg

202.191.140.165

200 OK

8.8 kB

URL GET HTTP

202.191.140.165/bsebregjan24/logo.jpg

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 264x148, components 3

First Seen2024-03-02

Last Seen2025-05-30

Times Seen12

Size8.8 kB (8817 bytes)

MD526815f790f92f84129659fa1a60e7b65

SHA193b3de944caa5d16521a86b512dbac3e52a44772

SHA2568f0885cdc95fd9a03140121e6c75213a7754397ae66564c35c20557a561a5fce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/logo.jpg HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:28 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 13 Feb 2024 07:30:26 GMT
Accept-Ranges: bytes
Content-Length: 8817
X-FRAME-OPTIONS: SAMEORIGIN
Connection: close
Content-Type: image/jpeg

GET 202.191.140.165/bsebregjan24/resctet_mar24/images/nav_bg.jpg

202.191.140.165

200 OK

1.2 kB

URL GET HTTP

202.191.140.165/bsebregjan24/resctet_mar24/images/nav_bg.jpg

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x40, components 3

First Seen2023-11-18

Last Seen2025-05-30

Times Seen13

Size1.2 kB (1157 bytes)

MD543fa590cfb52881c11179ef6ce416807

SHA1ad6c5a2acb572a32f797f5c498121e1db103b5cf

SHA2563c542eeec19e5fc852f3abb3097497f68ef70c60b4c8418524121c0c0dc75f3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bsebregjan24/resctet_mar24/images/nav_bg.jpg HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/css/common.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 16:37:28 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2024 11:14:20 GMT
Accept-Ranges: bytes
Content-Length: 1157
X-FRAME-OPTIONS: SAMEORIGIN
Connection: close
Content-Type: image/jpeg

GET 202.191.140.165/favicon.ico

202.191.140.165

404 Not Found

209 B

URL GET HTTP

202.191.140.165/favicon.ico

IP / ASN

202.191.140.165

#9583 Sify Limited

Requested byhttp://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php

Resource Info

File typeHTML document, ASCII text

First Seen2023-04-05

Last Seen2025-08-05

Times Seen24272

Size209 B (209 bytes)

MD518ffb59b61525f781cf9251045be575d

SHA1bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d

SHA256b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 202.191.140.165
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.191.140.165/bsebregjan24/resctet_mar24/downloadClose.php
Cookie: _ga_QWCPC5FCTD=GS1.1.1730911048.1.0.1730911048.0.0.0; _ga=GA1.1.375586472.1730911048
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 06 Nov 2024 16:37:28 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

5.8 kB

URL HTTP

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

IP / ASN

35.244.181.201

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typegzip compressed data, max speed, from Unix

First Seen2024-10-23

Last Seen2024-11-13

Times Seen1146

Size5.8 kB (5763 bytes)

MD5ab265ca2bf56ea75fb0e024382578e09

SHA1b319071b0b47e21e0a25e46a7d6abb9f2b946dca

SHA2560df968b83f96faf57fd668afab96048adcdf0bbe45aebf5107f350babcbbe291

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 06 Nov 2024 16:37:43 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-12-12-13-36-01.chain; p384ecdsa=7lXxTJpPNyj3mEqVgH5RfE_eaLoGl5YuHJ9nMUEF8NR42r4d-RI9leZ-yaQbeAPwq1cxiQiNm5J_8uXLUZT5h_5ABegUmiK9rQilwkcwydeHkr1yIPImtggS_BGJZcDQ
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2