Report - 140.99.130.149/login

Report Overview

Submitted URL
140.99.130.149/login
IP
140.99.130.149
ASN
#54641 IMH-IAD
Submitted
2024-05-07 13:56:39
Access
public
Website Title
Login - Admin
Final URL
140.99.130.149/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
140.99.130.149	unknown	unknown	No data	No data	4.0 kB	338 kB	140.99.130.149
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	516 B	40 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	489 B	24 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed
2024-05-07	medium	140.99.130.149	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	140.99.130.149/js/login.js	1.9 kB	2023-03-13	2024-05-15
Pretty URL 140.99.130.149/js/login.js IP 140.99.130.149 ASN #54641 IMH-IAD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:40:28 Last Seen2024-05-15 16:43:09 Times Seen147 Hash 4bc4bcbb8c8b2c7955ea83c291212f0e c157688c558cd592a78207e72116745dbc1a0baa 01dcde558fd18fde31f6a9e504090b91950137b03c8a1bdbaa4dd3a7428e048a Loading...

	140.99.130.149/vendor/jquery/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL 140.99.130.149/vendor/jquery/jquery.min.js IP 140.99.130.149 ASN #54641 IMH-IAD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-19 15:00:19 Times Seen145552 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	140.99.130.149/vendor/bootstrap/js/bootstrap.bundle.min.js	84 kB	2023-03-07	2024-05-18
Pretty URL 140.99.130.149/vendor/bootstrap/js/bootstrap.bundle.min.js IP 140.99.130.149 ASN #54641 IMH-IAD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-05-18 22:01:51 Times Seen7511 Hash 7f389f5d2622ce2090eca7c36bcb90bc ab27031159724e2421f6ff5c70f48e657abe9d39 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01 Loading...

	140.99.130.149/vendor/jquery-easing/jquery.easing.min.js	2.5 kB	2023-03-07	2024-05-19
Pretty URL 140.99.130.149/vendor/jquery-easing/jquery.easing.min.js IP 140.99.130.149 ASN #54641 IMH-IAD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-19 09:16:53 Times Seen4528 Hash e2d41e5c8fed838d9014fea53d45ce75 bde98133f735398b27339c423a817e755329f7d1 1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349 Loading...

	140.99.130.149/js/sb-admin-2.min.js	1.3 kB	2023-03-13	2024-05-15
Pretty URL 140.99.130.149/js/sb-admin-2.min.js IP 140.99.130.149 ASN #54641 IMH-IAD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:40:28 Last Seen2024-05-15 16:43:09 Times Seen159 Hash 997a8aac4041bed49470629336fadd13 f934cd0a842a235a27ea306d38a90d35874ac1f1 afab18c8fb5882d41ca9fe8e235a7e8f1efd2f4d98e4c547196ea594a636e2c2 Loading...

HTTP Transactions (12)

URL IP Response Size

140.99.130.149/login

140.99.130.149

200 OK

1.1 kB

URL User Request GET HTTP/1.1
140.99.130.149/login
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.1 kB (1119 bytes)
Hash
487b1ec2a780bc77e65c06891ac96da1
5178f943cb0b33eb3cfd2034955520b466f9c5ef
8368b1f90d56bfb81299cf5990fe3f26ce2804827e353dd51a1d70d14de32e8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:14 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1119
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

140.99.130.149/vendor/fontawesome-free/css/all.min.css

140.99.130.149

200 OK

13 kB

URL GET HTTP/1.1
140.99.130.149/vendor/fontawesome-free/css/all.min.css
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
ASCII text, with very long lines (59158)
Size
13 kB (12868 bytes)
Hash
b227b1617a1763c8bc056772f05482b4
c508528feb9fd540454f838653cd4863b290df2e
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vendor/fontawesome-free/css/all.min.css HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 20 Jan 2021 19:56:26 GMT
ETag: "e7d0-5b95a59a90e80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12868
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

140.99.130.149/vendor/jquery-easing/jquery.easing.min.js

140.99.130.149

200 OK

817 B

URL GET HTTP/1.1
140.99.130.149/vendor/jquery-easing/jquery.easing.min.js
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
JavaScript source, ASCII text, with very long lines (2532), with no line terminators
Size
817 B (817 bytes)
Hash
e2d41e5c8fed838d9014fea53d45ce75
bde98133f735398b27339c423a817e755329f7d1
1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vendor/jquery-easing/jquery.easing.min.js HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 20 Jan 2021 19:56:28 GMT
ETag: "9e4-5b95a59c79300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 817
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

140.99.130.149/js/sb-admin-2.min.js

140.99.130.149

200 OK

592 B

URL GET HTTP/1.1
140.99.130.149/js/sb-admin-2.min.js
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
JavaScript source, ASCII text, with very long lines (1028)
Size
592 B (592 bytes)
Hash
997a8aac4041bed49470629336fadd13
f934cd0a842a235a27ea306d38a90d35874ac1f1
afab18c8fb5882d41ca9fe8e235a7e8f1efd2f4d98e4c547196ea594a636e2c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/sb-admin-2.min.js HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 20 Jan 2021 19:56:26 GMT
ETag: "4f1-5b95a59a90e80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

140.99.130.149/js/login.js

140.99.130.149

200 OK

551 B

URL GET HTTP/1.1
140.99.130.149/js/login.js
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
ASCII text, with CRLF line terminators
Size
551 B (551 bytes)
Hash
4bc4bcbb8c8b2c7955ea83c291212f0e
c157688c558cd592a78207e72116745dbc1a0baa
01dcde558fd18fde31f6a9e504090b91950137b03c8a1bdbaa4dd3a7428e048a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/login.js HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Thu, 21 Jan 2021 17:35:38 GMT
ETag: "771-5b96c7ff62e80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 551
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

140.99.130.149/vendor/bootstrap/js/bootstrap.bundle.min.js

140.99.130.149

200 OK

22 kB

URL GET HTTP/1.1
140.99.130.149/vendor/bootstrap/js/bootstrap.bundle.min.js
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
22 kB (21804 bytes)
Hash
7f389f5d2622ce2090eca7c36bcb90bc
ab27031159724e2421f6ff5c70f48e657abe9d39
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vendor/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 20 Jan 2021 19:56:26 GMT
ETag: "148b8-5b95a59a90e80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21804
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

140.99.130.149/vendor/jquery/jquery.min.js

140.99.130.149

200 OK

31 kB

URL GET HTTP/1.1
140.99.130.149/vendor/jquery/jquery.min.js
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30910 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vendor/jquery/jquery.min.js HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 20 Jan 2021 19:56:28 GMT
ETag: "15d84-5b95a59c79300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30910
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

140.99.130.149/css/sb-admin-2.min.css

140.99.130.149

200 OK

27 kB

URL GET HTTP/1.1
140.99.130.149/css/sb-admin-2.min.css
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
ASCII text, with very long lines (65091)
Size
27 kB (27291 bytes)
Hash
099be068405a02374a24354fe0478af5
a7fe361acd85ba3f7bf77940dfdaf25c7d642370
c4279b691a19ca396560aac7041c9ddc6ecdf031d0fcd912b62d17ca2c4600b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/sb-admin-2.min.css HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:15 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 27 Jan 2021 17:50:38 GMT
ETag: "29b51-5b9e568a75780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27291
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.131

200 OK

39 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://140.99.130.149/login
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://140.99.130.149
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:48:56 GMT
expires: Fri, 02 May 2025 01:48:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
age: 475641
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

140.99.130.149/vendor/fontawesome-free/webfonts/fa-solid-900.woff2

140.99.130.149

200 OK

80 kB

URL GET HTTP/1.1
140.99.130.149/vendor/fontawesome-free/webfonts/fa-solid-900.woff2
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
Web Open Font Format (Version 2), TrueType, length 80300, version 331.-31392
Size
80 kB (80300 bytes)
Hash
8e1ed89b6ccb8ce41faf5cb672677105
9b592048b9062b00f0b2dd782d70a95b7dc69b83
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vendor/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/vendor/fontawesome-free/css/all.min.css
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:17 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 20 Jan 2021 19:56:28 GMT
ETag: "139ac-5b95a59c79300"
Accept-Ranges: bytes
Content-Length: 80300
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

140.99.130.149/img/world.png

140.99.130.149

200 OK

159 kB

URL GET HTTP/1.1
140.99.130.149/img/world.png
IP
140.99.130.149:80
ASN
#54641 IMH-IAD

Requested by
http://140.99.130.149/login

File type
PNG image data, 2400 x 2400, 8-bit/color RGBA, non-interlaced
Size
159 kB (158609 bytes)
Hash
bc9ec1ce2b3b187e1c784bdf453c5f74
14e373989429a64e604d8a8f0109410b27a8278c
b8dd4e5e40971531462e67f59f5b5a38217da56859711bd99311a21b8e940324

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/world.png HTTP/1.1
Host: 140.99.130.149
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/login
Cookie: PHPSESSID=vitahm2ot5oguu40s0cggvvv21
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 13:56:17 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 07 Apr 2020 07:10:56 GMT
ETag: "26b91-5a2ae15b8e000"
Accept-Ranges: bytes
Content-Length: 158609
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i

142.250.74.106

200 OK

23 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://140.99.130.149/login
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
23 kB (23261 bytes)
Hash
95b389d10c20efa5a21b2b1cefa457fa
9a67e38232703ee2fbedcc629204f7843f6826a0
15e43a1366b7c320c12ace3497892fd0eff14b08d3db0d833874c7a65712fa18

HTTP Headers

GET /css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://140.99.130.149/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 13:56:15 GMT
date: Tue, 07 May 2024 13:56:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1