clientbased.xyz/login.php
107.182.129.184200 OK 5.0 kB URL HTTP/1.1 clientbased.xyz/login.php
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash a410deb8de036fd3ab45fd99b4823b1f
ed21e5f7daa9e2bec6bec72531d00afc440006f3
4bf095255f4ace25b822b64f4ddace8491005f4265c98c26053b77e2d6d32a77
Analyzer Verdict Alert quad9 Sinkholed
GET /login.php HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
X-Powered-By: PHP/8.0.26
Set-Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 5000
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7141
Expires: Tue, 28 Mar 2023 06:47:43 GMT
Date: Tue, 28 Mar 2023 04:48:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 911d74784325663a0d95b463b0e9ae9b
21e999229be584d8e42696bce71236ad5bcb9a25
f48cbe4d605e660a45267400e0add4f7bc7cd523c450376ecd8e3a7f094abf56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F48CBE4D605E660A45267400E0ADD4F7BC7CD523C450376ECD8E3A7F094ABF56"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8812
Expires: Tue, 28 Mar 2023 07:15:34 GMT
Date: Tue, 28 Mar 2023 04:48:42 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 04:28:00 GMT
content-type: application/json
age: 1242
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3405
Expires: Tue, 28 Mar 2023 05:45:27 GMT
Date: Tue, 28 Mar 2023 04:48:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rY4PBLt+FfNgoIkRgTsPmpDupql0Y+y/1LsHsfycCDi45D/xBSmFMkiF6itoSOsJe/LPr1pdb2Y=
x-amz-request-id: 5V63V52B2TRY1DVD
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 04:01:54 GMT
age: 2808
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 04:48:42 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
clientbased.xyz/assets/modules/fontawesome-free/css/all.min.css
107.182.129.184200 OK 59 kB URL HTTP/1.1 clientbased.xyz/assets/modules/fontawesome-free/css/all.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (59158), with CRLF line terminators
Hash 5a6c200378fa114299418364d6382279
cb7d6e8bf44bcaeac573c32061137a843849a8b6
fd493524c8be6d84cf95959f93103680b3faa2a47c92482d43ff1836d8c08055
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/fontawesome-free/css/all.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:08 GMT
ETag: "e7d4-5f1e0992d57f8"
Accept-Ranges: bytes
Content-Length: 59348
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/select2/css/select2.min.css
107.182.129.184200 OK 15 kB URL HTTP/1.1 clientbased.xyz/assets/modules/select2/css/select2.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (14965), with CRLF line terminators
Hash ba5948c0bda0f5f26bd3068ce565deaa
6d28595693ce13f1a79db7d5c73bd82b13cf63b5
c2a282dd6dac10a3fbf469b4e67f489608777854e6d157bf11233dfbaa16851e
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/select2/css/select2.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "3a77-5f1e09953696b"
Accept-Ranges: bytes
Content-Length: 14967
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/sweetalert2/sweetalert2.min.css
107.182.129.184200 OK 24 kB URL HTTP/1.1 clientbased.xyz/assets/modules/sweetalert2/sweetalert2.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (24454), with no line terminators
Hash b1ab0f2f72a18c5131a1969b88549c8c
397e30c517bde3fd86c22962dec839a3d6a3e512
e6e66c379d6664d3e2c2cc6516d66f7917216c21dc1e43e82231bb376638ac85
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/sweetalert2/sweetalert2.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:13 GMT
ETag: "5f86-5f1e099757085"
Accept-Ranges: bytes
Content-Length: 24454
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/jquery-confirm/jquery-confirm.css
107.182.129.184200 OK 29 kB URL HTTP/1.1 clientbased.xyz/assets/modules/jquery-confirm/jquery-confirm.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with CRLF line terminators
Hash ba26b64928d3d532b835d0a27c95f096
8f5bd50faa9d555d51ef41b02f697f67d5189cd5
acdb01fc196fd91f7bde36265f951e67d818de69f5b3597e9a32cbf00cac44e2
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/jquery-confirm/jquery-confirm.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "6ffc-5f1e09949bdc4"
Accept-Ranges: bytes
Content-Length: 28668
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
107.182.129.184200 OK 20 kB URL HTTP/1.1 clientbased.xyz/assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (19782), with CRLF line terminators
Hash 84d2d24e7ca3b710cd48145b0099da70
3e5d820e098908c470931b3650fb1fbf0ec7e594
e14d12f06750dde7d05d13560b19f7a522c9746fc123d62e6958d21999b9398a
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/overlayScrollbars/css/OverlayScrollbars.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "4e35-5f1e0994c78e3"
Accept-Ranges: bytes
Content-Length: 20021
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/izitoast/css/iziToast.css
107.182.129.184200 OK 51 kB URL HTTP/1.1 clientbased.xyz/assets/modules/izitoast/css/iziToast.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (1938), with CRLF line terminators
Hash 227439ed4d28c0fb480e3b48e22319f6
1c4d5ed11b948cd67eabebf01f817cfd57035519
d279240764a09ccdf499cbaf0a794b9d01bc71a129a7f6e5a01969ae1c3b08e1
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/izitoast/css/iziToast.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:09 GMT
ETag: "c8a7-5f1e0994107e5"
Accept-Ranges: bytes
Content-Length: 51367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
107.182.129.184200 OK 5.2 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (5224), with CRLF line terminators
Hash 1220faeb5a59f560dfcb0d3e004c0006
d860c77692747665319484ba97c03331f867efab
804ba5f70849aad42094f37ef76db9514a0dc00f2c6715545ad3eddb7d9babc6
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-bs4/css/dataTables.bootstrap4.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "1471-5f1e097c3f69e"
Accept-Ranges: bytes
Content-Length: 5233
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
107.182.129.184200 OK 4.5 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (4462), with CRLF line terminators
Hash c5e7f7247315eccba9da4f4936c3cfb1
36af1ee17707e0f77c898780ca6dd48c515154bb
036dd0e4c5a1fe70d269bb30fedf073dfc1494fd21bd3365333f927f6aca19d0
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-responsive/css/responsive.bootstrap4.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:46 GMT
ETag: "1170-5f1e097d8cd3b"
Accept-Ranges: bytes
Content-Length: 4464
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
107.182.129.184200 OK 3.5 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (3498), with CRLF line terminators
Hash f610784fb9d887d5d530f67b0d20bee9
679ed34f3d48c58cae1aa46bf38f84de6f31858c
c8075605bbc72d920eed01aeb47cb9d6460916b33d53aafd9399344b775fdf95
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-buttons/css/buttons.bootstrap4.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "dac-5f1e097c5c08b"
Accept-Ranges: bytes
Content-Length: 3500
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/css/bootstrap.custom.css
107.182.129.184404 Not Found 308 B URL HTTP/1.1 clientbased.xyz/assets/css/bootstrap.custom.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d0a808544ef7d8cd29bc9ed6d6c4395c
300474fcde0f17401f1d63692041cf7d61e966ef
80527346aa8a25cb647878549e9f54cd177769ab48aee0a8b883629f0587d280
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/bootstrap.custom.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Content-Length: 308
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
clientbased.xyz/assets/css/custom.css
107.182.129.184200 OK 5.7 kB URL HTTP/1.1 clientbased.xyz/assets/css/custom.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type assembler source, ASCII text, with CRLF line terminators
Hash 99d9051b8e8d154fd4ea00717e8d6c11
7c0e35feceeac09eafe524c9daa4e9fdf65599ed
168209d68f960bc68cdfb0a9c699014f09f5760f2991f046b29edcc320b62406
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/custom.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:41 GMT
ETag: "1623-5f1e0978ddf1f"
Accept-Ranges: bytes
Content-Length: 5667
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
107.182.129.184200 OK 2.1 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (510), with CRLF line terminators
Hash 2a89ca63a92c50483bb174ae4d6546e1
e101caca4d7b948d0ba956b8e59ce4534796cacb
76c326f778b97c32b35890a115e3bd59f4a4c90b864d13ef7dab55d9bffc3cb1
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-bs4/js/dataTables.bootstrap4.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "83a-5f1e097c4e62c"
Accept-Ranges: bytes
Content-Length: 2106
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/jquery/jquery.min.js
107.182.129.184200 OK 90 kB URL HTTP/1.1 clientbased.xyz/assets/modules/jquery/jquery.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (65446), with CRLF line terminators
Hash 0732e3eabbf8aa7ce7f69eedbd07dfdd
4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/jquery/jquery.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "15d9f-5f1e09945ec0a"
Accept-Ranges: bytes
Content-Length: 89503
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/jquery-confirm/jquery-confirm.js
107.182.129.184200 OK 53 kB URL HTTP/1.1 clientbased.xyz/assets/modules/jquery-confirm/jquery-confirm.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with CRLF line terminators
Hash 919d4cea2deffd6984ab935e6a576855
69297362f23a1d7e07ab5a540cc88a8bfae28fb6
00b87d5d4a0f88363089016d7ef2e87f785c8c77bc90165b673ae571adf8f2b5
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/jquery-confirm/jquery-confirm.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "cebb-5f1e0994a64da"
Accept-Ranges: bytes
Content-Length: 52923
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
107.182.129.184200 OK 14 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-responsive/js/dataTables.responsive.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (554), with CRLF line terminators
Hash 915beed79de8c04f5139989f7306a839
6aea0b2fe1103884016060f071f87c3d0e13d6bb
0ea502296f5a244abb8837d1fae77fd2eb829178efc737e37ed05f2f41ffcbcd
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-responsive/js/dataTables.responsive.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:46 GMT
ETag: "36d6-5f1e097da059d"
Accept-Ranges: bytes
Content-Length: 14038
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
107.182.129.184200 OK 1.3 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (808), with CRLF line terminators
Hash 1b5009cf9f8c7a714c2d572435ca2039
eca3775b077a6568158041e4ceb057766e0d29e9
0b580d6fde9be41dd86a9ff39c6e4b603710d2b38237811d3b9c32131cde90ff
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-responsive/js/responsive.bootstrap4.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:46 GMT
ETag: "4e2-5f1e097db14dc"
Accept-Ranges: bytes
Content-Length: 1250
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
107.182.129.184200 OK 20 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-buttons/js/dataTables.buttons.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (560), with CRLF line terminators
Hash 0944f2137f2df871c18dab612494be14
061a08b77badc566e78c4e1ce436996da02c1d2a
af4152af534a2718f484f42c4ceca2170e149f9de659597438cfdc4340207d6b
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-buttons/js/dataTables.buttons.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:45 GMT
ETag: "4f83-5f1e097cab11f"
Accept-Ranges: bytes
Content-Length: 20355
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
107.182.129.184200 OK 1.0 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (531), with CRLF line terminators
Hash 7706bdd870bb12cd48fad63c41a53138
223a57b45c0a4043e034a7eb6acb197bca767d29
56b0b3abae428ccf772cbcf2f5935c9413c052efcbb75d58ad8686b02ff98d84
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-buttons/js/buttons.bootstrap4.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "419-5f1e097c66637"
Accept-Ranges: bytes
Content-Length: 1049
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/select2/js/select2.min.js
107.182.129.184200 OK 71 kB URL HTTP/1.1 clientbased.xyz/assets/modules/select2/js/select2.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (64130), with CRLF line terminators
Hash 37dd3c4be796c3e4d2914e336fc84624
efd00b3c59b9093335cfcc043fa0576587676636
d7a7379926f63b11f218a615443f004d03fc499bc1baf50d4142b1b2a76c3772
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/select2/js/select2.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:11 GMT
ETag: "114c4-5f1e0995656ce"
Accept-Ranges: bytes
Content-Length: 70852
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-buttons/js/buttons.print.min.js
107.182.129.184200 OK 2.2 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-buttons/js/buttons.print.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (526), with CRLF line terminators
Hash d992f746793e3edece767923bda07a32
4f7931769238c8aea21fdada7475bab7ccff59fa
bc0114f0d2e08e6d597daa42f78283ef7daa7a9646fb1093fff6aa601204e3cc
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-buttons/js/buttons.print.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:45 GMT
ETag: "8a9-5f1e097ca00e0"
Accept-Ranges: bytes
Content-Length: 2217
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-buttons/js/buttons.html5.min.js
107.182.129.184200 OK 25 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-buttons/js/buttons.html5.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (10031), with CRLF line terminators
Hash 836769076baedd0c99c3c7042ac60ea9
82d310ff8470d827e1e454429dd3385fbe22baa5
d20e7c388442ed1332e321aaf27af05421eddd71e6464d767456f0e6d8d124a3
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-buttons/js/buttons.html5.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:45 GMT
ETag: "611f-5f1e097c918d9"
Accept-Ranges: bytes
Content-Length: 24863
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables-buttons/js/buttons.colVis.min.js
107.182.129.184200 OK 2.8 kB URL HTTP/1.1 clientbased.xyz/assets/modules/datatables-buttons/js/buttons.colVis.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (558), with CRLF line terminators
Hash a4f260a1363ab33b3ac6ccf8f07bc8a8
d503adc53fe34923b7a20d49b8815c0c6ee98785
b5f8f5b7b97296ce0d00d0d11af5ddc73f496fa1d746753f928d7041881c7b50
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/datatables-buttons/js/buttons.colVis.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "b1c-5f1e097c762e6"
Accept-Ranges: bytes
Content-Length: 2844
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/sweetalert2/sweetalert2.min.js
107.182.129.184200 OK 48 kB URL HTTP/1.1 clientbased.xyz/assets/modules/sweetalert2/sweetalert2.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (47965), with no line terminators
Hash c7cffc8b283719a988fa85b6b5f77a85
9a62bf49bbd6ca0dc23ef1c4c6bc55e83e00b5a8
cad04f1e55ed6543d1dbd9672e6ea9f9d658c0053e8345e9c8cb160f88b4947e
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/sweetalert2/sweetalert2.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:13 GMT
ETag: "bb5d-5f1e09976052e"
Accept-Ranges: bytes
Content-Length: 47965
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/izitoast/js/iziToast.min.js
107.182.129.184200 OK 18 kB URL HTTP/1.1 clientbased.xyz/assets/modules/izitoast/js/iziToast.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Unicode text, UTF-8 text, with very long lines (18398), with CRLF line terminators
Hash df383d4feeb05ea8bfe86a0569ef0524
c6fd53b0a4abc2b73f55025ecb28d2eb65db93d4
df6d4fc52f8f3af6ef59c215a1165e4667f7daaedf4c5409db56d7c133564446
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/izitoast/js/iziToast.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:09 GMT
ETag: "4836-5f1e0994457d5"
Accept-Ranges: bytes
Content-Length: 18486
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/bootstrap/js/bootstrap.bundle.min.js
107.182.129.184200 OK 84 kB URL HTTP/1.1 clientbased.xyz/assets/modules/bootstrap/js/bootstrap.bundle.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (65294), with CRLF line terminators
Hash 96b79e4fd55cfeb144bda37cb9dee866
f6644ccddf43f83d4459e10fdc83027eb24ce530
2f5454be2251ba125af6a2b8836bcf682ec83d9dcb8043b5d71dc4e1ea399094
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:43 GMT
ETag: "149a0-5f1e097ac3c11"
Accept-Ranges: bytes
Content-Length: 84384
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
107.182.129.184200 OK 43 kB URL HTTP/1.1 clientbased.xyz/assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (42375), with CRLF line terminators
Hash bc16ae2b903284c4ceac6125b97a42eb
70a76de9919c00007dfb340242f096982e039967
32b547c248eb02f9615bf8e21d8c757cf5810780ab9935694d96c0b00ab71c4e
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/overlayScrollbars/js/jquery.overlayScrollbars.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "a676-5f1e0994d6b42"
Accept-Ranges: bytes
Content-Length: 42614
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/css/adminlte.min.css
107.182.129.184200 OK 1.4 MB URL HTTP/1.1 clientbased.xyz/assets/css/adminlte.min.css
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (65148), with CRLF line terminators
Size 1.4 MB (1382986 bytes)
Hash efd25adb317155ad5b5e3ab8a9a692dd
db0afb70249f3787a94bd4e97ebda0878191d394
8777aaf5d50b19f517d03349f82ac8634fac8d2d4ef71a715fead6a43435ee25
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/css/adminlte.min.css HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:41 GMT
ETag: "151a4a-5f1e0978c7987"
Accept-Ranges: bytes
Content-Length: 1382986
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
clientbased.xyz/assets/modules/jquery-mousewheel/jquery.mousewheel.js
107.182.129.184200 OK 8.5 kB URL HTTP/1.1 clientbased.xyz/assets/modules/jquery-mousewheel/jquery.mousewheel.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with CRLF line terminators
Hash 303c4ba89b4e5aec521e09b2c28c5687
c7ab27c23a5e200918bbb07715913f091a65de0f
0c8cf6e01a692a481a0b546d0ba61f09abdf578973cbcf3149a725385144eb62
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/jquery-mousewheel/jquery.mousewheel.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "2128-5f1e0994b17ae"
Accept-Ranges: bytes
Content-Length: 8488
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/chartjs/chartjs-adapter-date-fns.bundle.min.js
107.182.129.184200 OK 51 kB URL HTTP/1.1 clientbased.xyz/assets/modules/chartjs/chartjs-adapter-date-fns.bundle.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with very long lines (50495)
Hash 87f55b2580c452ec3431f18b5fada114
94fb6f22ccbcff719e8612e0702af5f8935c7886
ea7ab30d26c38dcf1f2d26bb43e73a94537b58f1906f55e1a546dd09321b5615
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/modules/chartjs/chartjs-adapter-date-fns.bundle.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "c5da-5f1e097bf5fcb"
Accept-Ranges: bytes
Content-Length: 50650
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/__UNAM_LIB/unam_lib.js
107.182.129.184200 OK 952 B URL HTTP/1.1 clientbased.xyz/__UNAM_LIB/unam_lib.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type ASCII text, with CRLF line terminators
Hash 8c7fb12cb6f7e2df13448f35fcc57fb4
d21730a298168b00466ccf8d73232794c789bc23
203a6503c36c58ca3a61da4107de3834e15419b1f5540b98e7ff2c503b01e2ee
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /__UNAM_LIB/unam_lib.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:40 GMT
ETag: "3b8-5f1e0977f4f92"
Accept-Ranges: bytes
Content-Length: 952
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/chartjs/chart.umd.js
107.182.129.184200 OK 329 B URL HTTP/1.1 clientbased.xyz/assets/modules/chartjs/chart.umd.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/chartjs/chart.umd.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "31889-5f1e097bf0b77"
Accept-Ranges: bytes
Content-Length: 202889
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
107.182.129.184200 OK 78 kB URL HTTP/1.1 clientbased.xyz/assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /assets/modules/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://clientbased.xyz/assets/modules/fontawesome-free/css/all.min.css
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:43 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:09 GMT
ETag: "13174-5f1e0993fa639"
Accept-Ranges: bytes
Content-Length: 78196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2
clientbased.xyz/favicon.ico
107.182.129.184200 OK 15 kB URL HTTP/1.1 clientbased.xyz/favicon.ico
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 2df3bd966f2c8af0095423679735a325
4eabcce6b2b7458895e58e740d82489f2b5020f5
dd09fc33e56f0f4f92970ea4d40f17683e9179006c04bb7583711e737b88efbd
Analyzer Verdict Alert urlquery malware Malware - Botnet panel
urlquery malware Malware - Botnet panel
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:43 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:39 GMT
ETag: "3c2e-5f1e09775fafd"
Accept-Ranges: bytes
Content-Length: 15406
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/x-icon
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash da5340ee69a1000f751686df9e716663
a5da880a61ed119790a7990bbdcc0c97eecf04f2
d1ff10bfe40f290935abe1feeb975a6af8cf310f9ce9d45bbf482a604da73560
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1FF10BFE40F290935ABE1FEEB975A6AF8CF310F9CE9D45BBF482A604DA73560"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9688
Expires: Tue, 28 Mar 2023 07:30:11 GMT
Date: Tue, 28 Mar 2023 04:48:43 GMT
Connection: keep-alive
push.services.mozilla.com/
34.214.202.214101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.202.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: H6TJC6IyGeYLrOo+R0HdMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8M4Z2tHULeJhZ+2Q955UhYlkqVc=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7351
Expires: Tue, 28 Mar 2023 06:51:15 GMT
Date: Tue, 28 Mar 2023 04:48:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7351
Expires: Tue, 28 Mar 2023 06:51:15 GMT
Date: Tue, 28 Mar 2023 04:48:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7351
Expires: Tue, 28 Mar 2023 06:51:15 GMT
Date: Tue, 28 Mar 2023 04:48:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 4f7aaf6e-3eca-4033-aa21-27b5e7df6a0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbupFURIAMFlZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-153c4e0b6b9d1b586c985f8d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 07sU32yK0Sqkqg_YzC_cfw3stDMOa2cViR6IrpHw5cfSEjUOHTITAA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:37 GMT
age: 25207
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fbdd640-8a87-474c-a4d5-f25e31609f46.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fbdd640-8a87-474c-a4d5-f25e31609f46.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d389dd69e54e5d7b547a425f9b22ebf
604a65cfc5572c5da9d3fdea795be3942b8d14cb
5beda50c5f20633003e1f939673a6005eca314372e7f8fe0a1d4bb5702ae1712
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fbdd640-8a87-474c-a4d5-f25e31609f46.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9501
x-amzn-requestid: 4c3f56b8-4d4f-4c4d-bd7c-faa15f6cec41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbskGe9IAMFrkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cb6-41acd1d8310ca659548a3039;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:58 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: _Mg3EgvJrS5IsmBULM6xZJra0-VkJEEtYlO-RfcE-4eHlghhqU8vdg==
via: 1.1 17d76c2aee343249585a570f2d36d2ee.cloudfront.net (CloudFront), 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:06:36 GMT
age: 24128
etag: "604a65cfc5572c5da9d3fdea795be3942b8d14cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b013cb6-ed0b-4590-b333-a69ce6ed3986.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b013cb6-ed0b-4590-b333-a69ce6ed3986.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 478c720a6e45547c00de24695f491b36
27ac933b8ec68e34144691ecc9c90307b332c5b6
eecb9e57f5a92621ca79221094825ae7452616d1cd2e33e8ae96568c3467de3b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b013cb6-ed0b-4590-b333-a69ce6ed3986.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6136
x-amzn-requestid: 5613a97e-2bca-4e20-9ccb-f31c36d95f53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbsjF9_IAMFWMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cb6-0c2c28581024b26c4db3bd1f;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: GoF8krRMHeKcjTHWhlu7RF2HmmETECJVZrQgEHSeOYwUW3hqxJhQLg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:14:00 GMT
etag: "27ac933b8ec68e34144691ecc9c90307b332c5b6"
content-type: image/jpeg
age: 23684
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72713d4b-dac7-4d4c-bfff-c16bd305c5b1.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72713d4b-dac7-4d4c-bfff-c16bd305c5b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15e37de1dba62187e1e5f012145813f3
cfe8cd953330252e15594f403e2f38ec56acdfd7
89bf7dbcf5a7fca006545f001b47de0ab6f94014de4bd4c519f6050e6daa5aa0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72713d4b-dac7-4d4c-bfff-c16bd305c5b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6542
x-amzn-requestid: 1106a670-cf68-4e3d-b5af-3013407acc5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbsjGAaoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cb6-726c7ba02ddb31182834d82d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:58 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: TTkQTse69m-F42cDPL9Ekonn48FG74B_3jFCpvBEa7au89m0_JE3og==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:06:45 GMT
age: 24119
etag: "cfe8cd953330252e15594f403e2f38ec56acdfd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 7571f483-0d57-4f3f-9d86-2f18175cc0b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRP5DG2BoAMFrdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d2d06-400180d700df598366b8b16f;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 04:54:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8LzPrLvhUnXntYPNCg_QN2LFUvQ-4FL4SMyYBxPOwlGd1sgL3j-Znw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:50:10 GMT
age: 25114
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: uCaEsILUx4u_fBJ7J9CgQanUW-BmV69mFvGRjZ0roFWluE_joVyVrA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 25223
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
clientbased.xyz/assets/modules/raphael/raphael.min.js
107.182.129.184200 OK 0 B URL HTTP/1.1 clientbased.xyz/assets/modules/raphael/raphael.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/modules/raphael/raphael.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:37:10 GMT
ETag: "16bef-5f1e09950a7b6"
Accept-Ranges: bytes
Content-Length: 93167
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/js/adminlte.js
107.182.129.184200 OK 0 B URL HTTP/1.1 clientbased.xyz/assets/js/adminlte.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/adminlte.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:42 GMT
ETag: "191fc-5f1e097a75f90"
Accept-Ranges: bytes
Content-Length: 102908
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
clientbased.xyz/assets/modules/datatables/jquery.dataTables.min.js
107.182.129.184200 OK 0 B URL HTTP/1.1 clientbased.xyz/assets/modules/datatables/jquery.dataTables.min.js
IP 107.182.129.184:0
ASN #213035 Des Capital B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/modules/datatables/jquery.dataTables.min.js HTTP/1.1
Host: clientbased.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clientbased.xyz/login.php
Cookie: PHPSESSID=q5alphtcfij0g1fp234t96f6ie
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 04:48:42 GMT
Server: Apache/2.4.54 (Win64) PHP/8.0.26 mod_fcgid/2.3.10-dev
Last-Modified: Tue, 10 Jan 2023 03:36:44 GMT
ETag: "1473a-5f1e097c03027"
Accept-Ranges: bytes
Content-Length: 83770
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript