49.12.192.249/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe
49.12.192.249 0 B URL User Request GET 49.12.192.249/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe
IP 49.12.192.249:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe/login?next=/FechtersBungalow.exe HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
location: /login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
49.12.192.249200 OK 18 kB URL User Request GET HTTP/1.1 49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (55296)
Hash cf4cedfef919c9067bd3193f29523b47
5b95f1dac85857972ab2afe9c9dfcc970e504afc
6cb3ef1f8911099fdb65a9ba59a9efc2889ffc64672eeff66401b0c81b5011eb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
content-type: text/html; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate
vary: accept-encoding
content-encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/bootstrap-anonymous.js
49.12.192.249200 OK 1.5 kB URL GET HTTP/1.1 49.12.192.249/bootstrap-anonymous.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (763)
Hash e1b8664eb5b6f5b4e24fca854444e9ff
18ff783995e68df4bb3feafc3b1ee8b569d94520
b2316dfcda583478a1023ed7b04d4ffbc489e2731656804b39dd2b979cc6b895
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bootstrap-anonymous.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
etag: "18ff783995e68df4bb3feafc3b1ee8b569d94520-gzip"
content-type: application/javascript; charset=utf-8
cache-control: must-revalidate
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
content-encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/node_modules/@kbn/ui-framework/dist/kui_light.css
49.12.192.249200 OK 9.8 kB URL GET HTTP/1.1 49.12.192.249/node_modules/@kbn/ui-framework/dist/kui_light.css
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Hash d9f63bceb4de59651c291580995343f4
47af9b8f6e4640c400d5d0b64bd8c8095c9bbcf5
2bd144aff9bd5f6e37fb0116a5a11ce0cb3009f593e9a9dd22bcdb1706c3d281
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /node_modules/@kbn/ui-framework/dist/kui_light.css HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
content-type: text/css; charset=utf-8
last-modified: Mon, 08 Apr 2024 11:27:03 GMT
etag: "47af9b8f6e4640c400d5d0b64bd8c8095c9bbcf5-gzip"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
vary: accept-encoding
content-encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css
49.12.192.249200 OK 13 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type Unicode text, UTF-8 text, with very long lines (3536), with CRLF, LF line terminators
Hash f077f02d4706c478d3b1e905e63906be
183876dc8c3b14d74398ac651906d67d2ef4d91a
06a4ea723d6e7f7c50d5118dc030dc7b48f26b1f7418b52b851d6ed789ba378c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/css; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/ui/legacy_light_theme.css
49.12.192.249200 OK 14 kB URL GET HTTP/1.1 49.12.192.249/ui/legacy_light_theme.css
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Hash d0bf105d9be15b75c57ec22110048402
4345f9a3b9a243edd0b81b913ba1901bce549a2b
4d8013d03eb6a9125790e9d6180f1c035be374f9a42a2aebb01bb4339f9a7c63
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/legacy_light_theme.css HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
content-type: text/css; charset=utf-8
last-modified: Mon, 08 Apr 2024 11:27:04 GMT
etag: "4345f9a3b9a243edd0b81b913ba1901bce549a2b-gzip"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
vary: accept-encoding
content-encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.v8.light.css
49.12.192.249200 OK 69 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.v8.light.css
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type ASCII text, with very long lines (18177)
Hash a2379ab7ea605dc8042b45d969a6894b
879f849ca6a52b1a3cd6802406da965117393672
cf7868ab4b3c380128f782f1b932608e4ddd0c15aa53468631e126c5b01ac64d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.v8.light.css HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/css; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/ui/favicons/favicon.svg
49.12.192.249200 OK 1.0 kB URL GET HTTP/1.1 49.12.192.249/ui/favicons/favicon.svg
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type SVG Scalable Vector Graphics image
Hash 7d0688b40ba64da737b12a3257e6c7b3
c2ae8872d6be83d97704438ba39271e9af1a65d0
160f4ef3788e8b599e30ccc74b4b74f3a5a70a28fa68b6df0b582f741a7025bb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/favicons/favicon.svg HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
content-length: 1008
content-type: image/svg+xml
last-modified: Mon, 08 Apr 2024 11:27:05 GMT
etag: "c2ae8872d6be83d97704438ba39271e9af1a65d0"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
49.12.192.249/ui/fonts/inter/Inter-Regular.woff2
49.12.192.249200 OK 99 kB URL GET HTTP/1.1 49.12.192.249/ui/fonts/inter/Inter-Regular.woff2
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type Web Open Font Format (Version 2), TrueType, length 98844, version 1.0
Hash 4232a675a077023a364c30ee94c155b5
d54ba8fa95573fa24442dab96795eaf8db66aa80
bed72259a8e25611bfdcd02ae7534bab339f607cbce3b989614fb32a5fb95738
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/fonts/inter/Inter-Regular.woff2 HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:11 GMT
Server: Apache
content-length: 98844
content-type: font/woff2
last-modified: Mon, 08 Apr 2024 11:27:06 GMT
etag: "d54ba8fa95573fa24442dab96795eaf8db66aa80"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
49.12.192.249/47529/bundles/plugin/security/8.0.0/security.plugin.js
49.12.192.249200 OK 15 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/security/8.0.0/security.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (52482)
Hash 415a4faefec51aeed07779cec5549388
2058a0084dbccbf7b9d1a9e393db09e325456e4b
21b86a9807d42259db4b2950bc2161ef22942f8f24f794bf6e65a8b351d4eaa7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/security/8.0.0/security.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/esUiShared/kibana/esUiShared.plugin.js
49.12.192.249200 OK 35 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/esUiShared/kibana/esUiShared.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Hash ca3dccd5d4dab6a97bc8dd30d167b2a0
ed75a9d80705a3662c0051176c4a9e4f83a09b34
7ae5976120760175217f0d998aad852b8dcbfe9ade82c57a50f5badd86673407
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/esUiShared/kibana/esUiShared.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/inspector/kibana/inspector.plugin.js
49.12.192.249200 OK 7.5 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/inspector/kibana/inspector.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (25276), with no line terminators
Hash 12c261f7ec69e8f86d823022c3f6e207
1ec77c9757717593105f96661c232299be86ba0e
3fd1fe77f87af3dbbcade5390886da003eb762d98240691dc5daab333dd914d2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/inspector/kibana/inspector.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/core/core.entry.js
49.12.192.249200 OK 71 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/core/core.entry.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash 89c53cdf6cfccf9fa4f8702e20450efe
c3d78b7eb3722bce90565fd7ae9d5868ec449221
53edeef8cd6ae724eeec397229dd08487e6a130cf6156212c42cf7db66d5cf2f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/core/core.entry.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/kibanaReact/kibana/kibanaReact.plugin.js
49.12.192.249200 OK 17 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/kibanaReact/kibana/kibanaReact.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 31bb332e01e9c34a095f81bb2f8d54f0
f6af0648e30bb348a155ee8f7d977edd6f0f5336
9f604a85f151a7820680ae59f09604d180e36c4f603f37cae0f09d479a2ee8fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/kibanaReact/kibana/kibanaReact.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/kibanaUtils/kibana/kibanaUtils.plugin.js
49.12.192.249200 OK 22 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/kibanaUtils/kibana/kibanaUtils.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
Hash cff37007e9ab8b52c19a14666e35a95f
5961e620b6e2e024d857f7c6f2136ac335b237d8
8c59c434c6f1554b01ffbacae3933174290061e396e5b35be0b79d9f581cc815
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/kibanaUtils/kibana/kibanaUtils.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/home/kibana/home.plugin.js
49.12.192.249200 OK 3.7 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/home/kibana/home.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (10255), with no line terminators
Hash cf3a981a4ae22ce5a9b78b5002e61993
11792ecbdf0bfdcd2ae43f964c3fb5fe569d8370
fbba0a9131cd9d9b19e693a8bb42564a966d39f5c07f566bd25273a716a430d7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/home/kibana/home.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/spaces/8.0.0/spaces.plugin.js
49.12.192.249200 OK 6.6 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/spaces/8.0.0/spaces.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (20563)
Hash d968da8f54200b624e146ed8f4255bb4
3edde24e3cb7728ad43f3c4e741148714292ee5e
143cc5e52070f3387fb616b17b8c3514197892c666302b4b85c25ab10a64fe4c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/spaces/8.0.0/spaces.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/licensing/0.0.1/licensing.plugin.js
49.12.192.249200 OK 3.1 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/licensing/0.0.1/licensing.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (8690)
Hash 7cae6050c5efd21dd924d83e5fa26e42
19196817d02176f5220fca571cfea786b3864268
96d5f5be4b0b5eca67b946a715392cc5ecb464ad247ac6e869ae82f43f2a32ed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/licensing/0.0.1/licensing.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/features/8.0.0/features.plugin.js
49.12.192.249200 OK 1.2 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/features/8.0.0/features.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (3402)
Hash c1f197a5155f4b0d3a05763e5262124c
c63a36b9167b933d32ebc7261036bc334e710513
a67f1c1ea0bd8c022d7e88b45eb0a5d5cdc33d216f0d6424a4a4fcf595eb08e9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/features/8.0.0/features.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/data/kibana/data.plugin.js
49.12.192.249200 OK 101 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/data/kibana/data.plugin.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 101 kB (100977 bytes)
Hash 5340a8612812683de2786f87288d7e4f
d1884a35cbdfa8267005be3923357b664fb1843a
a236d86e5cd0f8605986f634775b33eb182cbb79339e9c01cdd8b1144198f2e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/data/kibana/data.plugin.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.js
49.12.192.249200 OK 865 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 865 kB (864937 bytes)
Hash e53ba08cc954cc34b6d479db0b1ee16f
1328de65df750d20d5c2cccc7f98e7489f585c24
fec617c0ae63bc03c728ce50b731fb7e8e4644e3d19a86983a84fab90b96f315
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js
49.12.192.249200 OK 1.5 MB URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (58696)
Size 1.5 MB (1481760 bytes)
Hash a723cd9e643c07d065366e7713daf0c8
54d51bbff0ab9705339f6bf2d58fd4e0a7f78930
5682fea2b873e0c4f8ab750caf55bc7c11c8fb62f9a7f0eaf4b9bbb7afc6ba37
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:12 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/translations/en.json
49.12.192.249200 OK 29 B URL GET HTTP/1.1 49.12.192.249/translations/en.json
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Hash 0f3019f0cd54ec785b57401623709fc6
37992637719f97813c3068cfbf877b2d3bb43b97
18cda523c38f2f0839f264e9cb6449c40f9e09f920105df3fe105c30a4cc5be5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /translations/en.json HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:15 GMT
Server: Apache
content-type: application/json; charset=utf-8
cache-control: must-revalidate
etag: "37992637719f97813c3068cfbf877b2d3bb43b97"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
content-length: 29
accept-ranges: bytes
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
49.12.192.249/api/core/capabilities?useDefaultCapabilities=true
49.12.192.249200 OK 1.2 kB URL POST HTTP/1.1 49.12.192.249/api/core/capabilities?useDefaultCapabilities=true
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Hash 31a3caf96449a868e3909a0fd4955bb9
f26cb7fbaa03e4bc6933927ce8bb95cd8235fac7
299cb8c25e8e17f6a2cee600d842f4e89b855c77c8afa400479ef59689c4db61
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /api/core/capabilities?useDefaultCapabilities=true HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Content-Type: application/json
kbn-version: 7.17.20
Content-Length: 193
Origin: http://49.12.192.249
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
content-type: application/json; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate
vary: accept-encoding
content-encoding: gzip
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.162.js
49.12.192.249200 OK 947 B URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.162.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (1839), with no line terminators
Hash 017bc1c0cf996700ff9a5424732f79d6
41a3fb35948a36256ca99e70c93aa3e1d2f52ed1
fdb347c54573a295e41bcb1b254a26012e85fb5d1c6eb413cbc4daed704039b5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.162.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.90.js
49.12.192.249200 OK 634 B URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.90.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (1210), with no line terminators
Hash 19af171101ae647a3fe9c5697800670f
de93e5f153f85d25e451ed62e3cddd36eca87bfd
cfd5b29d79891563ac0fe17b9aed620715d295cc9d997cbe1386b7f616c40c20
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.90.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.207.js
49.12.192.249200 OK 1.5 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.207.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (3743), with no line terminators
Hash 90476a1731225e1d7ae44efe6bb59122
7c8287d01b9cb5dc0323cf6171a4eb0ad0a0b7c4
fec843005bf7ccb96d7872476cc7d07f49fb93f44a5dbda0ebc1d5534e6d75a2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.207.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.2.js
49.12.192.249200 OK 764 B URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.2.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (1380), with no line terminators
Hash 4434e3f4c54aa6a60abaa1ccc92bbecb
2f250b2a37bd162e9452eafc47bc19b17c9266b6
ffab85449d0929f3841c6cfc5b1af7cacebe10ff3e730cb0d26777e5d5d53415
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.2.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/security/8.0.0/security.chunk.6.js
49.12.192.249200 OK 5.9 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/security/8.0.0/security.chunk.6.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (27647)
Hash d3292b892d82c11d3d44a03e0c925cf6
9a325170c3f580dc9b11a7669d342c3fca0ef5c9
2427313344f59ae54b738e5255e7ca7940ae0a2e65b914f2194604fbbd6e2a21
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/security/8.0.0/security.chunk.6.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/plugin/security/8.0.0/security.chunk.1.js
49.12.192.249200 OK 22 kB URL GET HTTP/1.1 49.12.192.249/47529/bundles/plugin/security/8.0.0/security.chunk.1.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (35793)
Hash 17b733958df6c0fd6a30ee120ecdac6d
f023bc9af79c078c4fe67c26cf8300704c4287e9
b6b29612aec5294d3d33a2b8e196283a988301b8bcd5df9ee6f6e4fb590da7eb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/plugin/security/8.0.0/security.chunk.1.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/internal/security/login_state
49.12.192.249200 OK 186 B URL GET HTTP/1.1 49.12.192.249/internal/security/login_state
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Hash d358c7f4bd6596e95c710fb13e9628ad
b98137759ff360ca6094a9ed607ec577d96a5a26
f8b0232281829d5fe52d913a9edccf0d6d37de40be46054bd8b7b93a4dc8f843
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /internal/security/login_state HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
Content-Type: application/json
kbn-version: 7.17.20
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
content-type: application/json; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate
content-length: 186
accept-ranges: bytes
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.188.js
49.12.192.249200 OK 786 B URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.188.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (1387), with no line terminators
Hash b0e0d8ca53b09773c87d36e7f56d65f5
f7c650a585f6af8d9059cb91457a24c8bea1e71c
037abf884f61eb1a5f60ddbca495f18a4d8cd8c7c90de721a4bf9385c214f57c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.188.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.137.js
49.12.192.249200 OK 914 B URL GET HTTP/1.1 49.12.192.249/47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.137.js
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type JavaScript source, ASCII text, with very long lines (1732), with no line terminators
Hash eb0a3b5317ac7fb3baf7dc2ee697f6e0
6a3737f07a5b66a9394b1d966ed4b148e2c0af8b
46a5d129233d547d6cae47a342c54e46994f5b5bb00d730ecfedaeb42fb58725
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /47529/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.chunk.137.js HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
cache-control: max-age=31536000
content-encoding: gzip
content-type: application/javascript; charset=utf-8
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
vary: accept-encoding
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
49.12.192.249/ui/fonts/roboto_mono/RobotoMono-Regular.ttf
49.12.192.249200 OK 115 kB URL GET HTTP/1.1 49.12.192.249/ui/fonts/roboto_mono/RobotoMono-Regular.ttf
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type TrueType Font data, 16 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2015 Google Inc. All Rights Reserved.Roboto MonoRegularGoogle:Roboto Mono:2015Roboto M
Size 115 kB (114624 bytes)
Hash a48ac41620cd818c5020d0f4302489ff
69a65c2b797d2fa124b4c709097e761b7857a035
c7ab2d73cf7d538face08bcdde95b928ce609a970237c8811ca3c76059c8bb2f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/fonts/roboto_mono/RobotoMono-Regular.ttf HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
content-length: 114624
content-type: font/ttf
last-modified: Mon, 08 Apr 2024 11:27:06 GMT
etag: "69a65c2b797d2fa124b4c709097e761b7857a035"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
vary: accept-encoding
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
49.12.192.249/ui/fonts/inter/Inter-Medium.woff2
49.12.192.249200 OK 106 kB URL GET HTTP/1.1 49.12.192.249/ui/fonts/inter/Inter-Medium.woff2
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type Web Open Font Format (Version 2), TrueType, length 105616, version 1.0
Size 106 kB (105616 bytes)
Hash 027d14e7d35bfa1b9c2eb0a92a69c103
85bd69c6604c42cd7cff42f69686ae9f5765b09c
6be58eaba7a53c5f1e8ac57a8ae050078a6de66c792ec52d960f80218a21966a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/fonts/inter/Inter-Medium.woff2 HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
content-length: 105616
content-type: font/woff2
last-modified: Mon, 08 Apr 2024 11:27:06 GMT
etag: "85bd69c6604c42cd7cff42f69686ae9f5765b09c"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
49.12.192.249/ui/fonts/inter/Inter-Bold.woff2
49.12.192.249200 OK 106 kB URL GET HTTP/1.1 49.12.192.249/ui/fonts/inter/Inter-Bold.woff2
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type Web Open Font Format (Version 2), TrueType, length 105912, version 1.0
Size 106 kB (105912 bytes)
Hash fc28dff75afccce7f5a90844fba40466
a197eb37acbe6c839d9a549a08fe80bb8a39d6aa
7824a9014117f15dfa90a4a1c4082b3c52eb3cb0aa9da3dcf627ff2886e039b4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/fonts/inter/Inter-Bold.woff2 HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
content-length: 105912
content-type: font/woff2
last-modified: Mon, 08 Apr 2024 11:27:06 GMT
etag: "a197eb37acbe6c839d9a549a08fe80bb8a39d6aa"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
49.12.192.249/ui/fonts/inter/Inter-SemiBold.woff2
49.12.192.249200 OK 106 kB URL GET HTTP/1.1 49.12.192.249/ui/fonts/inter/Inter-SemiBold.woff2
IP 49.12.192.249:80
ASN #24940 Hetzner Online GmbH
Requested by http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
File type Web Open Font Format (Version 2), TrueType, length 105980, version 1.0
Size 106 kB (105980 bytes)
Hash 0802d48bd2c2e67d3008c2da27cfb634
3e4531452e8ed6b6ddeb7a9c53c8e09f3575c006
d5a91eb1b863ca7543716e4782113a07504de66ece767eda455a33c344cbfefa
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ui/fonts/inter/Inter-SemiBold.woff2 HTTP/1.1
Host: 49.12.192.249
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://49.12.192.249/login?next=%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe%2Flogin%3Fnext%3D%2FFechtersBungalow.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 16:05:16 GMT
Server: Apache
content-length: 105980
content-type: font/woff2
last-modified: Mon, 08 Apr 2024 11:27:06 GMT
etag: "3e4531452e8ed6b6ddeb7a9c53c8e09f3575c006"
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: glam4ucluster.info3.gr
kbn-license-sig: 251dc23a6d36ebd26d3cfec04a00f9b30dfd417a3fc6e6bdb08e8d458635f961
cache-control: must-revalidate
accept-ranges: bytes
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive