| 108.181.199.151:8088/login | 108.181.199.151 | | 1.7 kB |
URL 108.181.199.151:8088/login IP108.181.199.151:0
File typeHTML document, ASCII text, with CRLF line terminators Hasheeffc3a02746328f73d5c8c2c9162d0a a955988493a86c2b65b92205efeebe917a91abfd 9c133ae95ed60eecebf69e281e0492afa1a0a5ba94e72afdd32935510dce5253
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; expires=Fri, 26-Apr-2024 13:31:49 GMT; Max-Age=7200; path=/; samesite=lax
kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D; expires=Fri, 26-Apr-2024 13:31:49 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.1.7, ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 1725
|
|
| 108.181.199.151:8088/css/bootstrap.min.css | 108.181.199.151 | 200 OK | 28 kB |
URL GET HTTP/1.1108.181.199.151:8088/css/bootstrap.min.css IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeASCII text, with very long lines (806) Hashca78b1ebf5c26ecbaec8048e664b252f b0a9c5a0aceac51dd2fb803d5d16d775b37a1830 ddd12c293ba2bc37f3196b16af6dfd0e0e95994a66d948b6442a9424a951b75a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/bootstrap.min.css HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 22 Jun 2020 12:38:44 GMT
Accept-Ranges: bytes
ETag: "0e2e6109248d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 27553
|
|
| 108.181.199.151:8088/Feathers/feather.css | 108.181.199.151 | 200 OK | 2.1 kB |
URL GET HTTP/1.1108.181.199.151:8088/Feathers/feather.css IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeASCII text, with very long lines (9772), with CRLF line terminators Hash6592aaab7cf8010dc028c62580231e2c a695c89661c335edcc16580b77ee3c93a1fb0ff0 d42410efb484664ed15c0956c38f9e105d1f8ddf2ea7a4647dfda4a465d69edf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Feathers/feather.css HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 2083
|
|
| 108.181.199.151:8088/sweetalert/css/sweetalert.css | 108.181.199.151 | 200 OK | 4.0 kB |
URL GET HTTP/1.1108.181.199.151:8088/sweetalert/css/sweetalert.css IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
Hash196c08c89f0c8a9b688a16d3435ac327 4890c9d16b0f2bb368bcc065ed00b72de15707c5 93ae81483be2e9705db4cd911fa410bc2cf6c24f355dc5ac899de49fab854e63
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sweetalert/css/sweetalert.css HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 3965
|
|
| 108.181.199.151:8088/css/waves.min.css | 108.181.199.151 | 200 OK | 1.1 kB |
URL GET HTTP/1.1108.181.199.151:8088/css/waves.min.css IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeASCII text, with CRLF line terminators Hashfc8c872b45ee4d5a5c6b086b3e77bec6 c3d521457f2cd236b90c2b34da8b6aba326db61c 19071fc618273f857bd98da21c95f6d551ede9fd3fa2a332c7c2f749fcb3f629
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/waves.min.css HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 1088
|
|
| 108.181.199.151:8088/js/jquery-3.4.1.min.js | 108.181.199.151 | 200 OK | 31 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/jquery-3.4.1.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery-3.4.1.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 28 Jun 2020 19:16:40 GMT
Accept-Ranges: bytes
ETag: "0dc95a6804dd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 30721
|
|
| 108.181.199.151:8088/sweetalert/js/sweetalert.min.js | 108.181.199.151 | 200 OK | 5.4 kB |
URL GET HTTP/1.1108.181.199.151:8088/sweetalert/js/sweetalert.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (16977), with no line terminators Hash0068f44b0aa1b83fa7679860ceb26590 20d5cdb9d2002442843baab241f2e883563d1de5 7a056fc64aba501090c8acd106b0c7bbc9a267914e695ae34aa42a6ae2a094a7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sweetalert/js/sweetalert.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 5412
|
|
| 108.181.199.151:8088/css/pages.css | 108.181.199.151 | 200 OK | 29 kB |
URL GET HTTP/1.1108.181.199.151:8088/css/pages.css IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeASCII text, with very long lines (65536), with no line terminators Hash50e3c76b4ca6cc333cb157955ced3810 c33307df5a1ae4b7f948b9f64d58ae82ade7d835 b373efe590ddc8c61b08ff63ad412f4fd20a5040a4ffa15fc4f463b553fc324b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/pages.css HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 29196
|
|
| 108.181.199.151:8088/css/style.css | 108.181.199.151 | 200 OK | 41 kB |
URL GET HTTP/1.1108.181.199.151:8088/css/style.css IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeASCII text, with CRLF line terminators Hash4c8770490df9de3002c022ca0564884d d72a225753a77d8469dc4a10b9de16811af43b58 194d5a25212ea7c94a82928ad2649d31d337ea140e282da37349a7a9b29dd631
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/style.css HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 03 Nov 2023 09:06:39 GMT
Accept-Ranges: bytes
ETag: "57d755e35eda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 40952
|
|
| 108.181.199.151:8088/js/bootstrap.min.js | 108.181.199.151 | 200 OK | 13 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/bootstrap.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (48600) Hash84e6e85d19e14564e7b84081d5a71b90 e1b4a71bc94a5119e6d7914fe0b179090962bb4e 24dcae4f742c60177278ac4a0709c624026200259ca30d938e136bb881453cc4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/bootstrap.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 12914
|
|
| 108.181.199.151:8088/js/jquery.min.js | 108.181.199.151 | 200 OK | 30 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/jquery.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 30202
|
|
| 108.181.199.151:8088/js/waves.min.js | 108.181.199.151 | 200 OK | 2.4 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/waves.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (5983) Hash4022b1d8ec726f98e88adf4d778def0a 29cf8221776de0f3abe6f029bd33cbe362adc481 b3f55a96775ff68bec376dd1a6e4a7be13081a6ecc3b1d3b777a2f8f3e6470bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/waves.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 2423
|
|
| 108.181.199.151:8088/js/jquery.slimscroll.js | 108.181.199.151 | 200 OK | 2.2 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/jquery.slimscroll.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (1421) Hash676a5df5563a6bc2539fd762de001dbd a2bba18a1f5d87fad3ffd8d497172b6d0ba41c1f fafed05d48a94509e59fb7848fd273f715ac1849e52868dcc30bc889107818d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.slimscroll.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 2181
|
|
| 108.181.199.151:8088/js/modernizr.js | 108.181.199.151 | 200 OK | 5.4 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/modernizr.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (1989) Hash5128ffd252da11727ef4d387932b321f 5fd86b034a5a82ae612cc48cbc0cbec21b688e3b aaa4a98000f280d8d1b54f8fb20e8888a59acdffe43bbcca7686b66712453590
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/modernizr.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 5445
|
|
| 108.181.199.151:8088/js/rocket-loader.min.js | 108.181.199.151 | 200 OK | 3.9 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/rocket-loader.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (12309) Hash3631cb75af1a858878871ff4fe621e43 894134b313e90d037807a18583aa0dd17089c43e b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/rocket-loader.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 3881
|
|
| 108.181.199.151:8088/js/jquery-ui.min.js | 108.181.199.151 | 200 OK | 68 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/jquery-ui.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (32074) Hashc15b1008dec3c8967ea657a7bb4baaec 78489e580adaef931e6e5b131dab556c397e4a1a 28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery-ui.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 68007
|
|
| 108.181.199.151:8088/js/jquery.min.js | 108.181.199.151 | 200 OK | 30 kB |
URL GET HTTP/1.1108.181.199.151:8088/js/jquery.min.js IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.min.js HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2020 02:16:50 GMT
Accept-Ranges: bytes
ETag: "0157b5d963fd61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 30202
|
|
| 108.181.199.151:8088/storage/img/logo.png | 108.181.199.151 | 200 OK | 27 kB |
URL GET HTTP/1.1108.181.199.151:8088/storage/img/logo.png IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 454x194, components 3 Hash8429b9866504d49edbb49947691cc5b8 1b807db045e9a2e237f3b1cf4c103435b65cfedd 6c9757af73c817ab69dfcea2714d7293c9223fed50b285dc0a7cd6813115337e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /storage/img/logo.png HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 03 Nov 2023 09:10:26 GMT
Accept-Ranges: bytes
ETag: "f79d3c9535eda1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 26 Apr 2024 11:31:49 GMT
Content-Length: 27193
|
|
| 108.181.199.151:8088/storage/img/logo-1.png | 108.181.199.151 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1108.181.199.151:8088/storage/img/logo-1.png IP108.181.199.151:8088
Requested byhttp://108.181.199.151:8088/login
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /storage/img/logo-1.png HTTP/1.1
Host: 108.181.199.151:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://108.181.199.151:8088/login
Cookie: XSRF-TOKEN=eyJpdiI6IkVjcDU5cUEzeVpaWk9FYy9xR0Y5U0E9PSIsInZhbHVlIjoiQi9mZmdBMDNTOHN3UVkweW9vS1Q4UEgwSlhlc2V0UjZoU2JMT2lHWC9PMWp6cS9KNmlscFVvdlZBSnQ0d1RkbE5TZXBXaXQ0NVVVNWR3dGMwOXJYc3FpaXpPbWhUT1NRbzQrdmdkejhBQmRkNVpsaDFwUUhER3dIb3V0LzJNT28iLCJtYWMiOiJiNTc5NTc4Njc3N2ViM2JiMmY2MDg3OTNlYzc3NzljYmZmZDUwZWQzNzQ2OTY0MDQyMDA2MzFhNGQzODc0ZjhmIiwidGFnIjoiIn0%3D; kijabe_e_recruitment_portal_session=eyJpdiI6Ijh4OVV2MjJibDlQaWdlbVY2UUFCUXc9PSIsInZhbHVlIjoibXlhcnp3RHRxWGNQditSS3h1SThPckJMT1FXOWxScGpoWDI0WnF0RU1BUkx5TnRCR29SOGZlZDFVNC9oQUFBL3ZObWZIN0E0aUFtcWIyNFlzSXR1bU5wcndJWFVMUWoyem5EWTVFMnBhZFJuRWN5MkE2cU1jdTBhbUhtM2pDTFQiLCJtYWMiOiI0NGQ4ZTk5ODk5OGQyNjA2ZTRiMjk2ZWY2NjRhMmRiNDUyYzlhNTQ1MzcxNmU4ZTYwNDYyNjMwYjMyMmFjODYxIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.1.7, ASP.NET
Date: Fri, 26 Apr 2024 11:31:50 GMT
Content-Length: 6609
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=lhdwLAh_Cg4dIrJUTJDMkVa8wcuRMXFxa2Hom65AH8Ol1qkyF3oqvjfRkBFmYcyqyOelhQhat7ZO8teT7r36lPUZnikYDDL0yTTEiYLhfHGHbdMss4WDcFL4AFQM13ZJ
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 26 Apr 2024 11:32:06 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 1
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|