Report - 5.161.72.105/admin/

Report Overview

Submitted URL
5.161.72.105/admin/
IP
5.161.72.105
ASN
#213230 Hetzner Online GmbH
Submitted
2024-04-16 12:16:35
Access
public
Website Title
Pi-hole - pihole
Final URL
5.161.72.105/admin/login.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
54

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
5.161.72.105	unknown	unknown	No data	No data	12 kB	1.8 MB	5.161.72.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed
2024-04-16	medium	5.161.72.105	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	5.161.72.105/admin/scripts/vendor/jquery.min.js?v=1685472698	90 kB	2023-03-07	2024-04-29
Pretty URL 5.161.72.105/admin/scripts/vendor/jquery.min.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:27 Last Seen2024-04-29 19:59:06 Times Seen23149 Hash 00727d1d5d9c90f7de826f1a4a9cc632 ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2 a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Loading...

	5.161.72.105/admin/style/vendor/bootstrap/js/bootstrap.min.js?v=1685472698	40 kB	2023-03-07	2024-04-29
Pretty URL 5.161.72.105/admin/style/vendor/bootstrap/js/bootstrap.min.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-29 18:00:08 Times Seen12247 Hash 2f34b630ffe30ba2ff2b91e3f3c322a1 b16fd8226bd6bfb08e568f1b1d0a21d60247cefb 9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe Loading...

	5.161.72.105/admin/scripts/vendor/adminlte.min.js?v=1685472698	14 kB	2023-03-07	2024-04-16
Pretty URL 5.161.72.105/admin/scripts/vendor/adminlte.min.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-04-16 14:16:42 Times Seen68 Hash 485f7de7fa4339351ebdf6e31618cb87 262fbc4235054a599123960d7216cf66c736837e b42729f850b123c0530dae9595e1e520d8e2d2db9ffb1ad8efa817e59fdeaa9b Loading...

	5.161.72.105/admin/scripts/vendor/bootstrap-notify.min.js?v=1685472698	8.1 kB	2023-03-07	2024-04-26
Pretty URL 5.161.72.105/admin/scripts/vendor/bootstrap-notify.min.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:28:30 Last Seen2024-04-26 10:35:39 Times Seen210 Hash 35eb2c2185524eecb2b772b667552014 a9edf0014d98a9cb514c61b34d2a4babb4a1d4c9 2db9de4f5fc27837d4295df39d94c34ccc336c31d02322f7f7cad69ae8e338da Loading...

	5.161.72.105/admin/style/vendor/font-awesome/js/all.min.js?v=1685472698	1.2 MB	2023-03-07	2024-04-21
Pretty URL 5.161.72.105/admin/style/vendor/font-awesome/js/all.min.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:28 Last Seen2024-04-21 07:43:55 Times Seen2827 Hash 5e1e1bd25a94741b7828800b758b88df c4198f8a39a892ba4dfd85b7a228e03b77e36a04 20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72 Loading...

	5.161.72.105/admin/scripts/pi-hole/js/utils.js?v=1685472698	12 kB	2023-12-02	2024-04-16
Pretty URL 5.161.72.105/admin/scripts/pi-hole/js/utils.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 10:56:51 Last Seen2024-04-16 14:16:42 Times Seen2 Hash 8fba266ad7253f98d5e1cca1f9ee04a8 3c6f9c2eae7265bc599e4595952ee7676947934c cfbff9f172b287faed563e8acd861285c956d3739e2f1679ca604881b058473e Loading...

	5.161.72.105/admin/scripts/pi-hole/js/footer.js?v=1685472698	8.4 kB	2023-07-30	2024-04-16
Pretty URL 5.161.72.105/admin/scripts/pi-hole/js/footer.js?v=1685472698 IP 5.161.72.105 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-30 13:19:46 Last Seen2024-04-16 14:16:42 Times Seen32 Hash ea7936e3b94f753826e5bd309b8c69f9 c575b032c317c627b8cc29949910922e68973cd8 8e2a1f2a84e6398de4580ead50d1ccfbb687aa1ddf9af0c01e406a5d48f507b6 Loading...

HTTP Transactions (27)

URL IP Response Size

5.161.72.105/admin/

5.161.72.105

0 B

URL User Request GET
5.161.72.105/admin/
IP
5.161.72.105:0
ASN
#213230 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/ HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k; path=/; HttpOnly; SameSite=Strict
Location: login.php
Content-type: text/html; charset=UTF-8
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Length: 0
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/login.php

5.161.72.105

7.1 kB

URL User Request GET
5.161.72.105/admin/login.php
IP
5.161.72.105:0
ASN
#213230 Hetzner Online GmbH

File type
HTML document, ASCII text
Size
7.1 kB (7099 bytes)
Hash
ca36391f4d1cd4da6dfd87b8b6785bf2
cd353d9d37fb07072c03bfbeaeb37534a35c53a0
776f12bc0b1c67a27961640de160fffbd7fe39969c937762f60e9956c52f15b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/login.php HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k; path=/; HttpOnly; SameSite=Strict
Content-type: text/html; charset=UTF-8
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Length: 7099
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698

5.161.72.105

200 OK

3.5 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
ASCII text
Size
3.5 kB (3516 bytes)
Hash
3e455b66ab24ef2eb23f85c74681bdfc
67b399845b959465041dc6628cad940bf95479b6
1276344244fcc0535c1a62146002bba0582dd07bf05b74b86c555b274de5616f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "2812969359"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 3516
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/themes/default-dark.css?v=1685472698

5.161.72.105

200 OK

14 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/themes/default-dark.css?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
ASCII text
Size
14 kB (13746 bytes)
Hash
12bf64e554d0ed5f6a78c70cca1c6365
2c7c3fe5744564d2a86c25f34642264bef4ac5c0
22bfdac61deaee35578e4cf5b3ef11580024bfbc9ab041621796803248655729

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/themes/default-dark.css?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "4157899151"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 13746
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/scripts/vendor/adminlte.min.js?v=1685472698

5.161.72.105

200 OK

14 kB

URL GET HTTP/1.1
5.161.72.105/admin/scripts/vendor/adminlte.min.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, ASCII text, with very long lines (13197)
Size
14 kB (13611 bytes)
Hash
485f7de7fa4339351ebdf6e31618cb87
262fbc4235054a599123960d7216cf66c736837e
b42729f850b123c0530dae9595e1e520d8e2d2db9ffb1ad8efa817e59fdeaa9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/scripts/vendor/adminlte.min.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "3004989838"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 13611
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/select2.min.css?v=1685472698

5.161.72.105

200 OK

15 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/select2.min.css?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
ASCII text, with very long lines (14965)
Size
15 kB (14966 bytes)
Hash
9f54e6414f87e0d14b9e966f19a174f9
ae5735562faabd1a2d9803bbd7bf4c502b5e4f51
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/select2.min.css?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "2448900493"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 14966
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/pi-hole.css?v=1685472698

5.161.72.105

200 OK

19 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/pi-hole.css?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
assembler source, ASCII text
Size
19 kB (19279 bytes)
Hash
6328f949a1522a5a1cdbacc8ccff52c4
565cbc915d41edeb2ca34c0cdd72cf3a22c7825a
306de646694658143d94bec7c590e49636d8233849fae743eaa5121fa645f620

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/pi-hole.css?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "3626172815"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 19279
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/bootstrap/js/bootstrap.min.js?v=1685472698

5.161.72.105

200 OK

40 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/bootstrap/js/bootstrap.min.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, ASCII text, with very long lines (39553)
Size
40 kB (39680 bytes)
Hash
2f34b630ffe30ba2ff2b91e3f3c322a1
b16fd8226bd6bfb08e568f1b1d0a21d60247cefb
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/bootstrap/js/bootstrap.min.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "2590966156"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 39680
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/scripts/vendor/bootstrap-notify.min.js?v=1685472698

5.161.72.105

200 OK

8.1 kB

URL GET HTTP/1.1
5.161.72.105/admin/scripts/vendor/bootstrap-notify.min.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, ASCII text, with very long lines (7883)
Size
8.1 kB (8122 bytes)
Hash
35eb2c2185524eecb2b772b667552014
a9edf0014d98a9cb514c61b34d2a4babb4a1d4c9
2db9de4f5fc27837d4295df39d94c34ccc336c31d02322f7f7cad69ae8e338da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/scripts/vendor/bootstrap-notify.min.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "3214803342"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 8122
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/scripts/pi-hole/js/utils.js?v=1685472698

5.161.72.105

200 OK

12 kB

URL GET HTTP/1.1
5.161.72.105/admin/scripts/pi-hole/js/utils.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, Unicode text, UTF-8 text
Size
12 kB (12239 bytes)
Hash
354b50c68822a65ff1dbb9126e05854f
c1729dbe64759597856493f3a0828a497c74249e
aa8ac89a62089b5671a353e24fda6cfe946e17aa614eabd8061a61c9a39d2d2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/scripts/pi-hole/js/utils.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "2889482633"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 12239
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/scripts/pi-hole/js/footer.js?v=1685472698

5.161.72.105

200 OK

8.4 kB

URL GET HTTP/1.1
5.161.72.105/admin/scripts/pi-hole/js/footer.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, ASCII text
Size
8.4 kB (8354 bytes)
Hash
ea7936e3b94f753826e5bd309b8c69f9
c575b032c317c627b8cc29949910922e68973cd8
8e2a1f2a84e6398de4580ead50d1ccfbb687aa1ddf9af0c01e406a5d48f507b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/scripts/pi-hole/js/footer.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "793887113"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 8354
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/scripts/vendor/jquery.min.js?v=1685472698

5.161.72.105

200 OK

90 kB

URL GET HTTP/1.1
5.161.72.105/admin/scripts/vendor/jquery.min.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89664 bytes)
Hash
00727d1d5d9c90f7de826f1a4a9cc632
ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/scripts/vendor/jquery.min.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "140395407"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 89664
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/bootstrap/css/bootstrap.min.css?v=1685472698

5.161.72.105

200 OK

122 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/bootstrap/css/bootstrap.min.css?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
ASCII text, with very long lines (65369)
Size
122 kB (121457 bytes)
Hash
7f89537eaf606bff49f5cc1a7c24dbca
b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/bootstrap/css/bootstrap.min.css?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "3522642828"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 121457
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/AdminLTE.min.css?v=1685472698

5.161.72.105

200 OK

106 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/AdminLTE.min.css?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
ASCII text, with very long lines (65311)
Size
106 kB (106547 bytes)
Hash
72d35226e190a84f276b8d7a306e14a8
3a5d993aaa9cc5fa4fdee391474dba15a6b23ba4
e61aab24c8365aaedaa9d2671dcfc5afa66466843c055102e82cd6f532376ef3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/AdminLTE.min.css?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "2348401551"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 106547
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/font-awesome/js/all.min.js?v=1685472698

5.161.72.105

200 OK

1.2 MB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/font-awesome/js/all.min.js?v=1685472698
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JavaScript source, ASCII text, with very long lines (65350)
Size
1.2 MB (1194960 bytes)
Hash
5e1e1bd25a94741b7828800b758b88df
c4198f8a39a892ba4dfd85b7a228e03b77e36a04
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/font-awesome/js/all.min.js?v=1685472698 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "1556555149"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 1194960
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:09 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/img/logo.svg

5.161.72.105

200 OK

986 B

URL GET HTTP/1.1
5.161.72.105/admin/img/logo.svg
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
SVG Scalable Vector Graphics image
Size
986 B (986 bytes)
Hash
3fc924e6b83bf1a407b627e034933bc4
b6e78bafb0c6e73eb579b565bf374d1aa95d78ed
62d61b0944ba7c4704e409090731e1aeed3e202cc8c232bbdd24900d0807680f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/img/logo.svg HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Accept-Ranges: bytes
ETag: "2627273096"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 986
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/img/boxed-bg-dark.png

5.161.72.105

200 OK

12 kB

URL GET HTTP/1.1
5.161.72.105/admin/img/boxed-bg-dark.png
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
PNG image data, 600 x 600, 2-bit colormap, non-interlaced
Size
12 kB (11638 bytes)
Hash
dfa70c2c8c658bb05e473d42e96c9979
02e755c9e899303bb9e34784e2222530c1963736
f6d3877453f683c75cc4270723fd71ba2d873167ba73a882c31099fe80cb775d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/img/boxed-bg-dark.png HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/style/themes/default-dark.css?v=1685472698
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Accept-Ranges: bytes
ETag: "972194184"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 11638
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-300.woff2

5.161.72.105

200 OK

16 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-300.woff2
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
Web Open Font Format (Version 2), TrueType, length 16064, version 1.0
Size
16 kB (16064 bytes)
Hash
ede18477b85a5d781cd2f4001ecc5e67
ff430aa2f0d009a154dddbe06e58f3cce299bde6
f3d7092e6eb6f3aa0c572e52e061a59cc88a3e9eff581c95c4bd7456800904d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-300.woff2 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: font/woff2
Accept-Ranges: bytes
ETag: "1413890444"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 16064
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2

5.161.72.105

200 OK

16 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
Web Open Font Format (Version 2), TrueType, length 15764, version 1.0
Size
16 kB (15764 bytes)
Hash
1a4bcb3ec9c508d478d4dbf6b56f6208
bd2de9c020d1fb0461cedf4e8e1d4d6834426d15
24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: font/woff2
Accept-Ranges: bytes
ETag: "384205196"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 15764
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-600italic.woff2

5.161.72.105

200 OK

15 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-600italic.woff2
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
Web Open Font Format (Version 2), TrueType, length 15296, version 1.0
Size
15 kB (15296 bytes)
Hash
ae24ed0c9a034d7c4098d3ddcdcb57f2
8d548ce41bf82c006b73fbd72de8d3064a98e2d6
553f5fabc75321590278e798830472879642e5baaaea952dd109e8a1f4b63a72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-600italic.woff2 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: font/woff2
Accept-Ranges: bytes
ETag: "1682375052"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 15296
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-italic.woff2

5.161.72.105

200 OK

15 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-italic.woff2
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
Web Open Font Format (Version 2), TrueType, length 15280, version 1.0
Size
15 kB (15280 bytes)
Hash
dac2fca7ba8512baa24172f1171c961f
613c53e863385eacdde14feec811bc6b6d2aca9d
29b561a8a01edc4acf52d1c4c763aa21a1b540bc020b92f8bbfaf656b53a02b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-italic.woff2 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: font/woff2
Accept-Ranges: bytes
ETag: "130482572"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 15280
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2

5.161.72.105

200 OK

16 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
Web Open Font Format (Version 2), TrueType, length 16112, version 1.0
Size
16 kB (16112 bytes)
Hash
899c8f78ce650d4009d42443897aa723
d2e2faa9780b7fca5a5cb20a853dd7df55b3101e
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2 HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://5.161.72.105/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1685472698
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: font/woff2
Accept-Ranges: bytes
ETag: "902185356"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 16112
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/style/vendor/icheck-bootstrap.min.css

5.161.72.105

200 OK

12 kB

URL GET HTTP/1.1
5.161.72.105/admin/style/vendor/icheck-bootstrap.min.css
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (12293)
Size
12 kB (12504 bytes)
Hash
a3ca9d6ec882d51d83563ac6f481d9fe
9811172f2952612064f3bb67b87c3f43777f6eb5
9604d493b60104e35fbf6ca0ae85cd52164c19893a9ec52e8f2415cc9a5e8767

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/style/vendor/icheck-bootstrap.min.css HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Accept-Ranges: bytes
ETag: "4236624269"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 12504
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/api_db.php?status

5.161.72.105

200 OK

2 B

URL GET HTTP/1.1
5.161.72.105/admin/api_db.php?status
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/api_db.php?status HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k; path=/; HttpOnly; SameSite=Strict
Content-type: application/json
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Length: 2
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/img/favicons/apple-touch-icon.png

5.161.72.105

200 OK

3.5 kB

URL GET HTTP/1.1
5.161.72.105/admin/img/favicons/apple-touch-icon.png
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.5 kB (3537 bytes)
Hash
4a5f901771914855eb94d75887bf2bcb
b9fdf83b109cf55c3154624e0703f4cfafb7c1bb
3ddea7d38f450404b44c8b314d984441332616e078a44e96956feaa2a9b4930f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/img/favicons/apple-touch-icon.png HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Accept-Ranges: bytes
ETag: "3301081480"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 3537
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/img/favicons/favicon-16x16.png

5.161.72.105

200 OK

508 B

URL GET HTTP/1.1
5.161.72.105/admin/img/favicons/favicon-16x16.png
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
508 B (508 bytes)
Hash
ae7800a2e32ab000f19a688e16350ed1
9d32ffa86234900f79a4c83aaf33340387d17231
38adbe20669d5bd52dc346614d76459763e4bb0a9ec6a48eac646e637a932062

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/img/favicons/favicon-16x16.png HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Accept-Ranges: bytes
ETag: "3450438024"
Last-Modified: Tue, 30 May 2023 18:51:38 GMT
Content-Length: 508
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 16 Apr 2024 12:16:10 GMT
Server: lighttpd/1.4.59

5.161.72.105/admin/api_db.php?status

5.161.72.105

200 OK

2 B

URL GET HTTP/1.1
5.161.72.105/admin/api_db.php?status
IP
5.161.72.105:80
ASN
#213230 Hetzner Online GmbH

Requested by
http://5.161.72.105/admin/login.php

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /admin/api_db.php?status HTTP/1.1
Host: 5.161.72.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://5.161.72.105/admin/login.php
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=dm1v0l7ir5o6keluu9srfs7n5k; path=/; HttpOnly; SameSite=Strict
Content-type: application/json
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Content-Length: 2
Date: Tue, 16 Apr 2024 12:16:15 GMT
Server: lighttpd/1.4.59

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL User Request GET

IP

ASN

File type