| 218.28.19.226:8082/cogs/user/login.php | 218.28.19.226 | 200 OK | 2.9 kB |
URL User Request GET HTTP/1.1218.28.19.226:8082/cogs/user/login.php IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
File typeJavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators Hash39dd0e7db8f8c773ebc1945ee684f517 d2b62c45f0c0da5f1c40b12e0e39aa304c41fff9 492bba63706f0cf53cf2b2e947b72f84e9dc2ee9b326caf8248aaa3fafd6ba12
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cogs/user/login.php HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2910
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| 218.28.19.226:8082/cogs/style/cogs.css | 218.28.19.226 | 200 OK | 2.4 kB |
URL GET HTTP/1.1218.28.19.226:8082/cogs/style/cogs.css IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typetroff or preprocessor input, ASCII text, with CRLF line terminators Hash52c23f7b35c91c87aff1317a19ae7b03 39ade25163b3c01cefcc18a5ab81d2b6b4b89098 a5a88544f0c175e344587cd2df95d69fd548fafb7747ebe08aaadd3203a89901
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cogs/style/cogs.css HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 01 Aug 2022 02:57:07 GMT
ETag: "27c0-5e52527caef67-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2377
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| 218.28.19.226:8082/cogs/include/tradsimp.js | 218.28.19.226 | 200 OK | 6.0 kB |
URL GET HTTP/1.1218.28.19.226:8082/cogs/include/tradsimp.js IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typeUnicode text, UTF-8 text, with very long lines (1307), with CRLF line terminators Hashc08b9f0278a09d58d176ed0da9571696 a57f67cd28822d67bf7b7599835c945e8af1523d 7760b8ae0ccae7e58881eca7bdb7c177fe32e2c183be88cbb4389cc2af4887c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cogs/include/tradsimp.js HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 10 Sep 2012 08:00:00 GMT
ETag: "203a-4c95458238000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6042
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 218.28.19.226:8082/Bootstrap/css/bootstrap.min.css | 218.28.19.226 | 200 OK | 17 kB |
URL GET HTTP/1.1218.28.19.226:8082/Bootstrap/css/bootstrap.min.css IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typeASCII text, with very long lines (65308), with CRLF line terminators Hash51d11ca5856489399c0e55be4a295b0d 345553e56129c2b6e3210cfb2384c2f48c2c985b f0b49e28a16eb45c9d05d54149903d30b0e3a7cf6d43fbaef91a6b298c5dc36f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 12 Oct 2018 04:49:46 GMT
ETag: "19e39-57800d10a4e80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17092
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 218.28.19.226:8082/Bootstrap/js/bootstrap.min.js | 218.28.19.226 | 200 OK | 7.6 kB |
URL GET HTTP/1.1218.28.19.226:8082/Bootstrap/js/bootstrap.min.js IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typeJavaScript source, ASCII text, with very long lines (28514) Hashbed31fb959612a0a77d8e87b9d0b3683 0a5258ab60dd5ca854552a18d2926a271b78bbc4 a515a82292b34bdde3447113634d5d496039ffd4d6a0c7382586f3c24e582645
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /Bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 26 Jul 2013 08:00:00 GMT
ETag: "6fd7-4e26587842000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7569
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 218.28.19.226:8082/cogs/include/sortTable.js | 218.28.19.226 | 200 OK | 930 B |
URL GET HTTP/1.1218.28.19.226:8082/cogs/include/sortTable.js IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
Hash23c43599da0ff89905584b0709f7ca31 3567b9265c827fec783c533e7f1cda8f8edb36e4 5f2a9ffd5d0cbb5dc95e8c5e401b6479feef571ff39e4d8f9c6625af0b2e2485
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cogs/include/sortTable.js HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 10 Sep 2012 08:00:00 GMT
ETag: "710-4c95458238000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 930
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 218.28.19.226:8082/jQuery/jquery-1.8.0.min.js | 218.28.19.226 | 200 OK | 33 kB |
URL GET HTTP/1.1218.28.19.226:8082/jQuery/jquery-1.8.0.min.js IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65480), with CRLF line terminators Hashcd8b0bffc85bb5614385ee4ce3596d07 359c6c1ed98081b9a69eb3513b9deced59c957f9 d73e2e1bff9c55b85284ff287cb20dc29ad9165ec09091a0597b61199f330805
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /jQuery/jquery-1.8.0.min.js HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Thu, 09 Aug 2012 21:11:23 GMT
ETag: "1698c-4c6dbab6c94c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33067
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 218.28.19.226:8082/cogs/images/background/0.png | 218.28.19.226 | 404 Not Found | 277 B |
URL GET HTTP/1.1218.28.19.226:8082/cogs/images/background/0.png IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typeHTML document, ASCII text Hash881ec32ee38eac56a29799ffa18aeef5 513a25d2801aba15ecf9eb28c81bbee789816ec4 b031cfc9c230d29f321e783b5bd7b264eb34599b509f066b7c3e99f8df00d523
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cogs/images/background/0.png HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 29 Mar 2024 09:10:38 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 277
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| 218.28.19.226:8082/cogs/style/syoi.png | 218.28.19.226 | 200 OK | 1.7 kB |
URL GET HTTP/1.1218.28.19.226:8082/cogs/style/syoi.png IP218.28.19.226:8082 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://218.28.19.226:8082/cogs/user/login.php
File typePNG image data, 44 x 47, 8-bit/color RGBA, non-interlaced Hash23cd5c6a33ecf7fe9dc991b6a99f950b b94b0e9174f3f29e587949bc1533bd2838ac09c4 89070fa75c4e8cef307587676b111660c68b885edf923a39901faa0f9b7be540
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cogs/style/syoi.png HTTP/1.1
Host: 218.28.19.226:8082
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://218.28.19.226:8082/cogs/user/login.php
Cookie: PHPSESSID=0184p545q7n4bu22bpnghtnm72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 09:10:38 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 31 Jan 2021 18:29:57 GMT
ETag: "672-5ba366ca05340"
Accept-Ranges: bytes
Content-Length: 1650
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-97-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-97-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-97-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-04-29-22-13-57.chain; p384ecdsa=L1rjIc1v2_zbIHG9mJPsrFIMZXVpgO2yHuYR5cqOX1AJbS9Mx10c6V5-Fn352mXeR8v04xNry3b4cuvRQQyjvHvxyilW636Deeimgq_WvzmMm3NqnU05r4-t2G6ovx6B
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 29 Mar 2024 09:08:35 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 140
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|