12.208.22.196200 OK 4.3 kB URL User Request GET HTTP/1.1 IP 12.208.22.196:443
Certificate IssuerGoDaddy.com, Inc.
Subjectdmiaccess.com
FingerprintEA:E2:65:53:7D:66:4C:EF:D4:B2:ED:93:42:81:1E:11:53:BA:0D:83
ValidityWed, 10 Jan 2024 15:40:02 GMT - Sat, 25 Jan 2025 18:30:25 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash 5f4002ebde09ad700d2fa6518b9d518f
5fa4674f87db66a7f9633cf08d88e5fe67088f73
ae55159b782aeb47d7e189b261689c9c1a71377946bade2107d3542616a0b466
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php HTTP/1.1
Host: 12.208.22.196
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=hl8lj7h30lf92bson6pbbd0c22
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV", policyref="w3c/p3p.xml"
X-Powered-By: PHP/5.6.31, ASP.NET
Date: Thu, 28 Mar 2024 15:11:51 GMT
Content-Length: 4265
12.208.22.196/dmistyle.css
12.208.22.196200 OK 5.7 kB URL GET HTTP/1.1 12.208.22.196/dmistyle.css
IP 12.208.22.196:443
Requested by https://12.208.22.196/login.php
Certificate IssuerGoDaddy.com, Inc.
Subjectdmiaccess.com
FingerprintEA:E2:65:53:7D:66:4C:EF:D4:B2:ED:93:42:81:1E:11:53:BA:0D:83
ValidityWed, 10 Jan 2024 15:40:02 GMT - Sat, 25 Jan 2025 18:30:25 GMT
File type ASCII text, with CRLF line terminators
Hash a49960b98e250e29cba05ffc7488649a
19f05199f6db621bd6d79204359d889c7740f2b1
4fdce67b69d145c2d6ad4b602a669e273161b9aa7a98624637168859b41b88d2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /dmistyle.css HTTP/1.1
Host: 12.208.22.196
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12.208.22.196/login.php
Cookie: PHPSESSID=hl8lj7h30lf92bson6pbbd0c22
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 05 Dec 2018 16:12:33 GMT
Accept-Ranges: bytes
ETag: "802e3054b58cd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 28 Mar 2024 15:11:51 GMT
Content-Length: 5701
www.googletagmanager.com/gtm.js?id=GTM-M2WCJG
142.250.74.168200 OK 61 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-M2WCJG
IP 142.250.74.168:443
Requested by https://12.208.22.196/login.php
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintDE:42:E4:CC:E5:66:70:09:F3:E6:6E:57:B7:5E:22:0A:A3:03:C2:7C
ValidityMon, 26 Feb 2024 08:03:40 GMT - Mon, 20 May 2024 08:03:39 GMT
File type JavaScript source, ASCII text, with very long lines (2073)
Hash 984620cc62e4d726a6154c30fa7bb7eb
e5812cd790078b9ca3737c4ddcb6ac1a7020e302
8a8f43d16a7929dbeeaa531d8bceddc01b453a7a36a0946202c37be8af634032
GET /gtm.js?id=GTM-M2WCJG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12.208.22.196/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 28 Mar 2024 15:11:51 GMT
expires: Thu, 28 Mar 2024 15:11:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61007
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
12.208.22.196/images/LargeWindIcon.png
12.208.22.196200 OK 5.1 kB URL GET HTTP/1.1 12.208.22.196/images/LargeWindIcon.png
IP 12.208.22.196:443
Requested by https://12.208.22.196/login.php
Certificate IssuerGoDaddy.com, Inc.
Subjectdmiaccess.com
FingerprintEA:E2:65:53:7D:66:4C:EF:D4:B2:ED:93:42:81:1E:11:53:BA:0D:83
ValidityWed, 10 Jan 2024 15:40:02 GMT - Sat, 25 Jan 2025 18:30:25 GMT
File type PNG image data, 192 x 290, 8-bit colormap, non-interlaced
Hash 2b75ce4323fcf5d209d5f248b83b6302
d3a1d4b7997ced1f8337037cd3080f2dd5328ab2
43dd610b16263cff67093519eaf38b0a9a0981bfc5c2ae5cc362be3eb48bdb95
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/LargeWindIcon.png HTTP/1.1
Host: 12.208.22.196
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12.208.22.196/login.php
Cookie: PHPSESSID=hl8lj7h30lf92bson6pbbd0c22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 18 Feb 2013 18:36:54 GMT
Accept-Ranges: bytes
ETag: "0e774ec6ece1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 28 Mar 2024 15:11:51 GMT
Content-Length: 5130
12.208.22.196/images/LoginTitle.png
12.208.22.196200 OK 4.7 kB URL GET HTTP/1.1 12.208.22.196/images/LoginTitle.png
IP 12.208.22.196:443
Requested by https://12.208.22.196/login.php
Certificate IssuerGoDaddy.com, Inc.
Subjectdmiaccess.com
FingerprintEA:E2:65:53:7D:66:4C:EF:D4:B2:ED:93:42:81:1E:11:53:BA:0D:83
ValidityWed, 10 Jan 2024 15:40:02 GMT - Sat, 25 Jan 2025 18:30:25 GMT
File type PNG image data, 305 x 86, 8-bit/color RGB, non-interlaced
Hash a0c86d4d8247fc6498d52ed72ad5d3ce
7337965eb0a86c9d258c4656dd8bed8e0c784bc5
533dc3768bea62717569886f069fd5cfdf3bef50eaaa655fd98e38c0cea8a55c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/LoginTitle.png HTTP/1.1
Host: 12.208.22.196
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12.208.22.196/login.php
Cookie: PHPSESSID=hl8lj7h30lf92bson6pbbd0c22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 28 Aug 2014 15:02:52 GMT
Accept-Ranges: bytes
ETag: "949bee23d1c2cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 28 Mar 2024 15:11:51 GMT
Content-Length: 4716
12.208.22.196/favicon.ico
12.208.22.196404 Not Found 1.2 kB URL GET HTTP/1.1 12.208.22.196/favicon.ico
IP 12.208.22.196:443
Requested by https://12.208.22.196/login.php
Certificate IssuerGoDaddy.com, Inc.
Subjectdmiaccess.com
FingerprintEA:E2:65:53:7D:66:4C:EF:D4:B2:ED:93:42:81:1E:11:53:BA:0D:83
ValidityWed, 10 Jan 2024 15:40:02 GMT - Sat, 25 Jan 2025 18:30:25 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 12.208.22.196
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12.208.22.196/login.php
Cookie: PHPSESSID=hl8lj7h30lf92bson6pbbd0c22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 28 Mar 2024 15:11:51 GMT
Content-Length: 1245