Report - 65.52.131.198/zetalents/hrms/login/index.php

Report Overview

Submitted URL
65.52.131.198/zetalents/hrms/login/index.php
IP
65.52.131.198
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-03-29 09:08:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
65.52.131.198	unknown	unknown	No data	No data	678 B	4.0 kB	65.52.131.198
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-03-28	511 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	65.52.131.198	Sinkholed
2024-03-29	medium	65.52.131.198	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

65.52.131.198/

65.52.131.198

609 B

URL
65.52.131.198/
IP
65.52.131.198:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with CRLF line terminators
Size
609 B (609 bytes)
Hash
242c23ea412530c7d94b77a7a978c176
6e8749068fd6b842992e554b4fea32f9089318ad
557b5e9015b4963a130c7039e077b3ec0306d401b6ee13d631721d5d969d2917

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 65.52.131.198
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 15:07:14 GMT
Accept-Ranges: bytes
ETag: "598794b5ad4d51:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 29 Mar 2024 12:05:57 GMT
Content-Length: 609

65.52.131.198/zetalents/hrms/login/index.php

65.52.131.198

887 B

URL User Request GET
65.52.131.198/zetalents/hrms/login/index.php
IP
65.52.131.198:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
887 B (887 bytes)
Hash
0912aff815eadda895baa00c704c40cd
1b59e8b32dbb1888e2b8453e2bc891f53109dade
1e6816811fb0e7804b5b8ed886be2830f3dc9a9ca32fa5d33253499952fdf974

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zetalents/hrms/login/index.php HTTP/1.1
Host: 65.52.131.198
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1256\r
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: ../login/index.php
Server: Microsoft-IIS/10.0
Set-Cookie: PHPSESSID=2ekrehcdnv56leok4obeajl7d3; path=/
PHPSESSID_ALT=loggedOut; expires=Thu, 04-Sep-2025 04:16:51 GMT; Max-Age=45245454; path=/; httponly
company_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
branch_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
login_name=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
login_type=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
loged_in=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
byme_emp=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
employee_code=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
employee_code_portal=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
__cfduid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
admin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
byme=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
login=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
login_type_w=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
memberUsername=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
login_type_hr=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
login_type_w_hr=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
portalMemberUsername=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
temp_key=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
zetalent_login_type=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
X-Powered-By: PHP/5.6.40, ASP.NET
Date: Fri, 29 Mar 2024 12:05:57 GMT
Content-Length: 887

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-97-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-97-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
4f9d064ed130f33c665f77eec7ecf535
166630ee21d6f9ea9be41eabefb4026796860d36
5d4ad4b241d28f5ae8f0ef5b2d1feb6337b27d51c09c9e87dcdc334ffcfc556f

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-97-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 09:08:35 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-04-29-22-13-57.chain; p384ecdsa=L1rjIc1v2_zbIHG9mJPsrFIMZXVpgO2yHuYR5cqOX1AJbS9Mx10c6V5-Fn352mXeR8v04xNry3b4cuvRQQyjvHvxyilW636Deeimgq_WvzmMm3NqnU05r4-t2G6ovx6B
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers