Report - 141.255.166.66/login

Report Overview

Submitted URL
141.255.166.66/login
IP
141.255.166.66
ASN
#51852 Private Layer INC
Submitted
2024-05-08 12:54:55
Access
public
Website Title
Loader
Final URL
141.255.166.66/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
141.255.166.66	unknown	unknown	2016-03-05	2024-03-20	4.7 kB	121 kB	141.255.166.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	141.255.166.66	Sinkholed
2024-05-08	medium	141.255.166.66	Sinkholed
2024-05-08	medium	141.255.166.66	Sinkholed
2024-05-08	medium	141.255.166.66	Sinkholed
2024-05-08	medium	141.255.166.66	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	141.255.166.66/js/bootstrap.bundle.min.js	79 kB	2023-03-07	2024-05-19
Pretty URL 141.255.166.66/js/bootstrap.bundle.min.js IP 141.255.166.66 ASN #51852 Private Layer INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:37 Last Seen2024-05-19 20:10:25 Times Seen27254 Hash 0aa8d64e726c4a57adb5c88f9115996b 901169527507ff9e662cf64d8e361f359308970d 7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe Loading...

	141.255.166.66/livewire/livewire.js?id=6b5eb707	327 kB	2024-05-08	2024-05-08
Pretty URL 141.255.166.66/livewire/livewire.js?id=6b5eb707 IP 141.255.166.66 ASN #51852 Private Layer INC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 14:55:01 Last Seen2024-05-08 14:55:01 Times Seen2 Hash 88e149e8a52cbc679d571bb1d73e5ea8 5889aa310f71e46cd34712ad9b203381e11a7c20 a23237b3d3819035ea72b57b1c41b94ae5507ab4e03156eec8975df9ec671537 Loading...

HTTP Transactions (5)

URL IP Response Size

141.255.166.66/login

141.255.166.66

200 OK

696 B

URL User Request GET HTTP/1.1
141.255.166.66/login
IP
141.255.166.66:80
ASN
#51852 Private Layer INC

File type
HTML document, ASCII text
Size
696 B (696 bytes)
Hash
3b97cef4018993958c57e42d563f9d34
51e02f51c1e695bf21b81efba58be5097da4da0c
ad0ad98c5a8319d3e9a3fd6ffd8e84fa4a28b8581b7a8bfc5199626fc0fc3611

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 141.255.166.66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:54:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImVuRS9MajdLcnRyR1N4eGdqK2p5eEE9PSIsInZhbHVlIjoiZGVDeXRmLysxQWdwbEJESE5GV2R4aGRPVTd2M0xRUjc0Z2RmSkI5YTRmbHRnb1JSWFEwNElCRlF6SGRha0Z6bDl3TWp4bjRXdU9rNXZocTBOa1c5dHZCczI3UUtDYlBWekFEQ0EzUGJid3IzQm5rbktJV2ZXbE5NOThXM1FNdTQiLCJtYWMiOiIxZGExZDdjYjJkMjIyMDEyOGUzZmVlYzBkY2M1YjNkMWUzMDRhOWIxMmEyYjcxYjc1MjAzMGE3ZGFkNzIxMTZiIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 14:54:30 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IlFYVFdyMW9NbzZvSmwvUnJBWThraEE9PSIsInZhbHVlIjoia1lnZ2FwbHh4THNJR3l0Zi9oTUdqRnJTZFVEWVpoYnFNRzFPd2Nya2RqUUhPOCtWRkVFdVFZa293WlJjd1dqcTIrazZzT2M0RWFNUkNDSjAxV2lQU2RtSmlXbjNVSG16S042RFBqREdmNG45aENjaERnNit2dGcvcVlvSHlaYnIiLCJtYWMiOiI0MWZlYzBhYTNiZTc4ZjgyZWQwYzliM2U4NWEzYzg2YWRiZGY0MWVjODc3MjlhYjc2NGYyZTExYjEzYWIyZDQ2IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 14:54:30 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

141.255.166.66/css/bootstrap.min.css

141.255.166.66

200 OK

23 kB

URL GET HTTP/1.1
141.255.166.66/css/bootstrap.min.css
IP
141.255.166.66:80
ASN
#51852 Private Layer INC

Requested by
http://141.255.166.66/login

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
23 kB (22983 bytes)
Hash
abe91756d18b7cd60871a2f47c1e8192
7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: 141.255.166.66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.255.166.66/login
Cookie: XSRF-TOKEN=eyJpdiI6ImVuRS9MajdLcnRyR1N4eGdqK2p5eEE9PSIsInZhbHVlIjoiZGVDeXRmLysxQWdwbEJESE5GV2R4aGRPVTd2M0xRUjc0Z2RmSkI5YTRmbHRnb1JSWFEwNElCRlF6SGRha0Z6bDl3TWp4bjRXdU9rNXZocTBOa1c5dHZCczI3UUtDYlBWekFEQ0EzUGJid3IzQm5rbktJV2ZXbE5NOThXM1FNdTQiLCJtYWMiOiIxZGExZDdjYjJkMjIyMDEyOGUzZmVlYzBkY2M1YjNkMWUzMDRhOWIxMmEyYjcxYjc1MjAzMGE3ZGFkNzIxMTZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFYVFdyMW9NbzZvSmwvUnJBWThraEE9PSIsInZhbHVlIjoia1lnZ2FwbHh4THNJR3l0Zi9oTUdqRnJTZFVEWVpoYnFNRzFPd2Nya2RqUUhPOCtWRkVFdVFZa293WlJjd1dqcTIrazZzT2M0RWFNUkNDSjAxV2lQU2RtSmlXbjNVSG16S042RFBqREdmNG45aENjaERnNit2dGcvcVlvSHlaYnIiLCJtYWMiOiI0MWZlYzBhYTNiZTc4ZjgyZWQwYzliM2U4NWEzYzg2YWRiZGY0MWVjODc3MjlhYjc2NGYyZTExYjEzYWIyZDQ2IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:54:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Fri, 01 Mar 2024 14:05:12 GMT
ETag: "260c5-61299dd4906ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22983
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

141.255.166.66/js/bootstrap.bundle.min.js

141.255.166.66

200 OK

22 kB

URL GET HTTP/1.1
141.255.166.66/js/bootstrap.bundle.min.js
IP
141.255.166.66:80
ASN
#51852 Private Layer INC

Requested by
http://141.255.166.66/login

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
22 kB (22447 bytes)
Hash
0aa8d64e726c4a57adb5c88f9115996b
901169527507ff9e662cf64d8e361f359308970d
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bootstrap.bundle.min.js HTTP/1.1
Host: 141.255.166.66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.255.166.66/login
Cookie: XSRF-TOKEN=eyJpdiI6ImVuRS9MajdLcnRyR1N4eGdqK2p5eEE9PSIsInZhbHVlIjoiZGVDeXRmLysxQWdwbEJESE5GV2R4aGRPVTd2M0xRUjc0Z2RmSkI5YTRmbHRnb1JSWFEwNElCRlF6SGRha0Z6bDl3TWp4bjRXdU9rNXZocTBOa1c5dHZCczI3UUtDYlBWekFEQ0EzUGJid3IzQm5rbktJV2ZXbE5NOThXM1FNdTQiLCJtYWMiOiIxZGExZDdjYjJkMjIyMDEyOGUzZmVlYzBkY2M1YjNkMWUzMDRhOWIxMmEyYjcxYjc1MjAzMGE3ZGFkNzIxMTZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFYVFdyMW9NbzZvSmwvUnJBWThraEE9PSIsInZhbHVlIjoia1lnZ2FwbHh4THNJR3l0Zi9oTUdqRnJTZFVEWVpoYnFNRzFPd2Nya2RqUUhPOCtWRkVFdVFZa293WlJjd1dqcTIrazZzT2M0RWFNUkNDSjAxV2lQU2RtSmlXbjNVSG16S042RFBqREdmNG45aENjaERnNit2dGcvcVlvSHlaYnIiLCJtYWMiOiI0MWZlYzBhYTNiZTc4ZjgyZWQwYzliM2U4NWEzYzg2YWRiZGY0MWVjODc3MjlhYjc2NGYyZTExYjEzYWIyZDQ2IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:54:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Fri, 01 Mar 2024 14:05:12 GMT
ETag: "13397-61299dd49164e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22447
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript

141.255.166.66/livewire/livewire.js?id=6b5eb707

141.255.166.66

200 OK

72 kB

URL GET HTTP/1.1
141.255.166.66/livewire/livewire.js?id=6b5eb707
IP
141.255.166.66:80
ASN
#51852 Private Layer INC

Requested by
http://141.255.166.66/login

File type
JavaScript source, ASCII text
Size
72 kB (72277 bytes)
Hash
88e149e8a52cbc679d571bb1d73e5ea8
5889aa310f71e46cd34712ad9b203381e11a7c20
a23237b3d3819035ea72b57b1c41b94ae5507ab4e03156eec8975df9ec671537

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /livewire/livewire.js?id=6b5eb707 HTTP/1.1
Host: 141.255.166.66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.255.166.66/login
Cookie: XSRF-TOKEN=eyJpdiI6ImVuRS9MajdLcnRyR1N4eGdqK2p5eEE9PSIsInZhbHVlIjoiZGVDeXRmLysxQWdwbEJESE5GV2R4aGRPVTd2M0xRUjc0Z2RmSkI5YTRmbHRnb1JSWFEwNElCRlF6SGRha0Z6bDl3TWp4bjRXdU9rNXZocTBOa1c5dHZCczI3UUtDYlBWekFEQ0EzUGJid3IzQm5rbktJV2ZXbE5NOThXM1FNdTQiLCJtYWMiOiIxZGExZDdjYjJkMjIyMDEyOGUzZmVlYzBkY2M1YjNkMWUzMDRhOWIxMmEyYjcxYjc1MjAzMGE3ZGFkNzIxMTZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFYVFdyMW9NbzZvSmwvUnJBWThraEE9PSIsInZhbHVlIjoia1lnZ2FwbHh4THNJR3l0Zi9oTUdqRnJTZFVEWVpoYnFNRzFPd2Nya2RqUUhPOCtWRkVFdVFZa293WlJjd1dqcTIrazZzT2M0RWFNUkNDSjAxV2lQU2RtSmlXbjNVSG16S042RFBqREdmNG45aENjaERnNit2dGcvcVlvSHlaYnIiLCJtYWMiOiI0MWZlYzBhYTNiZTc4ZjgyZWQwYzliM2U4NWEzYzg2YWRiZGY0MWVjODc3MjlhYjc2NGYyZTExYjEzYWIyZDQ2IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:54:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Expires: Thu, 08 May 2025 12:54:30 GMT
Cache-Control: max-age=31536000, public
Last-Modified: Tue, 20 Feb 2024 14:04:25 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

141.255.166.66/favicon.ico

141.255.166.66

200 OK

0 B

URL GET HTTP/1.1
141.255.166.66/favicon.ico
IP
141.255.166.66:80
ASN
#51852 Private Layer INC

Requested by
http://141.255.166.66/login

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 141.255.166.66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.255.166.66/login
Cookie: XSRF-TOKEN=eyJpdiI6ImVuRS9MajdLcnRyR1N4eGdqK2p5eEE9PSIsInZhbHVlIjoiZGVDeXRmLysxQWdwbEJESE5GV2R4aGRPVTd2M0xRUjc0Z2RmSkI5YTRmbHRnb1JSWFEwNElCRlF6SGRha0Z6bDl3TWp4bjRXdU9rNXZocTBOa1c5dHZCczI3UUtDYlBWekFEQ0EzUGJid3IzQm5rbktJV2ZXbE5NOThXM1FNdTQiLCJtYWMiOiIxZGExZDdjYjJkMjIyMDEyOGUzZmVlYzBkY2M1YjNkMWUzMDRhOWIxMmEyYjcxYjc1MjAzMGE3ZGFkNzIxMTZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFYVFdyMW9NbzZvSmwvUnJBWThraEE9PSIsInZhbHVlIjoia1lnZ2FwbHh4THNJR3l0Zi9oTUdqRnJTZFVEWVpoYnFNRzFPd2Nya2RqUUhPOCtWRkVFdVFZa293WlJjd1dqcTIrazZzT2M0RWFNUkNDSjAxV2lQU2RtSmlXbjNVSG16S042RFBqREdmNG45aENjaERnNit2dGcvcVlvSHlaYnIiLCJtYWMiOiI0MWZlYzBhYTNiZTc4ZjgyZWQwYzliM2U4NWEzYzg2YWRiZGY0MWVjODc3MjlhYjc2NGYyZTExYjEzYWIyZDQ2IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:54:31 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Fri, 01 Mar 2024 14:05:12 GMT
ETag: "0-61299dd4906ae"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by