Report - 217.114.43.28/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll

Report Overview

Visited public
2023-12-16 05:13:17
Tags
URL
217.114.43.28/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll
Finishing URL
217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
IP / ASN
217.114.43.28
#210546 FLP Miglovets
Title
Войти | Админ-панель |

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
217.114.43.28	unknown	unknown	2022-04-24 09:59:33	2022-04-24 09:59:33	4.6 kB	56 kB	217.114.43.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-16 05:12:53	medium	Client IP	217.114.43.28	ET INFO Dotted Quad Host DLL Request
2023-12-16 05:12:53	medium	Client IP	217.114.43.28	ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
2023-12-16 05:12:53	medium	Client IP	217.114.43.28	ET INFO Dotted Quad Host DLL Request
2023-12-16 05:12:53	medium	Client IP	217.114.43.28	ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed
2023-12-16	medium	217.114.43.28	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	217.114.43.28/static/admin/js/nav_sidebar.js	ScriptElement	3.1 kB	2023-11-12	2025-05-18
Pretty URL 217.114.43.28/static/admin/js/nav_sidebar.js IP 217.114.43.28 ASN #210546 FLP Miglovets Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 06:58 Last Seen2025-05-18 20:02 Times Seen245 Hash 3b9190d420b144427a4d38346e7c6506 8a3be331bcacbe2ac993e850a7d8db081b88467a d71cd5f7947719aa90f79dec56690b22e649af314da0324c1c1ab041e3e9ebe4 Loading...

HTTP Transactions (9)

URL IP Response Size

217.114.43.28/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll

217.114.43.28

0 B

URL
217.114.43.28/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host DLL Request
suricata	medium	ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity

HTTP Headers

GET /mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll/login/?next=/mozglue.dll HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 16 Dec 2023 05:12:52 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/html; charset=utf-8
Location: /login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
Expires: Sat, 16 Dec 2023 05:12:52 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
X-Frame-Options: DENY
Content-Length: 0
Vary: Cookie
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin

217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll

217.114.43.28

2.7 kB

URL
217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document text - exported SGML document, Unicode text, UTF-8 text
Size
2.7 kB (2673 bytes)
Hash
4f734e7543406dc764fa36c18e05488c
b3f03d6ede5f0cc1e51d1a10fa3a449959dfc58e
4439d843df4a628133f20d8b4b26663d5303f2d7eca116d7678057a84376af7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host DLL Request
suricata	medium	ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity

HTTP Headers

GET /login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:52 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/html; charset=utf-8
Expires: Sat, 16 Dec 2023 05:12:52 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Cookie
X-Frame-Options: DENY
Content-Length: 2673
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Set-Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ; expires=Sat, 14 Dec 2024 05:12:52 GMT; Max-Age=31449600; Path=/; SameSite=Lax

217.114.43.28/static/admin/css/base.css

217.114.43.28

23 kB

URL
217.114.43.28/static/admin/css/base.css
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
ASCII text, with CRLF line terminators
Size
23 kB (22608 bytes)
Hash
85479e0aaa50a2c2a9105ef4075d39c2
c45f8a3577428d3563fc6cf89128c0dda046edad
781ef8c1c980155d1d4ba2eb5e6d6428271119653719826aa8f3894bc86b35f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/css/base.css HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/css
Content-Length: 22608
Content-Disposition: inline; filename="base.css"
Last-Modified: Mon, 31 Jul 2023 08:36:49 GMT

217.114.43.28/static/admin/css/nav_sidebar.css

217.114.43.28

2.8 kB

URL
217.114.43.28/static/admin/css/nav_sidebar.css
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
ASCII text
Size
2.8 kB (2810 bytes)
Hash
dd925738f4cc38c5a836c36163978e76
ba3f66ad2cedf6bd6095b1b7a011288dd2adc3c0
e309816f9b554f9fdf7273ff52d4b5ea36a5d108aa80e2aaff2cf5eb61ebfc2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/css/nav_sidebar.css HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/css
Content-Length: 2810
Content-Disposition: inline; filename="nav_sidebar.css"
Last-Modified: Fri, 08 Dec 2023 11:20:20 GMT

217.114.43.28/static/admin/js/nav_sidebar.js

217.114.43.28

3.1 kB

URL
217.114.43.28/static/admin/js/nav_sidebar.js
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
ASCII text
Size
3.1 kB (3063 bytes)
Hash
3b9190d420b144427a4d38346e7c6506
8a3be331bcacbe2ac993e850a7d8db081b88467a
d71cd5f7947719aa90f79dec56690b22e649af314da0324c1c1ab041e3e9ebe4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/js/nav_sidebar.js HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: application/javascript
Content-Length: 3063
Content-Disposition: inline; filename="nav_sidebar.js"
Last-Modified: Fri, 08 Dec 2023 11:20:20 GMT

217.114.43.28/static/admin/css/login.css

217.114.43.28

958 B

URL
217.114.43.28/static/admin/css/login.css
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
ASCII text
Size
958 B (958 bytes)
Hash
586129c60a93bae20284d1502b46e41e
7b553cfeaceedac9448045162006d1ec24081a28
05d02447ef9cc5de476570cd3c89efd9082cfdcdf4e6c3db3c272d9149009835

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/css/login.css HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/css
Content-Length: 958
Content-Disposition: inline; filename="login.css"
Last-Modified: Fri, 08 Dec 2023 11:20:20 GMT

217.114.43.28/static/admin/css/responsive.css

217.114.43.28

18 kB

URL
217.114.43.28/static/admin/css/responsive.css
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
ASCII text
Size
18 kB (17905 bytes)
Hash
eafb93ff084ce99dab9d6a2275509cc3
21c9a30eda71a253c79435652105893ff812ade7
c6caca3285e079f12c601e4088870f07918d2b27f9844eb8d3780dd3f38f8b3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/admin/css/responsive.css HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/css
Content-Length: 17905
Content-Disposition: inline; filename="responsive.css"
Last-Modified: Fri, 08 Dec 2023 11:20:20 GMT

217.114.43.28/favicon.ico

217.114.43.28

0 B

URL
217.114.43.28/favicon.ico
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/html; charset=utf-8
Location: /login/?next=/favicon.ico
Expires: Sat, 16 Dec 2023 05:12:53 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
X-Frame-Options: DENY
Content-Length: 0
Vary: Cookie
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin

217.114.43.28/login/?next=/favicon.ico

217.114.43.28

2.5 kB

URL
217.114.43.28/login/?next=/favicon.ico
IP
217.114.43.28:0
ASN
#210546 FLP Miglovets

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document text - exported SGML document, Unicode text, UTF-8 text
Size
2.5 kB (2511 bytes)
Hash
e2719ae7d9460f66bbee5f70b81a4c4a
9f8f04fcccc110ff1dfd0b33845f5e77c4386d5e
5838e4f765cd3a89879daf8b800839cbd5f2f459ebf24c42ed3fbf0c4aff2774

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/?next=/favicon.ico HTTP/1.1
Host: 217.114.43.28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://217.114.43.28/login/?next=/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll/login/%3Fnext%3D/mozglue.dll
DNT: 1
Connection: keep-alive
Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2023 05:12:53 GMT
Server: WSGIServer/0.2 CPython/3.11.7
Content-Type: text/html; charset=utf-8
Expires: Sat, 16 Dec 2023 05:12:53 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Cookie
X-Frame-Options: DENY
Content-Length: 2511
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Set-Cookie: csrftoken=2v6RAREoeuKEj9odqKv02iIFALVMFsOJ; expires=Sat, 14 Dec 2024 05:12:53 GMT; Max-Age=31449600; Path=/; SameSite=Lax

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN