Report - 188.75.128.201:8180/login

Report Overview

Visited public
2024-07-04 01:18:28
Tags
Submit Tags
URL
188.75.128.201:8180/login
Finishing URL
188.75.128.201:8180/login
IP / ASN
188.75.128.201
#196735 JON.CZ s.r.o.
Title
iCanteen - přihlášení uživatele

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-02 18:12:35	2.6 kB	7.1 kB	2.23.172.203
188.75.128.201:8180	unknown	unknown	No data	No data	6.0 kB	288 kB	188.75.128.201
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-02 18:16:25	2.0 kB	4.2 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-07-03 07:23:21	1.7 kB	105 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-07-03 09:24:12	483 B	29 kB	142.250.147.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed
2024-07-04	medium	188.75.128.201	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	188.75.128.201:8180/js/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-07-16
Pretty URL 188.75.128.201:8180/js/jquery-3.6.0.min.js IP 188.75.128.201 ASN #196735 JON.CZ s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 08:05 Times Seen244746 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	188.75.128.201:8180/js/jquery.browser.mobile.js	ScriptElement	2.4 kB	2023-09-21	2025-04-09
Pretty URL 188.75.128.201:8180/js/jquery.browser.mobile.js IP 188.75.128.201 ASN #196735 JON.CZ s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 11:34 Last Seen2025-04-09 01:05 Times Seen8 Hash ef962660aa5f45eeb510140c04bb06d9 3177b57d480e46a45343ada57239061b9e8c8688 94ec3ec5856af8a8296fbd054f078b07b5c79f2fbdd30cf1f5bebe21bf754843 Loading...

	188.75.128.201:8180/js/jquery.lighter.js	ScriptElement	8.2 kB	2023-09-21	2025-04-09
Pretty URL 188.75.128.201:8180/js/jquery.lighter.js IP 188.75.128.201 ASN #196735 JON.CZ s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 11:34 Last Seen2025-04-09 01:05 Times Seen6 Hash 2710403f0ae931affa832d64516ce950 2b6b269e14f116a4abd5188734372b19aedcb93f a7f35f36cc32754bf032fb99e76a2bfefa35d976cf5307e7d501fd4c5ca885a6 Loading...

	188.75.128.201:8180/login	ScriptElement	233 B	2024-07-04	2025-04-09
Pretty URL 188.75.128.201:8180/login IP 188.75.128.201 ASN #196735 JON.CZ s.r.o. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-04 03:18 Last Seen2025-04-09 01:05 Times Seen4 Hash 9b55cdad942a5fb7ebfe0729ea3dee7e 52d2e56da4829c32e37a9422b2570d944dd4fd4c 44c998aa35d773f5348daf44fda075bacba760765503d40a6d9b61c322d142ca Loading...

	188.75.128.201:8180/login	ScriptElement	2.8 kB	2024-07-04	2025-04-09
Pretty URL 188.75.128.201:8180/login IP 188.75.128.201 ASN #196735 JON.CZ s.r.o. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-04 03:18 Last Seen2025-04-09 01:05 Times Seen3 Hash 9c4d410b90cb534dde70267d4cdcf3a4 f5196fda45309bc37667af517d31c297d2735996 0a7f336d1279e46165fca31cef2b5a532caeafb80140a78a4f6e7d7e64db91ce Loading...

HTTP Transactions (31)

URL IP Response Size

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
957cd8e6bd774045d4cab550ce76f80a
d06d4246273e9ba4fba69494038c77f5c53aadb6
e4778c960b009c229dbb555ff7679b6d245d6f7111fd66fd5c514847b06acdbb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E4778C960B009C229DBB555FF7679B6D245D6F7111FD66FD5C514847B06ACDBB"
Last-Modified: Wed, 03 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20822
Expires: Thu, 04 Jul 2024 07:05:03 GMT
Date: Thu, 04 Jul 2024 01:18:01 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b8ee6ca153df6819132dd5d8a6ba5c76
0ed0f0f631777272bd71ba23719e71695c9d95e1
bdca7ce7bb6febd6a6afb56a828cf4422c1a8971524484e8128cafad8e6b3367

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BDCA7CE7BB6FEBD6A6AFB56A828CF4422C1A8971524484E8128CAFAD8E6B3367"
Last-Modified: Tue, 02 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7164
Expires: Thu, 04 Jul 2024 03:17:26 GMT
Date: Thu, 04 Jul 2024 01:18:02 GMT
Connection: keep-alive

GET 188.75.128.201:8180/login

188.75.128.201

200

2.7 kB

URL User Request GET HTTP/1.1
188.75.128.201:8180/login
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

File type
JavaScript source, Unicode text, UTF-8 text
Size
2.7 kB (2745 bytes)
Hash
793163517422677b221af720bbe75f02
60ff3955aaed88a9eb8051d91a59035eabd509b0
2ed15a69588a9d60f83a552b404341a1c5f8e3eb25635d4e542bd63e28131211

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; Path=/; HttpOnly
JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD; Path=/; HttpOnly
Cache-Control: max-age=0
Expires: Thu, 04 Jul 2024 01:18:02 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=utf-8
Content-Language: en
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 04 Jul 2024 01:18:02 GMT

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6809014b6f52128eea64522a888ef559
c5403c0900fff6604a4f58e3cd83a67d587c7ac2
c6035fcd2c47b60fecbb2f86f67249e4fe21736a75c6cf000f5e9212f88c154d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C6035FCD2C47B60FECBB2F86F67249E4FE21736A75C6CF000F5E9212F88C154D"
Last-Modified: Tue, 02 Jul 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10134
Expires: Thu, 04 Jul 2024 04:06:56 GMT
Date: Thu, 04 Jul 2024 01:18:02 GMT
Connection: keep-alive

GET 188.75.128.201:8180/css/style-2.19.08.css

188.75.128.201

200

5.2 kB

URL GET HTTP/1.1
188.75.128.201:8180/css/style-2.19.08.css
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
assembler source, ASCII text
Size
5.2 kB (5168 bytes)
Hash
eda22420e16bbb7958b8e21368c0d78f
f2648dc95e604ea30d99e7cc82f3273c28f73258
79202052acb2d75a1a1bf7f02b84b5cadacd7a656b47dec57b549ce8119d5744

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style-2.19.08.css HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"25880-1666206002000"
Last-Modified: Wed, 19 Oct 2022 19:00:02 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/css/ui.notify.css

188.75.128.201

200

993 B

URL GET HTTP/1.1
188.75.128.201:8180/css/ui.notify.css
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
ASCII text
Size
993 B (993 bytes)
Hash
0faccfe6fa1d01367e823f14512835df
cae29f93207bc84dbea990d4f19a9328f2d63940
75ec87a4551935992992c3ebf802073881d3202f06dc95ac2df1bd4d512124ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/ui.notify.css HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"993-1602486830000"
Last-Modified: Mon, 12 Oct 2020 07:13:50 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 993
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/js/jquery.lighter.js

188.75.128.201

200

8.2 kB

URL GET HTTP/1.1
188.75.128.201:8180/js/jquery.lighter.js
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
JavaScript source, ASCII text, with very long lines (305)
Size
8.2 kB (8181 bytes)
Hash
2710403f0ae931affa832d64516ce950
2b6b269e14f116a4abd5188734372b19aedcb93f
a7f35f36cc32754bf032fb99e76a2bfefa35d976cf5307e7d501fd4c5ca885a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.lighter.js HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"8181-1602486830000"
Last-Modified: Mon, 12 Oct 2020 07:13:50 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 8181
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/js/jquery.browser.mobile.js

188.75.128.201

200

2.4 kB

URL GET HTTP/1.1
188.75.128.201:8180/js/jquery.browser.mobile.js
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
JavaScript source, ASCII text, with very long lines (2065)
Size
2.4 kB (2399 bytes)
Hash
ef962660aa5f45eeb510140c04bb06d9
3177b57d480e46a45343ada57239061b9e8c8688
94ec3ec5856af8a8296fbd054f078b07b5c79f2fbdd30cf1f5bebe21bf754843

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.browser.mobile.js HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"2399-1602486830000"
Last-Modified: Mon, 12 Oct 2020 07:13:50 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 2399
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/css/jquery.lighter.css

188.75.128.201

200

677 B

URL GET HTTP/1.1
188.75.128.201:8180/css/jquery.lighter.css
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
ASCII text
Size
677 B (677 bytes)
Hash
0df5bd908c6fd3c740bbea29f3ce5cb5
7069c2c66f9900462c513d6ab22397ab55edfac7
26f770966f67f1341976ed865b1c927af5061f705a4fab2c0eb53c507d4ae879

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/jquery.lighter.css HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"2584-1602486830000"
Last-Modified: Mon, 12 Oct 2020 07:13:50 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/css/login-2.19.08.css

188.75.128.201

200

1.2 kB

URL GET HTTP/1.1
188.75.128.201:8180/css/login-2.19.08.css
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
ASCII text
Size
1.2 kB (1199 bytes)
Hash
c30f0110eb4d622e44f527238fef3464
c026f11f113a406a0a3ffdd7d1e51c11347c097f
d213d842c24a137c246b376318ec11cfa5263c9c428957c1120a7f0c02371d02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login-2.19.08.css HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"3877-1666206002000"
Last-Modified: Wed, 19 Oct 2022 19:00:02 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/css/smoothness/jquery-ui-1.13.1.custom.min.css

188.75.128.201

200

7.7 kB

URL GET HTTP/1.1
188.75.128.201:8180/css/smoothness/jquery-ui-1.13.1.custom.min.css
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
ASCII text, with very long lines (27252)
Size
7.7 kB (7669 bytes)
Hash
c0cd79e97f7772fdf3216433fbf67926
ce589b74efb279d31da7e187ec7bf2a0836a779f
cfc93bbcf1447728c0a4c1eb29d2f72d1d52c7fc3291804fada736b5d6892061

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/smoothness/jquery-ui-1.13.1.custom.min.css HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"56514-1650554220000"
Last-Modified: Thu, 21 Apr 2022 15:17:00 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/fontawesome/css/all.min.css

188.75.128.201

200

31 kB

URL GET HTTP/1.1
188.75.128.201:8180/fontawesome/css/all.min.css
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
ASCII text, with very long lines (65393)
Size
31 kB (31397 bytes)
Hash
0a4f9d4e59a60dc91ed451d57e4a8b80
a7c33d8d483b174de00b30013291cfba459e2015
2e78b2c4adeef4c10bd954936428ab24878df81f959339c8f83d5886cfe176f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fontawesome/css/all.min.css HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"163161-1643014098000"
Last-Modified: Mon, 24 Jan 2022 08:48:18 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 04 Jul 2024 01:18:02 GMT

GET 188.75.128.201:8180/js/jquery-3.6.0.min.js

188.75.128.201

200

90 kB

URL GET HTTP/1.1
188.75.128.201:8180/js/jquery-3.6.0.min.js
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-3.6.0.min.js HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"89501-1629481674000"
Last-Modified: Fri, 20 Aug 2021 17:47:54 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 89501
Date: Thu, 04 Jul 2024 01:18:02 GMT

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
436cf769ea83079c8ac8b8e88260e7ee
d86410230f347557da724437b775e6bc155ae226
febf837268fa8cdbcf8da16197a26b35c86eab322b109529dbd3cec4a1471eb3

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 04 Jul 2024 01:18:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET 188.75.128.201:8180/img/logo.png

188.75.128.201

200

9.7 kB

URL GET HTTP/1.1
188.75.128.201:8180/img/logo.png
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
PNG image data, 146 x 71, 8-bit/color RGBA, non-interlaced
Size
9.7 kB (9665 bytes)
Hash
17a062de767c17d3433d942c6c610c66
8369a3b612bf133b5f7d4606b7f986c6c3b1fa8d
209441a621bc6a7a3eafd7a95c9e8553f3ef1906efec298890773174b2d8474d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"9665-1602486830000"
Last-Modified: Mon, 12 Oct 2020 07:13:50 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:02 GMT
Content-Type: image/png;charset=UTF-8
Content-Length: 9665
Date: Thu, 04 Jul 2024 01:18:02 GMT

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
436cf769ea83079c8ac8b8e88260e7ee
d86410230f347557da724437b775e6bc155ae226
febf837268fa8cdbcf8da16197a26b35c86eab322b109529dbd3cec4a1471eb3

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 04 Jul 2024 01:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET 188.75.128.201:8180/fontawesome/webfonts/fa-solid-900.woff2

188.75.128.201

200

118 kB

URL GET HTTP/1.1
188.75.128.201:8180/fontawesome/webfonts/fa-solid-900.woff2
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
Web Open Font Format (Version 2), TrueType, length 117536, version 329.-17761
Size
118 kB (117536 bytes)
Hash
e57324a466c24a207fd9ad0f5f5e3c9c
2f9b04644e684a6bb1033e297cc474c57aa267f2
5538a328926c9517ffb8670fccce94f6137d58c21ff4b10ecd772abfa16a012b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/fontawesome/css/all.min.css
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"117536-1643014100000"
Last-Modified: Mon, 24 Jan 2022 08:48:20 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:03 GMT
Content-Type: font/woff2;charset=UTF-8
Content-Length: 117536
Date: Thu, 04 Jul 2024 01:18:03 GMT

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1164c1344e7d7d368f95feb668af7619
03dccb2d92300a520d66230f514d8b8194e073b2
99f108993818347312618cb54917380305d5b02cf17a58ae56163e21fe3edff7

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 04 Jul 2024 01:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://188.75.128.201:8180/login
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintC4:9C:27:09:1C:F7:14:C9:86:F0:B5:42:0B:8A:D2:AE:5E:AE:98:04
ValidityThu, 13 Jun 2024 16:31:03 GMT - Thu, 05 Sep 2024 16:31:02 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://188.75.128.201:8180
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 04 Jul 2024 01:17:20 GMT
expires: Fri, 04 Jul 2025 01:17:20 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 43
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7adb5d21cb7b127aded52edafaccc88c
0aa27f20343bfc61c12b9f6006a9400825de4aa1
1008cd5bad989f2471b6ab319d2534c45e767ed4680d00a494c291176b90a08e

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 04 Jul 2024 01:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1164c1344e7d7d368f95feb668af7619
03dccb2d92300a520d66230f514d8b8194e073b2
99f108993818347312618cb54917380305d5b02cf17a58ae56163e21fe3edff7

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 04 Jul 2024 01:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://188.75.128.201:8180/login
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintC4:9C:27:09:1C:F7:14:C9:86:F0:B5:42:0B:8A:D2:AE:5E:AE:98:04
ValidityThu, 13 Jun 2024 16:31:03 GMT - Thu, 05 Sep 2024 16:31:02 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19280, version 1.0
Size
19 kB (19280 bytes)
Hash
386fb59be54b2d819064af98e57cc226
9e2d14d736be97ec84bfca3513558450cd6e3249
b4855cc8ec721cbaf27f3c907345e101b1524858221c14faa79df34cb2f84991

HTTP Headers

GET /s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://188.75.128.201:8180
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19280
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Jun 2024 04:34:56 GMT
expires: Sun, 29 Jun 2025 04:34:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:02:23 GMT
content-type: font/woff2
age: 420187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://188.75.128.201:8180/login
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintC4:9C:27:09:1C:F7:14:C9:86:F0:B5:42:0B:8A:D2:AE:5E:AE:98:04
ValidityThu, 13 Jun 2024 16:31:03 GMT - Thu, 05 Sep 2024 16:31:02 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35328, version 1.0
Size
35 kB (35328 bytes)
Hash
7670dba29aa2a1560c5d711ea6f6b369
6a2a620d2972f139c804c5a8363c91eb1a7595f6
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://188.75.128.201:8180
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 Jul 2024 12:09:39 GMT
expires: Thu, 03 Jul 2025 12:09:39 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:00:45 GMT
content-type: font/woff2
age: 47304
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1164c1344e7d7d368f95feb668af7619
03dccb2d92300a520d66230f514d8b8194e073b2
99f108993818347312618cb54917380305d5b02cf17a58ae56163e21fe3edff7

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 04 Jul 2024 01:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET 188.75.128.201:8180/img/favicon.ico

188.75.128.201

200

4.3 kB

URL GET HTTP/1.1
188.75.128.201:8180/img/favicon.ico
IP
188.75.128.201:8180
ASN
#196735 JON.CZ s.r.o.

Requested by
http://188.75.128.201:8180/login

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
dc98f64b220cb24b39a1adf181bc83a7
2a807b6fe1ea971a33eb205d5ecc07824a69f8f9
4cb05d7b9ddc00817dde2ebc8e1b59ea68d280d40220219c652e2528c8b77777

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: 188.75.128.201:8180
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/login
Cookie: XSRF-TOKEN=557d08a3-f0c5-45bf-9306-29c3d2957b29; JSESSIONID=566312496D2EDD4DB22CB31AC238D7AD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
ETag: W/"4286-1602486830000"
Last-Modified: Mon, 12 Oct 2020 07:13:50 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Expires: Sat, 03 Aug 2024 01:18:03 GMT
Content-Type: image/x-icon;charset=UTF-8
Content-Length: 4286
Date: Thu, 04 Jul 2024 01:18:03 GMT

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13442
Expires: Thu, 04 Jul 2024 05:02:06 GMT
Date: Thu, 04 Jul 2024 01:18:04 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13442
Expires: Thu, 04 Jul 2024 05:02:06 GMT
Date: Thu, 04 Jul 2024 01:18:04 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13442
Expires: Thu, 04 Jul 2024 05:02:06 GMT
Date: Thu, 04 Jul 2024 01:18:04 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13442
Expires: Thu, 04 Jul 2024 05:02:06 GMT
Date: Thu, 04 Jul 2024 01:18:04 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13442
Expires: Thu, 04 Jul 2024 05:02:06 GMT
Date: Thu, 04 Jul 2024 01:18:04 GMT
Connection: keep-alive

GET fonts.googleapis.com/css?family=Open+Sans:400italic,400,600,700,300&subset=latin-ext,latin

142.250.147.95

200 OK

28 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400italic,400,600,700,300&subset=latin-ext,latin
IP
142.250.147.95:443
ASN
#15169 GOOGLE

Requested by
http://188.75.128.201:8180/login
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC7:12:52:3A:BD:E0:73:20:AD:A8:5F:DF:12:DB:C6:DE:AF:63:88:6B
ValidityThu, 13 Jun 2024 16:32:33 GMT - Thu, 05 Sep 2024 16:32:32 GMT

File type
ASCII text, with very long lines (1572)
Size
28 kB (28185 bytes)
Hash
01a2f28ca9049db66f8907e395ca5805
c98613c19e587c999b416211a8b0d81ccb987d50
d2e4537e92ee06780895bca5b7c31216e42b5bf36a2b79b67b63c129f2725c89

HTTP Headers

GET /css?family=Open+Sans:400italic,400,600,700,300&subset=latin-ext,latin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://188.75.128.201:8180/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 04 Jul 2024 01:18:02 GMT
date: Thu, 04 Jul 2024 01:18:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (31)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP