Report - 3.0.51.136:7080/login.php

Report Overview

Visitedpublic

2024-09-04 17:52:04

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-03 18:12:24	1.3 kB	3.6 kB	23.36.76.226
3.0.51.136:7080	unknown	unknown	No data	No data	12 kB	372 kB	3.0.51.136
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-03 18:12:05	1.6 kB	4.4 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed
2024-09-04	medium	3.0.51.136	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	3.0.51.136:7080/res/js/lst-app.min.js	ScriptElement	13 kB	2024-09-19	2025-02-16
URL 3.0.51.136:7080/res/js/lst-app.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-09-19 Last Seen 2025-02-16 Times Seen 3 Size 13 kB (12553 bytes) MD5 660ae38cb6ade6eae2f9cd6308256340 SHA1 05962db217788826c2e48ab700c3dd422c8e19d3 SHA256 1c4e364603faee89e6cac3640ea57bede4fd5aea61680aa3d29dcf5456aa70fc Format Code Loading...

	3.0.51.136:7080/res/js/libs/jquery-2.2.4.min.js	ScriptElement	86 kB	2023-03-07	2025-08-02
URL 3.0.51.136:7080/res/js/libs/jquery-2.2.4.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 192107 Size 86 kB (85578 bytes) MD5 2f6b11a7e914718e0290410e85366fe9 SHA1 69bb69e25ca7d5ef0935317584e6153f3fd9a88c SHA256 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Format Code Loading...

	3.0.51.136:7080/res/js/app.config.min.js	ScriptElement	223 B	2024-09-19	2025-02-16
URL 3.0.51.136:7080/res/js/app.config.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-09-19 Last Seen 2025-02-16 Times Seen 3 Size 223 B (223 bytes) MD5 889b900e1e314f39d2ea9047b4c9f7a3 SHA1 b19ba3163c7290fd7b6355bebcee6a761967ed4f SHA256 37b206938fa68dac43893b3442e963472450e172de892256e70ed0632343c2e3 Format Code Loading...

	3.0.51.136:7080/res/js/bootstrap/bootstrap.min.js	ScriptElement	32 kB	2023-04-05	2025-07-02
URL 3.0.51.136:7080/res/js/bootstrap/bootstrap.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-05 Last Seen 2025-07-02 Times Seen 17 Size 32 kB (31689 bytes) MD5 131382d55adfd6b9dbd4a91b81f4c299 SHA1 9c32706dce883105b975d5d67b33fea811888ead SHA256 f51942ab29ce28f024d9ebeee7e3dd5e4b96fc39bfc8cdfb8271469addd25fd6 Format Code Loading...

	3.0.51.136:7080/res/js/notification/SmartNotification.min.js	ScriptElement	7.2 kB	2024-09-19	2025-02-16
URL 3.0.51.136:7080/res/js/notification/SmartNotification.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-09-19 Last Seen 2025-02-16 Times Seen 3 Size 7.2 kB (7189 bytes) MD5 a66f72369784a8800ffc2cb278fe41c7 SHA1 556ec162f45b1e1d322b93191bbd846b4f7142ff SHA256 d1e193cf274c4aa74bd00c9751069ac1c254213b48bf4f89aab1c4e2d5bdc71a Format Code Loading...

	3.0.51.136:7080/res/js/libs/jquery-ui-1.12.1.min.js	ScriptElement	254 kB	2023-03-07	2025-08-02
URL 3.0.51.136:7080/res/js/libs/jquery-ui-1.12.1.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 5928 Size 254 kB (253668 bytes) MD5 0a497d4661df7b82feee14332ce0bdaf SHA1 f77d06b0c5dedef1f1db051a44a2b0d7f233ba3a SHA256 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5 Format Code Loading...

	3.0.51.136:7080/res/js/plugin/msie-fix/jquery.mb.browser.min.js	ScriptElement	2.0 kB	2024-09-19	2025-02-16
URL 3.0.51.136:7080/res/js/plugin/msie-fix/jquery.mb.browser.min.js IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-09-19 Last Seen 2025-02-16 Times Seen 3 Size 2.0 kB (1972 bytes) MD5 6688566560d0a62f793ef04c5a91047f SHA1 54a2525f6350467839dea8ae49bd40542a365573 SHA256 43a63c7a654d673f192515d2ea5bdfb9c285bdbf7080ee21b2ef8198551a02e7 Format Code Loading...

	3.0.51.136:7080/login.php	ScriptElement	0 B	0001-01-01	2025-08-02
URL 3.0.51.136:7080/login.php IP / ASN 3.0.51.136 #16509 AMAZON-02 Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5606272 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

HTTP Transactions (30)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-03

Last Seen2024-09-19

Times Seen28107

Size504 B (504 bytes)

MD58d2e6150f7d0845dc26f5bd5cd6f28dd

SHA16aad5091620585a5f76065c1888456ee70b88257

SHA256ed538ea400323f4c987f91c0b0afc79a8526b62f7aa317dd62bd107cb37850a2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "ED538EA400323F4C987F91C0B0AFC79A8526B62F7AA317DD62BD107CB37850A2"
Last-Modified: Tue, 03 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15719
Expires: Wed, 04 Sep 2024 22:13:37 GMT
Date: Wed, 04 Sep 2024 17:51:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen35846

Size504 B (504 bytes)

MD566fbf7f95cb55f388373a20d4b1a736e

SHA1afc34259758a563362367848629ff7639982e1fb

SHA25641c00088afc20571f6a0c6998324d9517346256ac33696dc706192ec606fe7a7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "41C00088AFC20571F6A0C6998324D9517346256AC33696DC706192EC606FE7A7"
Last-Modified: Mon, 02 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13012
Expires: Wed, 04 Sep 2024 21:28:30 GMT
Date: Wed, 04 Sep 2024 17:51:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen16139

Size504 B (504 bytes)

MD53b182d2525d361002ced8590b8a9ce07

SHA112cd4e482375e47fdc8cde29fe98a6e3498260df

SHA25662ed97a3678824305419366056fd0bee73359522822ca42a16fabdcc3ad982be

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "62ED97A3678824305419366056FD0BEE73359522822CA42A16FABDCC3AD982BE"
Last-Modified: Mon, 02 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6405
Expires: Wed, 04 Sep 2024 19:38:23 GMT
Date: Wed, 04 Sep 2024 17:51:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-03

Last Seen2024-09-19

Times Seen14649

Size504 B (504 bytes)

MD5ddc456a9c96d929e15c05fe0f98b8768

SHA13eb86e0b169ada76e98ed62750b77a24e8b49eb4

SHA256f9496ce271a170952f322ae70a9da041e2a1e49a45fd2056f62a88358acadd09

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9496CE271A170952F322AE70A9DA041E2A1E49A45FD2056F62A88358ACADD09"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2802
Expires: Wed, 04 Sep 2024 18:38:20 GMT
Date: Wed, 04 Sep 2024 17:51:38 GMT
Connection: keep-alive

GET 3.0.51.136:7080/login.php

3.0.51.136

200 OK

0 B

URL

3.0.51.136:7080/login.php

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606272

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 301 Moved Permanently
Location: https://3.0.51.136:7080/login.php
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Server: LiteSpeed
Content-Length: 0
Connection: Close

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3130
Expires: Wed, 04 Sep 2024 18:43:50 GMT
Date: Wed, 04 Sep 2024 17:51:40 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3130
Expires: Wed, 04 Sep 2024 18:43:50 GMT
Date: Wed, 04 Sep 2024 17:51:40 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3130
Expires: Wed, 04 Sep 2024 18:43:50 GMT
Date: Wed, 04 Sep 2024 17:51:40 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3130
Expires: Wed, 04 Sep 2024 18:43:50 GMT
Date: Wed, 04 Sep 2024 17:51:40 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-02

Last Seen2024-09-19

Times Seen21388

Size504 B (504 bytes)

MD5c96a4972e341191f93e963880196f8e1

SHA18318aa6dcbdababe8728023ec9ef3aaac10917a9

SHA256dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A"
Last-Modified: Mon, 02 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3130
Expires: Wed, 04 Sep 2024 18:43:50 GMT
Date: Wed, 04 Sep 2024 17:51:40 GMT
Connection: keep-alive

GET 3.0.51.136:7080/login.php

3.0.51.136

200 OK

6.7 kB

URL

3.0.51.136:7080/login.php

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size6.7 kB (6746 bytes)

MD58ca59543b9a45fa2045b89b7578caa04

SHA1496dac9929a9775595199ef5e6325bdc978c1751

SHA256019d701cd3954af761cf095641513adce126c59b0076371a0ffc80af2d6ce2a5

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/5.6.40
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
referrer-policy: same-origin
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; path=/; secure; HttpOnly
litespeed_admin_lang=english; expires=Sat, 14-Sep-2024 17:51:42 GMT; Max-Age=864000; path=/; domain=3.0.51.136; secure; httponly
content-type: text/html; charset=UTF-8
content-length: 6746
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/css/bootstrap.min.css

3.0.51.136

200 OK

18 kB

URL

3.0.51.136:7080/res/css/bootstrap.min.css

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeASCII text, with very long lines (65318)

First Seen2023-07-28

Last Seen2025-07-02

Times Seen10

Size18 kB (17847 bytes)

MD581dfd187ed9d62fdb79aeed558256a8f

SHA1b3d59cacf62c7713a32df53e9c77de2647b13b33

SHA2560ef445319e544bb7d5908b9072cdb37ccddde1de09c8dca43506aa9423204f5b

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/css/bootstrap.min.css HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: text/css
content-length: 17847
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/css/font-awesome.min.css

3.0.51.136

200 OK

4.7 kB

URL

3.0.51.136:7080/res/css/font-awesome.min.css

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeASCII text, with very long lines (20576)

First Seen2024-06-23

Last Seen2025-07-08

Times Seen13

Size4.7 kB (4685 bytes)

MD57e0336394fbc59b8b8dde8c5ab2231da

SHA149f6cb7e14944e92ed312841a095d0a949b46c55

SHA256a1d3c8671edbd79ba6e95f3d815f15600a22fbf0ca8eeb12a5b68ffcea974adf

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/css/font-awesome.min.css HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: text/css
content-length: 4685
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/css/smartadmin-production.min.css

3.0.51.136

200 OK

66 kB

URL

3.0.51.136:7080/res/css/smartadmin-production.min.css

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeASCII text, with very long lines (53944)

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size66 kB (65571 bytes)

MD5ccb164450a2681b7e5e81a98369f873e

SHA1f6395ec20049f5aa555b13923bdaccacc9183823

SHA2569157e3718807359eb79e56110ed2313b86f8237a39223fe72fcf44aee59ef570

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/css/smartadmin-production.min.css HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: text/css
content-length: 65571
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/css/lst-webadmin.min.css

3.0.51.136

200 OK

3.3 kB

URL

3.0.51.136:7080/res/css/lst-webadmin.min.css

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeASCII text, with very long lines (12009)

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size3.3 kB (3253 bytes)

MD5771b2bce6a3c09c32b0a206418e9d806

SHA1ab53e6df82b790a9314aa1888d537d4f5734a985

SHA2569dc890a7f406ece476e9bfe0c9307d73c062d84be0d5c592427a1917adc24221

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/css/lst-webadmin.min.css HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: text/css
content-length: 3253
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/css/googlefonts.css

3.0.51.136

200 OK

356 B

URL

3.0.51.136:7080/res/css/googlefonts.css

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeASCII text

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size356 B (356 bytes)

MD58ab9303bac4c104bf7c0fc6dfa72ba42

SHA1026fa7296cd17522fe1acbb9289568abc03085d6

SHA2560cb91ec64cf95e7d91afbf95ff5ec09758bdf731f623566be48ded3206c9082e

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/css/googlefonts.css HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: text/css
content-length: 356
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/libs/jquery-2.2.4.min.js

3.0.51.136

200 OK

30 kB

URL

3.0.51.136:7080/res/js/libs/jquery-2.2.4.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32065)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen192107

Size30 kB (29855 bytes)

MD52f6b11a7e914718e0290410e85366fe9

SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/libs/jquery-2.2.4.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
content-length: 29855
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/libs/jquery-ui-1.12.1.min.js

3.0.51.136

200 OK

68 kB

URL

3.0.51.136:7080/res/js/libs/jquery-ui-1.12.1.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32073)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen5928

Size68 kB (68041 bytes)

MD50a497d4661df7b82feee14332ce0bdaf

SHA1f77d06b0c5dedef1f1db051a44a2b0d7f233ba3a

SHA25655accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/libs/jquery-ui-1.12.1.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
content-length: 68041
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/bootstrap/bootstrap.min.js

3.0.51.136

200 OK

8.5 kB

URL

3.0.51.136:7080/res/js/bootstrap/bootstrap.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (31689), with no line terminators

First Seen2023-04-05

Last Seen2025-07-02

Times Seen17

Size8.5 kB (8456 bytes)

MD5131382d55adfd6b9dbd4a91b81f4c299

SHA19c32706dce883105b975d5d67b33fea811888ead

SHA256f51942ab29ce28f024d9ebeee7e3dd5e4b96fc39bfc8cdfb8271469addd25fd6

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/bootstrap/bootstrap.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
content-length: 8456
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/notification/SmartNotification.min.js

3.0.51.136

200 OK

2.2 kB

URL

3.0.51.136:7080/res/js/notification/SmartNotification.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (7189), with no line terminators

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size2.2 kB (2161 bytes)

MD5a66f72369784a8800ffc2cb278fe41c7

SHA1556ec162f45b1e1d322b93191bbd846b4f7142ff

SHA256d1e193cf274c4aa74bd00c9751069ac1c254213b48bf4f89aab1c4e2d5bdc71a

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/notification/SmartNotification.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
content-length: 2161
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/plugin/msie-fix/jquery.mb.browser.min.js

3.0.51.136

200 OK

499 B

URL

3.0.51.136:7080/res/js/plugin/msie-fix/jquery.mb.browser.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeASCII text, with very long lines (1972), with no line terminators

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size499 B (499 bytes)

MD56688566560d0a62f793ef04c5a91047f

SHA154a2525f6350467839dea8ae49bd40542a365573

SHA25643a63c7a654d673f192515d2ea5bdfb9c285bdbf7080ee21b2ef8198551a02e7

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/plugin/msie-fix/jquery.mb.browser.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
content-length: 499
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/lst-app.min.js

3.0.51.136

200 OK

4.0 kB

URL

3.0.51.136:7080/res/js/lst-app.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeJavaScript source, ASCII text, with very long lines (12552)

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size4.0 kB (3965 bytes)

MD5660ae38cb6ade6eae2f9cd6308256340

SHA105962db217788826c2e48ab700c3dd422c8e19d3

SHA2561c4e364603faee89e6cac3640ea57bede4fd5aea61680aa3d29dcf5456aa70fc

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/lst-app.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
content-length: 3965
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/img/mybg.png

3.0.51.136

200 OK

2.8 kB

URL

3.0.51.136:7080/res/img/mybg.png

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typePNG image data, 165 x 94, 4-bit colormap, non-interlaced

First Seen2023-05-10

Last Seen2025-07-14

Times Seen54

Size2.8 kB (2841 bytes)

MD5bce450800e44a407218277f2d518a635

SHA120c004ed54dd84c62e93d3d0c24e48f7f120c7d6

SHA256de596377f6ec54f0ed72ea194719439be686b2d3171df9242bab4f4e0af9dcef

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/img/mybg.png HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3.0.51.136:7080/res/css/smartadmin-production.min.css
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:43 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: image/png
content-length: 2841
accept-ranges: bytes
date: Wed, 04 Sep 2024 17:51:43 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/img/product_logo.svg

3.0.51.136

200 OK

4.2 kB

URL

3.0.51.136:7080/res/img/product_logo.svg

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size4.2 kB (4220 bytes)

MD56d64d642256a4f47661d04213358f6ae

SHA1bcf77f37e4d9680d8240155e94893a83cdacbee8

SHA256e3612e8012507ea6bf7d5a11b0545430c9ee9be8650c75bbb9fea9bcfbdac24f

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/img/product_logo.svg HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:43 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: image/svg+xml
content-length: 4220
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:43 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/fonts/open-sans-v17-latin-regular.woff2

3.0.51.136

200 OK

14 kB

URL

3.0.51.136:7080/res/fonts/open-sans-v17-latin-regular.woff2

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 14380, version 1.0

First Seen2023-04-11

Last Seen2025-08-02

Times Seen13576

Size14 kB (14380 bytes)

MD533543c5cc5d88f5695dd08c87d280dfd

SHA1600db9374e47e4f73a59ccc0a99bcc42f4a3e02a

SHA2569c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/fonts/open-sans-v17-latin-regular.woff2 HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://3.0.51.136:7080/res/css/googlefonts.css
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:43 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: font/woff2
content-length: 14380
accept-ranges: bytes
date: Wed, 04 Sep 2024 17:51:43 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/fonts/open-sans-v17-latin-300.woff2

3.0.51.136

200 OK

15 kB

URL

3.0.51.136:7080/res/fonts/open-sans-v17-latin-300.woff2

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 14932, version 1.0

First Seen2023-04-06

Last Seen2025-08-01

Times Seen2476

Size15 kB (14932 bytes)

MD524f7b0944e9e03a905f9d7701573b2cd

SHA1c7a9a4c42d3d84f112940645abd416a59eb71c89

SHA256f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/fonts/open-sans-v17-latin-300.woff2 HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://3.0.51.136:7080/res/css/googlefonts.css
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:43 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: font/woff2
content-length: 14932
accept-ranges: bytes
date: Wed, 04 Sep 2024 17:51:43 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/fonts/fontawesome-webfont.woff?v=4.1.0

3.0.51.136

200 OK

84 kB

URL

3.0.51.136:7080/res/fonts/fontawesome-webfont.woff?v=4.1.0

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeWeb Open Font Format, TrueType, length 83760, version 1.0

First Seen2023-04-05

Last Seen2025-08-02

Times Seen3433

Size84 kB (83760 bytes)

MD5fdf491ce5ff5b2da02708cd0e9864719

SHA17f2f3c55c2de192387c351b995115f6b79e09173

SHA25666db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/fonts/fontawesome-webfont.woff?v=4.1.0 HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://3.0.51.136:7080/res/css/font-awesome.min.css
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/font-woff
content-length: 83760
accept-ranges: bytes
date: Wed, 04 Sep 2024 17:51:43 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/fonts/open-sans-v17-latin-regular.woff2

3.0.51.136

200 OK

14 kB

URL

3.0.51.136:7080/res/fonts/open-sans-v17-latin-regular.woff2

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 14380, version 1.0

First Seen2023-04-11

Last Seen2025-08-02

Times Seen13576

Size14 kB (14380 bytes)

MD533543c5cc5d88f5695dd08c87d280dfd

SHA1600db9374e47e4f73a59ccc0a99bcc42f4a3e02a

SHA2569c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/fonts/open-sans-v17-latin-regular.woff2 HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://3.0.51.136:7080/res/css/googlefonts.css
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:43 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: font/woff2
content-length: 14380
accept-ranges: bytes
date: Wed, 04 Sep 2024 17:51:43 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/js/app.config.min.js

3.0.51.136

200 OK

15 kB

URL

3.0.51.136:7080/res/js/app.config.min.js

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typegzip compressed data, from Unix

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size15 kB (15117 bytes)

MD57ccb5ee01c080e68b188551b2e9a0f2d

SHA15f3a284e2126dfa7cc60e56e6059c00956abef91

SHA256fc510f6f6f4b2842d7eb46226e0ef10a85e5b5331126e3ef0c82db377169131f

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/js/app.config.min.js HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:42 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: application/x-javascript
accept-ranges: bytes
date: Wed, 04 Sep 2024 17:51:42 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET 3.0.51.136:7080/res/img/favicon/favicon.ico

3.0.51.136

200 OK

811 B

URL

3.0.51.136:7080/res/img/favicon/favicon.ico

IP / ASN

3.0.51.136

#16509 AMAZON-02

Requested byhttps://3.0.51.136:7080/login.php

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2024-09-19

Last Seen2025-02-16

Times Seen3

Size811 B (811 bytes)

MD5af89068ffb9883f7d99bb25f75687ac7

SHA1ab3646fd120f8311a88cab6e27f2049f438771c2

SHA25655a03aec032b0cc296c477e301ef1d1ccb795d1a07e3fca2e2edaa375576f5b1

Certificate Info

IssuerCyberPanel

Subjectwww.example.com

Fingerprint4C:9F:62:C6:FA:B4:E0:C2:8E:C9:B9:49:F2:55:63:FB:45:71:3F:35

ValiditySat, 02 Dec 2023 13:16:31 GMT - Sun, 01 Mar 2026 13:16:31 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /res/img/favicon/favicon.ico HTTP/1.1
Host: 3.0.51.136:7080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.0.51.136:7080/login.php
DNT: 1
Connection: keep-alive
Cookie: LSUI37FE0C43B84483E0=ca8177cc9ccf5403ebb4b4eb1d3fa6f9; litespeed_admin_lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 11 Sep 2024 17:51:44 GMT
last-modified: Tue, 29 Aug 2023 18:56:59 GMT
content-type: image/x-icon
content-length: 811
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 04 Sep 2024 17:51:44 GMT
server: LiteSpeed
alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2