Report - 185.67.0.35/

Report Overview

Visited public
2025-04-22 06:24:31
Tags
Submit Tags
URL
185.67.0.35/
Finishing URL
185.67.0.35/
IP / ASN
185.67.0.35
#50673 Serverius Holding B.V.
Title
Авторизация

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
185.67.0.35	unknown	unknown	No data	No data	12 kB	731 kB	185.67.0.35
rtc-cloud-eu1.bitrix.info	885530	2002-11-14	2021-07-16	2025-04-20	788 B	181 B	46.137.97.175

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed
2025-04-22	medium	185.67.0.35	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	185.67.0.35/bitrix/js/main/core/core.min.js?1741869203225353	ScriptElement	1.0 kB	2025-04-09	2025-07-18
Pretty URL 185.67.0.35/bitrix/js/main/core/core.min.js?1741869203225353 IP 185.67.0.35 ASN #50673 Serverius Holding B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-09 03:33 Last Seen2025-07-18 04:50 Times Seen20 Hash 987c5501f748df1ef20ac9316bf7781a 8c61c0d1bbd7c82c77bad6d0885ef735b6c69829 98fa18b87e79bbb088717a0a6c225b09320a279adc457b6ff7aab38b7091c639 Loading...

HTTP Transactions (26)

URL IP Response Size

GET 185.67.0.35/

185.67.0.35

200 OK

17 kB

URL User Request GET
185.67.0.35/
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1049), with CRLF, LF line terminators
Size
17 kB (16632 bytes)
Hash
846474b288e694823b61e0a58bd1f5e6
4619290157608f8bb6fa01c1091de23bfe52be5e
2d4ef718233dc1b874fad0467e471202596267f12446b82715d84bfd26f77699

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (67de26b1a5291182a98b0f25d10fea05)
Set-Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; path=/; HttpOnly; SameSite=Lax
PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; path=/; HttpOnly; SameSite=Lax
X-Bitrix-Ajax-Status: Authorize
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/ui/fonts/montserrat/ui.font.montserrat.min.css?17378444642209

185.67.0.35

200 OK

2.2 kB

URL GET
185.67.0.35/bitrix/js/ui/fonts/montserrat/ui.font.montserrat.min.css?17378444642209
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (2209), with no line terminators
Size
2.2 kB (2209 bytes)
Hash
e63ce1c1f5ddfce02f61895705bf3761
ad2049a2f38b85b0413cb60df3907591cf71eec4
fc30ac3c5883044bea08dbd0f89f8a77d317139a29d260a9247a5a3338036b59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/ui/fonts/montserrat/ui.font.montserrat.min.css?17378444642209 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f0-8a1"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/pull/protobuf/model.min.js?173784446114190

185.67.0.35

200 OK

14 kB

URL GET
185.67.0.35/bitrix/js/pull/protobuf/model.min.js?173784446114190
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (14156)
Size
14 kB (14190 bytes)
Hash
5fdcebc0b20d80cc512ab992d236242c
2f81f88790665be76b5fb8640dea32997019333b
6c9b5de3c1416c5aec8d608287ac497758530c4f8228725bc33e49cbeee28382

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/pull/protobuf/model.min.js?173784446114190 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jan 2025 22:34:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566ed-376e"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/pull/client/pull.client.min.js?174470930949849

185.67.0.35

200 OK

50 kB

URL GET
185.67.0.35/bitrix/js/pull/client/pull.client.min.js?174470930949849
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (49671)
Size
50 kB (49849 bytes)
Hash
a06fccb40781b642836dced116074499
f53380f8d6a4ad6cf29cb7e211b5dc0a9ee57a6f
a33069f57a332f5bd162e24fcd38505c1b19d672c31f5783ada4741ddce24a9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/pull/client/pull.client.min.js?174470930949849 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Apr 2025 09:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67fe26bd-c2b9"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/ui/design-tokens/dist/ui.design-tokens.min.css?173784446523463

185.67.0.35

200 OK

24 kB

URL GET
185.67.0.35/bitrix/js/ui/design-tokens/dist/ui.design-tokens.min.css?173784446523463
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (23463), with no line terminators
Size
24 kB (23463 bytes)
Hash
6bd6f9ea8f0c54e08e3a12b977f1b720
c115c5cf987a3edc217f8e1ecfa0a59edcb4d85a
8909230ab0cbf3ec50721843f05a08256c6f3087b8cee954c2e921feed611f5a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/ui/design-tokens/dist/ui.design-tokens.min.css?173784446523463 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f1-5ba7"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/main/core/core.min.js?1741869203225353

185.67.0.35

200 OK

225 kB

URL GET
185.67.0.35/bitrix/js/main/core/core.min.js?1741869203225353
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (65418)
Size
225 kB (225353 bytes)
Hash
6b731d82e70a53967309a5f888bcb96a
3c455fe436afeaf2e9434e55e869a2b368370bdf
09af1a18facdd9e5b340a4e9a50a123bdd45641c3712f1ea12a4d032212f306a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/main/core/core.min.js?1741869203225353 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Thu, 13 Mar 2025 12:33:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67d2d093-37049"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/pull/protobuf/protobuf.min.js?173784446176433

185.67.0.35

200 OK

76 kB

URL GET
185.67.0.35/bitrix/js/pull/protobuf/protobuf.min.js?173784446176433
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76433 bytes)
Hash
cdf1137b813b709c10d31045d0037a6c
c3f513d708b64cd58cc9c6cac45b428c97297999
33bd1842b7778216197b870e8f3b4e387d9511905c04ea5a07934b3c614ef109

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/pull/protobuf/protobuf.min.js?173784446176433 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jan 2025 22:34:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566ed-12a91"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/main/popup/dist/main.popup.bundle.min.js?173784446765924

185.67.0.35

200 OK

66 kB

URL GET
185.67.0.35/bitrix/js/main/popup/dist/main.popup.bundle.min.js?173784446765924
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65924 bytes)
Hash
2d9c9534de18e58e9bd4815bc5e88463
519981d06c8e5a1da79186ad117e08f63912cb2a
c86a3cb904a84abb431356c44fadfa6c5a4795303fb07fc4b48a8f49d7b34f10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/main/popup/dist/main.popup.bundle.min.js?173784446765924 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jan 2025 22:34:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f3-10184"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/templates/login/images/bg_clouds_3.png

185.67.0.35

200 OK

8.6 kB

URL GET
185.67.0.35/bitrix/templates/login/images/bg_clouds_3.png
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
PNG image data, 1272 x 284, 8-bit/color RGBA, non-interlaced
Size
8.6 kB (8574 bytes)
Hash
c72797137547c3642d2409aac17a613e
6aee0c23674b814de50ae0c6b54a1a6b394fb88f
c4bebae38085c9bfc08b09c0f5b07ac259d372bd065b9eb3cc05d93485d0e245

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/templates/login/images/bg_clouds_3.png HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/bitrix/cache/css/s1/login/template_453ca51e61f3afb6555f1a5672be95b0/template_453ca51e61f3afb6555f1a5672be95b0_v1.css?174525476849217
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; BITRIX_SM_TZ=UTC
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:11 GMT
Content-Type: image/png
Content-Length: 8574
Last-Modified: Sat, 25 Jan 2025 22:35:27 GMT
Connection: keep-alive
ETag: "6795672f-217e"
Expires: Thu, 22 May 2025 06:24:11 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

POST 185.67.0.35/bitrix/tools/conversion/ajax_counter.php

185.67.0.35

200 OK

2 B

URL POST
185.67.0.35/bitrix/tools/conversion/ajax_counter.php
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /bitrix/tools/conversion/ajax_counter.php HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 64
Origin: http://185.67.0.35
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; BITRIX_SM_TZ=UTC
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (67de26b1a5291182a98b0f25d10fea05)
Set-Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; path=/; HttpOnly; SameSite=Lax
BITRIX_CONVERSION_CONTEXT_s1=%7B%22ID%22%3A13%2C%22EXPIRE%22%3A1745355540%2C%22UNIQUE%22%3A%5B%22conversion_visit_day%22%5D%7D; expires=Wed, 22 Apr 2026 06:24:11 GMT; Max-Age=31536000; path=/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

GET 185.67.0.35/favicon.ico

185.67.0.35

200 OK

1.2 kB

URL GET
185.67.0.35/favicon.ico
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
bed0edf6f65cda54327539c32abdb7d9
b90fd29ab1348c11b92c85a2cb6915725b0c1e14
0b8c96b93af5e1ceb6007b363e1f726e3aa5aab0563a9a2e7753356ea0c5bcdb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; BITRIX_SM_TZ=UTC; BITRIX_CONVERSION_CONTEXT_s1=%7B%22ID%22%3A13%2C%22EXPIRE%22%3A1745355540%2C%22UNIQUE%22%3A%5B%22conversion_visit_day%22%5D%7D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:11 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Sat, 25 Jan 2025 22:36:12 GMT
Connection: keep-alive
ETag: "6795675c-47e"
Expires: Thu, 22 May 2025 06:24:11 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

GET 185.67.0.35/

0.0.0.0

0 B

URL User Request GET
185.67.0.35/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET 185.67.0.35/bitrix/js/intranet/intranet-common.min.css?173784446161199

185.67.0.35

200 OK

61 kB

URL GET
185.67.0.35/bitrix/js/intranet/intranet-common.min.css?173784446161199
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (19394)
Size
61 kB (61199 bytes)
Hash
c58b59964f1efe8aec5fd6a01ab11701
2be7bff0e9f1e2df9aae399b1f73d2a28ef0992e
53a635376d76cb25dcda38d08ed5b7e1897f47abdf2ed1a54892d43d0f43ad51

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/intranet/intranet-common.min.css?173784446161199 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566ed-ef0f"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/intranet/design-tokens/bitrix24/bitrix24-design-tokens.min.css?17378444611467

185.67.0.35

200 OK

1.5 kB

URL GET
185.67.0.35/bitrix/js/intranet/design-tokens/bitrix24/bitrix24-design-tokens.min.css?17378444611467
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (1467), with no line terminators
Size
1.5 kB (1467 bytes)
Hash
44160f099a56298219ca37c452f5d1a8
7ff07d99448b481c364c32a411cce5f34f1f7bbb
95a4c11be57d915f3e67d6037e3a2e4afa21ced834958a0aee7ae5116d8fe33a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/intranet/design-tokens/bitrix24/bitrix24-design-tokens.min.css?17378444611467 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566ed-5bb"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/ui/fonts/opensans/ui.font.opensans.min.css?17378444642320

185.67.0.35

200 OK

2.3 kB

URL GET
185.67.0.35/bitrix/js/ui/fonts/opensans/ui.font.opensans.min.css?17378444642320
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (2320), with no line terminators
Size
2.3 kB (2320 bytes)
Hash
82527a21acaba47e5e9d367437d64428
54955d72d394cedb976520fd2ea5f65ecff43d18
47d42f9f412d0c8854bfed1c7b1b433eaf6df4d0d67e7619ee6c9cb7b0289c90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/ui/fonts/opensans/ui.font.opensans.min.css?17378444642320 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f0-910"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/main/loader/dist/loader.bundle.min.css?17378444672029

185.67.0.35

200 OK

2.0 kB

URL GET
185.67.0.35/bitrix/js/main/loader/dist/loader.bundle.min.css?17378444672029
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (2029), with no line terminators
Size
2.0 kB (2029 bytes)
Hash
b64756feeca4fec27374c4ba68d01075
6a052267ea4f9d08b60ba36070b07507d0c6fc91
fb6bd2b886a375ec1b65cbaf5daa6e336092e7a994759b05d88ccd3ab00c1b6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/main/loader/dist/loader.bundle.min.css?17378444672029 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f3-7ed"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/rest/client/rest.client.min.js?17378444619240

185.67.0.35

200 OK

9.2 kB

URL GET
185.67.0.35/bitrix/js/rest/client/rest.client.min.js?17378444619240
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (9200)
Size
9.2 kB (9240 bytes)
Hash
65cb55d65bce0121b37c3f756db51f45
a73f2b03323c0dfcce8bddcbb7c0c0d51dcb46d4
5091a00509b006388997b171d01e78296119e41fe88889dfb50f9611bdb17804

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/rest/client/rest.client.min.js?17378444619240 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jan 2025 22:34:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566ed-2418"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/cache/js/s1/login/template_f56e268f35950cfc59cf87250af83d35/template_f56e268f35950cfc59cf87250af83d35_v1.js?17452547682387

185.67.0.35

200 OK

2.4 kB

URL GET
185.67.0.35/bitrix/cache/js/s1/login/template_f56e268f35950cfc59cf87250af83d35/template_f56e268f35950cfc59cf87250af83d35_v1.js?17452547682387
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
2.4 kB (2387 bytes)
Hash
5785fa32e1280c43e01cbbcb38155b5c
feec4faa7bd62587704139446fe4fa2d98ae22bd
f8437f784bdbb657fcd28a05a25e38536461c022ab06932d9c689816550bc811

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/cache/js/s1/login/template_f56e268f35950cfc59cf87250af83d35/template_f56e268f35950cfc59cf87250af83d35_v1.js?17452547682387 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Mon, 21 Apr 2025 16:59:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"68067970-953"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/main/loader/dist/loader.bundle.min.js?17378444674392

185.67.0.35

200 OK

4.4 kB

URL GET
185.67.0.35/bitrix/js/main/loader/dist/loader.bundle.min.js?17378444674392
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (4350)
Size
4.4 kB (4392 bytes)
Hash
2a89bc148a05e945aaa75e5cec3e1dfd
87dd5b4aed67b3877c6e66ffbc7da9602451e024
26a6215d4a3cfeb563e05e23fd7a5cbdce1884aa6ed2e6276a5e61a4c9a3cb61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/main/loader/dist/loader.bundle.min.js?17378444674392 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jan 2025 22:34:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f3-1128"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/templates/login/images/ld_blue.gif

185.67.0.35

200 OK

14 kB

URL GET
185.67.0.35/bitrix/templates/login/images/ld_blue.gif
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
GIF image data, version 89a, 64 x 64
Size
14 kB (13968 bytes)
Hash
da96772c9cfeb7f7b442c81cabea06d0
137d81204de775577d030ffefcaf2af23cdcf638
f7f6df287dd738653e33f839392afb4263a9d7e1a173ae7a6de37fd630e0e651

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/templates/login/images/ld_blue.gif HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/bitrix/cache/css/s1/login/template_453ca51e61f3afb6555f1a5672be95b0/template_453ca51e61f3afb6555f1a5672be95b0_v1.css?174525476849217
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; BITRIX_SM_TZ=UTC
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:11 GMT
Content-Type: image/gif
Content-Length: 13968
Last-Modified: Sat, 25 Jan 2025 22:35:27 GMT
Connection: keep-alive
ETag: "6795672f-3690"
Expires: Thu, 22 May 2025 06:24:11 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

GET wss://rtc-cloud-eu1.bitrix.info/subws/?CHANNEL_ID=7b2ee25c082b03ac811971bb529bb49e%3Ad98492585f93080e87f8d34b97c86b92.295aa817a85e2a34985a8bce554be4821c5cf0ee&binaryMode=true&clientId=67de26b1a5291182a98b0f25d10fea05&hostname=asgard.bifrost.services&revision=19

46.137.97.175

101 Switching Protocols

0 B

URL GET
wss://rtc-cloud-eu1.bitrix.info/subws/?CHANNEL_ID=7b2ee25c082b03ac811971bb529bb49e%3Ad98492585f93080e87f8d34b97c86b92.295aa817a85e2a34985a8bce554be4821c5cf0ee&binaryMode=true&clientId=67de26b1a5291182a98b0f25d10fea05&hostname=asgard.bifrost.services&revision=19
IP
46.137.97.175:443
ASN
#16509 AMAZON-02

Requested by
http://185.67.0.35/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.bitrix.info
FingerprintCD:2A:2C:A0:DC:71:67:6B:F4:EA:C2:C3:10:FF:87:9D:A6:17:51:1B
ValidityThu, 20 Mar 2025 13:00:42 GMT - Tue, 14 Apr 2026 08:48:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /subws/?CHANNEL_ID=7b2ee25c082b03ac811971bb529bb49e%3Ad98492585f93080e87f8d34b97c86b92.295aa817a85e2a34985a8bce554be4821c5cf0ee&binaryMode=true&clientId=67de26b1a5291182a98b0f25d10fea05&hostname=asgard.bifrost.services&revision=19 HTTP/1.1
Host: rtc-cloud-eu1.bitrix.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://185.67.0.35
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /fekwjQZZQYoyScDvupGuw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 22 Apr 2025 06:24:12 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: a2vBVuurDYhf4nxVBrFEyJ8smqQ=

GET 185.67.0.35/bitrix/js/main/popup/dist/main.popup.bundle.min.css?173784446726589

185.67.0.35

200 OK

27 kB

URL GET
185.67.0.35/bitrix/js/main/popup/dist/main.popup.bundle.min.css?173784446726589
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (13395)
Size
27 kB (26589 bytes)
Hash
d695833acde3147f224c9c9a0d1a4e4a
6d20b0c535926188e1f674b751f3051010ec0056
bccfe4a85938f41bd45a0b20d91de47274176a906076fa2c24b9a2596970bca2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/main/popup/dist/main.popup.bundle.min.css?173784446726589 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Sat, 25 Jan 2025 22:34:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f3-67dd"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/cache/css/s1/login/template_453ca51e61f3afb6555f1a5672be95b0/template_453ca51e61f3afb6555f1a5672be95b0_v1.css?174525476849217

185.67.0.35

200 OK

49 kB

URL GET
185.67.0.35/bitrix/cache/css/s1/login/template_453ca51e61f3afb6555f1a5672be95b0/template_453ca51e61f3afb6555f1a5672be95b0_v1.css?174525476849217
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
ASCII text, with very long lines (10968)
Size
49 kB (49217 bytes)
Hash
09134ee1c4d78546d512b29f6e30aa52
bbc790468628eb7712684239049b6e726a807baf
485d8c7e8bcc3790a127a91908a9425a2038e05e559df628b10ee4fd57830be1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/cache/css/s1/login/template_453ca51e61f3afb6555f1a5672be95b0/template_453ca51e61f3afb6555f1a5672be95b0_v1.css?174525476849217 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: text/css
Last-Modified: Mon, 21 Apr 2025 16:59:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"68067970-c041"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/cache/js/s1/login/kernel_main/kernel_main_v1.js?174525476810092

185.67.0.35

200 OK

10 kB

URL GET
185.67.0.35/bitrix/cache/js/s1/login/kernel_main/kernel_main_v1.js?174525476810092
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (9732)
Size
10 kB (10092 bytes)
Hash
62e8021404bf2f7bfeecc799830c43b5
44430d5a3c255b2ea02c93e027beed2aed613bc4
ea4a43846679a0afcfcc2a35a3f5dd5f522bc79ada27c5a44d82c0256d4baf51

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/cache/js/s1/login/kernel_main/kernel_main_v1.js?174525476810092 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Mon, 21 Apr 2025 16:59:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"68067970-276c"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/main/qrcode/qrcode.min.js?173784446720123

185.67.0.35

200 OK

20 kB

URL GET
185.67.0.35/bitrix/js/main/qrcode/qrcode.min.js?173784446720123
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
JavaScript source, ASCII text, with very long lines (20088)
Size
20 kB (20123 bytes)
Hash
235511fd2b26064c53dd7bc5940b0cc0
361cbcb14270821a0954c825fc027d615411bee3
612cd18b25cf315a85db049b43e674d6d97f2d12ef214c8ad2c0c4b4a2603421

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/main/qrcode/qrcode.min.js?173784446720123 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:10 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jan 2025 22:34:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"679566f3-4e9b"
Expires: Thu, 22 May 2025 06:24:10 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET 185.67.0.35/bitrix/js/ui/fonts/montserrat/montserrat-medium.woff2

185.67.0.35

200 OK

34 kB

URL GET
185.67.0.35/bitrix/js/ui/fonts/montserrat/montserrat-medium.woff2
IP
185.67.0.35:80
ASN
#50673 Serverius Holding B.V.

Requested by
http://185.67.0.35/

File type
Web Open Font Format (Version 2), TrueType, length 33780, version 1.0
Size
34 kB (33780 bytes)
Hash
2f8000ed713fd157f7a76e532a4c6e8b
23e25802b90b457b0e774676844c4b3a0622877e
c3a63e893dc47bea80aa6c86d67d87c25b341fe75adb2747ba7b64839dc0595b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bitrix/js/ui/fonts/montserrat/montserrat-medium.woff2 HTTP/1.1
Host: 185.67.0.35
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://185.67.0.35/bitrix/js/ui/fonts/montserrat/ui.font.montserrat.min.css?17378444642209
Cookie: PHPSESSID=4v2bt9dqgv2nt0skinq1se65tb; BITRIX_SM_TZ=UTC
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Apr 2025 06:24:11 GMT
Content-Type: font/woff2
Content-Length: 33780
Last-Modified: Sat, 25 Jan 2025 22:34:24 GMT
Connection: keep-alive
ETag: "679566f0-83f4"
Expires: Thu, 22 May 2025 06:24:11 GMT
Cache-Control: max-age=2592000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash