Report - 164.115.43.44/hospital/web/index.php

Report Overview

Visited public
2023-12-03 10:15:18
Tags
URL
164.115.43.44/hospital/web/index.php
Finishing URL
164.115.43.44/hospital/web/index.php
IP / ASN
164.115.43.44
#9835 Government Information Technology Services
Title
โรงพยาบาลประจักษ์ศิลปาคม อำเภอประจักษ์ศิลปาคม จังหวัดอุดรธานี

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

212

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-03 07:59:58	359 B	34 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.1 kB	33 kB	216.58.207.227
i.ytimg.com	109	2007-12-11	2012-10-03 19:11:04	2023-12-03 09:18:30	453 B	22 kB	172.217.21.182
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	453 B	16 kB	142.250.74.132
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	463 B	9.9 kB	142.250.74.170
code.ionicframework.com	14473	2013-09-02	2014-02-05 18:09:16	2023-12-03 02:24:20	1.0 kB	242 kB	104.26.7.173
www.jacklmoore.com	389467	2011-03-12	2012-08-19 19:14:35	2023-11-24 13:10:21	714 B	12 kB	185.199.109.153
164.115.43.44	unknown	unknown	No data	No data	66 kB	22 MB	164.115.43.44
www.youtube.com	90	2005-02-15	2013-04-13 09:43:20	2023-12-03 05:09:05	5.5 kB	1.1 MB	142.250.74.78
jnn-pa.googleapis.com	2640	2005-01-25	2021-11-16 07:12:21	2023-12-02 11:35:47	1.9 kB	35 kB	142.250.74.170
yt3.ggpht.com	203	2008-01-16	2014-01-15 17:55:17	2023-12-03 05:09:50	536 B	2.0 kB	142.250.74.161

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 10:14:57	high	164.115.43.44	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2023-12-03 10:15:06	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddns .net
2023-12-03 10:15:06	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.ddns .net

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed
2023-12-03	medium	164.115.43.44	Sinkholed

ThreatFox

No alerts detected

JavaScript (180)

	URL	From	Size	First Seen	Last Seen
	164.115.43.44/hospital/web/assets/18268b73/locale-all.js	ScriptElement	157 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/18268b73/locale-all.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash c819cee72b3107e50094e6f6cd6740bd 2a5b37d9df1bd8b86d8bfdea20b798a56fb73951 154d5b2db8b835cee08c1dba0215e6493215b3f4a62a8fd42069ce44128b7d3f Loading...

	164.115.43.44/ita66/plugins/jquery-ui/jquery-ui.min.js	ScriptElement	254 kB	2023-03-07	2025-05-08
Pretty URL 164.115.43.44/ita66/plugins/jquery-ui/jquery-ui.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19 Last Seen2025-05-08 11:41 Times Seen4313 Hash c15b1008dec3c8967ea657a7bb4baaec 78489e580adaef931e6e5b131dab556c397e4a1a 28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3 Loading...

	164.115.43.44/ita66/plugins/jqvmap/maps/jquery.vmap.usa.js	ScriptElement	48 kB	2023-03-07	2025-05-09
Pretty URL 164.115.43.44/ita66/plugins/jqvmap/maps/jquery.vmap.usa.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:55 Last Seen2025-05-09 03:34 Times Seen33 Hash 43e330fe0440c72344722238695dc793 9877bca1d7babc71d4068dbb6c57672ce850878a c6603cbe3c9ec566e4657a9f46f8c870f86c125fb6885a208549228a1c0acde8 Loading...

	164.115.43.44/ita66/plugins/daterangepicker/daterangepicker.js	ScriptElement	67 kB	2023-03-07	2025-04-29
Pretty URL 164.115.43.44/ita66/plugins/daterangepicker/daterangepicker.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-04-29 12:15 Times Seen18 Hash eea458a9a48a89094b8adf75a89dabce 8042e37aef14f4dee78e350bcf2ff961a54c0299 7071393d236d9c35f0904907d217b95e42453e2056a452aa06005bf5459df9d2 Loading...

	164.115.43.44/hospital/web/assets/18268b73/locale/th.js	ScriptElement	3.4 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/18268b73/locale/th.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 5295ce92d1baec69473c01327c4bfc2b bca7c5fac4bb6c7ef538a08c542998e52be14e56 63286a03664b26113424fb1262635d346687e18e989c3666eade85e16b3a8476 Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	108 B	2023-08-01	2025-05-09
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-01 01:42 Last Seen2025-05-09 09:30 Times Seen46185 Hash 6247dd5d2d787d98a0d5e4966146d550 51dcfa67e8318f689e1a4589a9def15c6f9a23bd cbb9ab7439a233ff75c44799819b7a7de5fdb18f4e30f0236430bc751530c211 Loading...

	164.115.43.44/hospital/web/assets/67ec78d7/js/material.js	ScriptElement	8.1 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/67ec78d7/js/material.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 6da18e6a568ff336aa156d2c428f1bab c2d9e6f547099efcff073cb13b29361d6bfa2f61 4d22e9c6b3af0002b21eac029df92f38462dbfcc44fc53bf438db5e8215f85cf Loading...

	www.jacklmoore.com/colorbox/jquery.colorbox.js	ScriptElement	29 kB	2023-03-07	2025-03-17
Pretty URL www.jacklmoore.com/colorbox/jquery.colorbox.js IP 185.199.109.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:55 Last Seen2025-03-17 04:25 Times Seen38 Hash 2769d3c25dc8edb989788823b8c81e57 21ac7e1924dc1c9c3c129f1786d1d153f43e3b92 598bb39a9e2ce06b0fd1fb3ee55ea21c955af996d7cb08598271f2689f79bd25 Loading...

	www.youtube.com/s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js	ScriptElement	329 kB	2023-11-29	2023-12-07
Pretty URL www.youtube.com/s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-29 21:13 Last Seen2023-12-07 21:39 Times Seen715 Hash 24cd2bdc1dd00086a1efbc664060bb49 064027f89f2e8f22be774e7468f7ae4ab79efcbc 4d453a47ad0d1b30a7292b6f712d8645db141ed6adea69b8e7d802f8022365fd Loading...

	164.115.43.44/hospital/web/js/index.js	ScriptElement	1.9 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/js/index.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 2a3de47589338c1dba911833b7cd3dfc e816e705b98200c6b665307e8bc7d5770e42ee47 c7dfeb11a399840c7544a035939acb8acfb41a6077cb0631d0120b27a0846f77 Loading...

	164.115.43.44/hospital/web/assets/37e49b9e/moment.js	ScriptElement	128 kB	2023-03-07	2025-02-26
Pretty URL 164.115.43.44/hospital/web/assets/37e49b9e/moment.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:39 Last Seen2025-02-26 18:04 Times Seen9 Hash 6173af690dc476b563deeaf02b4edb21 ce74f58c44a79e9da489d285e774a40c015ccb80 d0727f6592ef311fb92c444362ece347824a6dc7ca3b9d677462dec6f3cebc5c Loading...

	164.115.43.44/hospital/web/assets/67ec78d7/js/material.min.js	ScriptElement	4.4 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/67ec78d7/js/material.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash b0d91cc649d3974d2beb9c9102fcfc21 28172e701b8ed55133002053de300796f345ba16 7b97a3cb942f795484c27cf3e796f23fac5e5fedec431ad04156f407614fc796 Loading...

	www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/embed.js	ScriptElement	53 kB	2023-11-30	2023-12-07
Pretty URL www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/embed.js IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 05:51 Last Seen2023-12-07 21:39 Times Seen710 Hash 4b993df6aaec92ba17cc4d526ad2e4bd a0b696788d5d621280e4f642b4c66875d40870cb f21a803f0b7f63109cd608bfbe9769a3dc2e2a17c8e885826529d3981d15d313 Loading...

	164.115.43.44/hospital/web/assets/20653ae5/jquery.js	ScriptElement	267 kB	2023-03-10	2025-04-27
Pretty URL 164.115.43.44/hospital/web/assets/20653ae5/jquery.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:07 Last Seen2025-04-27 14:29 Times Seen20 Hash 30907cfce66ebfcca66785ed6fad9fa5 49ddeac2f7898effe25af2fa7ff1fd0d7ee9b5e2 30fc40baadcbcf1ff2e024739241f6fc8479a96145b5d975978831a123457e3c Loading...

	164.115.43.44/ita66/plugins/bootstrap/js/bootstrap.bundle.min.js	ScriptElement	79 kB	2023-03-07	2025-05-08
Pretty URL 164.115.43.44/ita66/plugins/bootstrap/js/bootstrap.bundle.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 06:28 Times Seen5191 Hash a454220fc07088bf1fdd19313b6bfd50 265a733cb7fbc481fd2510a659a85ad55c93c895 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c Loading...

	164.115.43.44/hospital/web/js/main.js	ScriptElement	1.6 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/js/main.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 8e7e5ce12eb2d9f12d98e09b16324091 c2749d9fb7f8f8a0105e777ed0f2dc343f0edaa1 ff1f238e900a136a871653debc0940d95c37b8c030fff8d3973fd9d6e878b5a6 Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	134 B	2023-03-07	2025-05-09
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen39863 Hash e18eb9d0972d240f1a5456179bb6523b 65255f106adcff2907a98e295a8e7a38fe2884c4 3d68db2b85d5a2915743399f09dc438963f0c50f68b02df05d47a372661603e8 Loading...

	164.115.43.44/hospital/web/assets/95decc00/js/kv-widgets.js	ScriptElement	1.1 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/95decc00/js/kv-widgets.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 09e47d15efbd5c3768e009c43abea69e d37eb493480584eb3aac71320f9f982ad55dc9a8 73f094731fe3b3a2d718db2a0ee0a6e757a6339dce3b898c33371bd327b8de8a Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js	ScriptElement	93 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:26 Times Seen10307 Hash e0e0559014b222245deb26b6ae8bd940 e2f3603e23711f6446f278a411d905623d65201e 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e Loading...

	164.115.43.44/hospital/web/index.php	ScriptElement	25 B	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/index.php IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 034b7f963577e58e29460eeaf5997918 9c428e330509ff71b5f7593e66fb7728908931ea d33090e96fbccf69d4dd4a13bdabc1a312c992c892f7e4312922a24f5a77a987 Loading...

	164.115.43.44/ita66/dist/js/adminlte.js	ScriptElement	54 kB	2023-04-26	2024-08-21
Pretty URL 164.115.43.44/ita66/dist/js/adminlte.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-26 13:11 Last Seen2024-08-21 05:41 Times Seen3 Hash e750c01aaf38601429c71425a9c6ff86 7d6cc88ca7bfd3317caffed152e1b5a810c0e2fd b85717aaa03eb27be84971065ea8cbe10b66f387384be208dc89cc99ee388e30 Loading...

	unknown	EventHandler	31 B	2023-07-22	2024-08-21
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2024-08-21 05:41 Times Seen3 Hash 2bba03658aaab7d2b28c8ca4609c9d25 37526049d762009f00f73f1018c1232b8f160330 7534ca521d2103b68e9b7b676e059756f0abe2cac6491f98b67ecea0d6f4d455 Loading...

	164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.js	ScriptElement	7.7 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 6d31aaed21e2967ae2455395ee9ba575 d71551e79413588e671ee809dd42ead6af770cd5 4518acecbc24a4b4d0e1f6e9844ee42ee4bfbb2db2bedfd94f4d39a12c22d86b Loading...

	164.115.43.44/ita66/plugins/chart.js/Chart.min.js	ScriptElement	173 kB	2023-04-26	2024-08-21
Pretty URL 164.115.43.44/ita66/plugins/chart.js/Chart.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-26 13:11 Last Seen2024-08-21 10:15 Times Seen5 Hash 5423897f58abad24d4ae62381db3417d 1445ca9d819381bbefaf4e1e21efbf3533ab7bcc 6485aa93c81317de6df661c89711cbe32718bb9d881d5703884f6be566ae3631 Loading...

	164.115.43.44/ita66/plugins/jquery-knob/jquery.knob.min.js	ScriptElement	11 kB	2023-03-07	2025-05-06
Pretty URL 164.115.43.44/ita66/plugins/jquery-knob/jquery.knob.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-05-06 12:50 Times Seen137 Hash e708020309de1747a08957f691324ac8 4df8f239f9a18fcdd446d2238e6c1b0e32ea52d5 db5e38abe34e33f5d4e99c52a914c9f0fd16fc2918eb35dcea65d8b78fa617db Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	2.1 kB	2023-10-25	2025-05-09
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-25 23:30 Last Seen2025-05-09 09:30 Times Seen37884 Hash e795f2b1b495c31028edb86cb4f4e7b5 d5d0d2d9e1538e5869ff9828d64664b94d6de653 02c0ff09b0683b8853beac78e1dd6a3af9a8e10691130f6e1ff99647756e541f Loading...

	164.115.43.44/ita66/plugins/jquery/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-09
Pretty URL 164.115.43.44/ita66/plugins/jquery/jquery.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:41 Times Seen68104 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	164.115.43.44/hospital/web/assets/18268b73/fullcalendar.js	ScriptElement	408 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/18268b73/fullcalendar.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash bdd64fd32601134416cfdef84d6c9397 5767b53f8ff10f8c291db6cf4872aa509d35b994 8197e401753792769d92f612f1d8a5ae956a16ab66c02ed882975550fa771264 Loading...

	164.115.43.44/hospital/web/assets/6456f1ce/js/bootstrap-tabs-x.js	ScriptElement	7.3 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/6456f1ce/js/bootstrap-tabs-x.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 91db0c3a9fb5dc2cab9fb8a39b81ff55 14a43b76106263d6376d1f705ce67d54ff7013a3 7b65757f5e6346549f639b13c5d778ec51ec7f4b2fca31aeb3739c62346090d0 Loading...

	164.115.43.44/ita66/	ScriptElement	298 B	2023-07-22	2024-08-21
Pretty URL 164.115.43.44/ita66/ IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-22 13:15 Last Seen2024-08-21 05:41 Times Seen3 Hash 2fef92c44b5a9d743ac96642d6a2eb1b 8561e470702814186373480b839fe4e1da4e4d6a a6c07036bc3a66c712c2d6344d877f743a590c146416d39672adf42b213cce7c Loading...

	164.115.43.44/ita66/plugins/moment/moment.min.js	ScriptElement	53 kB	2023-03-07	2025-05-08
Pretty URL 164.115.43.44/ita66/plugins/moment/moment.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-05-08 21:37 Times Seen1368 Hash 761502841c035afcf6a9bdc5d0a20d11 69ab16ba8ca68431ab59eff286c7ed1e520bca30 e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964 Loading...

	164.115.43.44/hospital/web/index.php	ScriptElement	175 B	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/index.php IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 67bd1dbcf634c9f071476aa50ecf7061 499b397d3029c7fe804886b12edf9a36f8622a03 6e3b4cc6ac16843c2a2b6c29c9b65a691fa1d0ce6ab6483f4fab695c724bff65 Loading...

	164.115.43.44/ita66/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js	ScriptElement	57 kB	2023-03-07	2025-05-08
Pretty URL 164.115.43.44/ita66/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:48 Last Seen2025-05-08 14:23 Times Seen409 Hash ac4d4d755b70ee1a00f7fc78cc85bc05 e6ce53ab1858b532c037334b512e010f0f093943 cf4a0a620eb188bab7c891aca7f2ec63d5f291bc1e4251e5e368c7bf65d3073e Loading...

	www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/remote.js	ScriptElement	119 kB	2023-11-30	2023-12-07
Pretty URL www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/remote.js IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 08:37 Last Seen2023-12-07 21:39 Times Seen637 Hash 63aa8296f70f3dcbf8b5df6faf8d46c3 2494976b44b1d3ec3b5825297e243679e7cca1dd 869da04350e0925de923dd2c39c41d18ba0625e3541bd5059ed5a611550552b6 Loading...

	164.115.43.44/ita66/	ScriptElement	44 B	2023-04-01	2025-04-30
Pretty URL 164.115.43.44/ita66/ IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:57 Last Seen2025-04-30 12:01 Times Seen16 Hash 1d0b96d16eead002194833b16eca5d96 65d0e98f07ff5db8e260141d2fa612514ac91acb c4d5a0f3c41df1a5578e0dacc58318e27108e3c84c2f469ec3fea7b6a686d863 Loading...

	164.115.43.44/ita66/dist/js/demo.js	ScriptElement	12 kB	2023-04-26	2024-08-21
Pretty URL 164.115.43.44/ita66/dist/js/demo.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-26 13:11 Last Seen2024-08-21 05:41 Times Seen3 Hash 736dc546c6354a9e89331b7bbcf44993 cd366f0aa3387b6fdea9d0ba8f2fb88075c00c4d 7156ea6e3afdcd4933b639699c18d0bfcd75ea842987da78fe867269022b95f1 Loading...

	164.115.43.44/hospital/web/assets/28b8f359/yii.js	ScriptElement	19 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/28b8f359/yii.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash d8f87356cfbe45f95773a4f3bfeddbc0 0e13159148a98c17704451fdac919ab24b428c68 13fe4f185430fe114aaa048304d741281159947bf23cc93a3a7d59fd5fc76a10 Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	83 kB	2024-08-20	2024-08-20
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:57 Last Seen2024-08-20 16:57 Times Seen1 Hash 1c7ded3d88a5a0c1ab4311fea8f29691 95613cd331fde3886ca8c525fedf6b8c77e2ce42 b5f6dc0918230117928bc84521b57a6e7ae80e2a4488a51da9f7c32a3595e0b9 Loading...

	164.115.43.44/hospital/web/assets/a5dfc11b/jquery-ui.js	ScriptElement	487 kB	2023-03-08	2025-05-07
Pretty URL 164.115.43.44/hospital/web/assets/a5dfc11b/jquery-ui.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:13 Last Seen2025-05-07 22:09 Times Seen56 Hash 43109e12e36805738ddf8deca737c53b cb6bc7d0b27bdf80a672b857bf6db0d41cc55995 37fbfc8e36798a479dd09027315d1de63f53d75aa169c97b7991ae9afbd249e4 Loading...

	164.115.43.44/ita66/plugins/jqvmap/jquery.vmap.min.js	ScriptElement	21 kB	2023-03-08	2025-04-30
Pretty URL 164.115.43.44/ita66/plugins/jqvmap/jquery.vmap.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:46 Last Seen2025-04-30 12:01 Times Seen48 Hash 935f68d33bdd88a1341647523f7813a2 2ea92021c03f2956158f67aa51f08fbdcf0fed38 4f1dd628138e379c385de592abd2dd881302e37cf6dd80a7a13cf95b83221a09 Loading...

	164.115.43.44/hospital/web/owl.carousel/owl-carousel/owl.carousel.min.js	ScriptElement	24 kB	2023-03-07	2025-05-09
Pretty URL 164.115.43.44/hospital/web/owl.carousel/owl-carousel/owl.carousel.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 07:28 Times Seen796 Hash 8c52f27fcac36c7667f8fb846e1e94d5 e5862559db659ffd530c91452d668c5e7b3f0f2d 6c1e31700f68d1666de6b0992e89d413434707718bf729a472404029845bdbad Loading...

	moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/lib/shim_messaging_helper.js		1.7 kB	2023-05-05	2025-05-09
Pretty URL moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/lib/shim_messaging_helper.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:33 Last Seen2025-05-09 09:30 Times Seen54724 Hash 865f01cbb34eb505834e826380d7dc2e c239ccc37191f1be78dfaa6bb3f1da5d314fdf9e 30ed6392b8de4590bd974a4a797ee0b12b382f2141738115bfd2d692cfa6ec17 Loading...

	164.115.43.44/hospital/web/index.php	ScriptElement	709 B	2023-09-27	2024-08-21
Pretty URL 164.115.43.44/hospital/web/index.php IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-27 11:55 Last Seen2024-08-21 05:41 Times Seen2 Hash 4d4e82654d1fab42ac334164ab672e86 b0431f2bdd54915da7225821344ed9f6de4e7cac 2b957ce8355df564e2954d174313a82bd75da78321ba57869671812394375380 Loading...

	164.115.43.44/hospital/web/assets/88a39f1e/js/jquery.scrollUp.js	ScriptElement	5.7 kB	2023-03-12	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/88a39f1e/js/jquery.scrollUp.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 16:24 Last Seen2025-01-31 00:21 Times Seen7 Hash 71ca06b14249a7812782cdf90338d622 e6393f86e69c8eeaceb647eac0281d0b94547510 9be1178fa12f1bcfeff76803f7daa29614036956bc444911e03357855e86772d Loading...

	www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/base.js	ScriptElement	2.5 MB	2023-11-30	2023-12-07
Pretty URL www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/base.js IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 05:51 Last Seen2023-12-07 21:39 Times Seen778 Hash 101fe6d09a2a65ba52bbafa55f73d316 46b1b5f64db74e841d0f606543980dea804707d8 ddc70bebc8a0e4ae5b13a5f8409693a3e88aa4b4415a75f632f11d0f0c423457 Loading...

	www.google.com/js/th/lYY52XQrUlH64Wh-f-QMzQSikq1nuSlNPE5Z4_DU2e4.js	ScriptElement	40 kB	2023-11-07	2023-12-04
Pretty URL www.google.com/js/th/lYY52XQrUlH64Wh-f-QMzQSikq1nuSlNPE5Z4_DU2e4.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-07 13:48 Last Seen2023-12-04 08:52 Times Seen1168 Hash 1e5f8b711886c56ac3b42b46e8a98b36 801b5154aa0c22d8cca350a48af2682456633fde 958639d9742b5251fae1687e7fe40ccd04a292ad67b9294d3c4e59e3f0d4d9ee Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	1.0 kB	2023-06-13	2025-05-09
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 01:22 Last Seen2025-05-09 09:30 Times Seen39870 Hash fe81353f0c3e106bb59598d92fd49a12 cd09955588a1d236a25a76d3f774418a829cb5c4 a366197fa3629365ab26195a99befce51c8f8ec90252df02e0b4cb44bd52d020 Loading...

	164.115.43.44/ita66/plugins/summernote/summernote-bs4.min.js	ScriptElement	128 kB	2023-03-12	2025-04-21
Pretty URL 164.115.43.44/ita66/plugins/summernote/summernote-bs4.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:17 Last Seen2025-04-21 12:03 Times Seen9 Hash e1828c10ba4dee962f9be1a7494789e6 3ca3382a49700536b989ccb2ccbd1ab655b814bb 8cf2b50019380ae16f4abdf5bf808b53b5fb5c2be2c594a2f1f4d30b0fedb2da Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	26 B	2023-03-07	2025-05-09
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen39857 Hash 173a08c5d6adc5c93611a599bcb2c717 735a7301e66ae2c3584357f7bf0bf09eefb62df0 271e6368679a21c3416e2a0325db33d6bc445d601c72a49914081b5efd0cdf3f Loading...

	164.115.43.44/hospital/web/index.php	ScriptElement	4.6 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/index.php IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 315528f2bf495fe5173c9493696e2eae 0189914defa455599dfa71e522826da541713f71 b5a4ca3496b76ab5d2244a4af6c47384b9e201db8f26ea6b9a0ec25aa633461b Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	74 B	2023-06-26	2025-05-03
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-26 22:06 Last Seen2025-05-03 16:42 Times Seen18840 Hash ccb754e8fcd1e8e893b7bed4939523ca 68a319410da1aef2fd70a8ebc458817aaecbfdd1 d84a8e7de97afc23d0e458cfb0adccb09dfc8ef4ed8b9a6159d8ceb091fe03f0 Loading...

	164.115.43.44/ita66/plugins/sparklines/sparkline.js	ScriptElement	7.2 kB	2023-03-07	2025-04-22
Pretty URL 164.115.43.44/ita66/plugins/sparklines/sparkline.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-04-22 12:15 Times Seen30 Hash 3ffd8341d66e61f94991e97394a0a6f9 e81642192dfcfbc2c44da63ed8821529bdbcb8cc 643753ec4cdd550d26401f2b1e45cabdb04341587a4ac28954909980b5a69de3 Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	13 B	2023-03-07	2025-05-09
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen39686 Hash d8fb965e7ead2924508e97e5326bd3b1 fae376d0cb54d4433b7bdc9aba04690cd6cb5d27 57bb660c2fdf4369ff8e37f99b26963dba87c120b80c443ff3d31e030ab3a0f5 Loading...

	www.youtube.com/embed/RSq66Sr9uac	ScriptElement	45 B	2023-11-30	2024-08-20
Pretty URL www.youtube.com/embed/RSq66Sr9uac IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-30 04:11 Last Seen2024-08-20 17:24 Times Seen67 Hash c47403786f4b6e76e42c1c1733dd62ba 9031881933df526054eef2cc7f36e72166de9f92 4767f5496604c29b86fb09e76704a4e897a8f36f550a03cff50e9c3c497371b7 Loading...

	164.115.43.44/hospital/web/assets/2b33065f/js/bootstrap.js	ScriptElement	72 kB	2023-03-07	2025-05-09
Pretty URL 164.115.43.44/hospital/web/assets/2b33065f/js/bootstrap.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19 Last Seen2025-05-09 02:30 Times Seen163 Hash 24276f268f56771dc4141e6b3d93a2aa 474b25cebd06d57a38090c6716d5dfaa5591baad d5fa375baaa8c2ae0f8a7a42b0ab21695a9ec04c68166ceb44118a6d27405449 Loading...

	connect.facebook.net/th_TH/sdk.js#xfbml=1&version=v2.8	ScriptElement	17 kB	2023-05-05	2025-05-09
Pretty URL connect.facebook.net/th_TH/sdk.js#xfbml=1&version=v2.8 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:33 Last Seen2025-05-09 08:49 Times Seen54124 Hash b938e0b835c600209bdaae9d8ccda6d7 d5ee79d277057e05f002a18381722b5eb75d3883 d1b95aeb57c3285042e1e24c00cc56a8560d16daf7ee5cdfd5c75296b21ac91b Loading...

	164.115.43.44/ita66/dist/js/pages/dashboard.js	ScriptElement	7.6 kB	2023-03-13	2024-08-21
Pretty URL 164.115.43.44/ita66/dist/js/pages/dashboard.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:25 Last Seen2024-08-21 05:41 Times Seen3 Hash 778ac038287811d827b6784b9b6bee41 76dbca6af5a10c7a0fe4081af5d3ea92512dbdf4 fed707524ce1241d055a02f61ef9332ac5d748972dfb77b12d9ba63fd80ff1fa Loading...

	164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.min.js	ScriptElement	2.8 kB	2023-07-22	2025-01-31
Pretty URL 164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 13:15 Last Seen2025-01-31 00:21 Times Seen4 Hash 0bceb1dfc9a6927c39bff3d76390a36a 6a6ebfbddd206c4a871b0f09ba879f38ae9bc068 8ad941b2cf8df4fe4b86a7480dde4b37bd6d8637d04f0ed05a32b8cb8ea631ca Loading...

	164.115.43.44/ita66/plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js	ScriptElement	42 kB	2023-03-14	2024-11-16
Pretty URL 164.115.43.44/ita66/plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js IP 164.115.43.44 ASN #9835 Government Information Technology Services Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 19:14 Last Seen2024-11-16 08:51 Times Seen12 Hash b9248cb54d63e2b173e6fafc3d1654c4 8d3d4c908db775e6e9dd658250f1e1ec3a80b81a 92d19fd35b64fd48bbd5b3d31dca62b260a164542fe5af298cf05037233c7749 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d1374737c426a42f776b4c8678644a17	253 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash d1374737c426a42f776b4c8678644a17 1013b22eff7b32db8cedd669664c14c7031a5d8f beaccd2eb66fe53a74d398c6f6250797fbd97882466939a4be1fcb214d832768 Loading...

	#2 Eval - 373633ec8af28e5afaf6e5f4fd87469b	2 B	2023-03-14 04:05	2025-04-01 14:39
Pretty Observations First Seen2023-03-14 04:05 Last Seen2025-04-01 14:39 Times Seen1471 Hash 373633ec8af28e5afaf6e5f4fd87469b a454492e42fd9810e577ebee548c7e59bd883bca 8833cb57eb821d629899ba0015aec1aa8efc7c2472f0590bedd1cebe28107cd6 Loading...

	#3 Eval - 13eea949a7e8df8bc9b7cd05adf3f6ce	145 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 13eea949a7e8df8bc9b7cd05adf3f6ce 27654372e1c08978ee8b1ef7ca62e73112172d88 d9f59a43cbb17e8182a38130cc29164778e9deafc856357e23e29b6e362ec003 Loading...

	#4 Eval - 4524a7f898b78a4494acb13590cc33a5	114 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 4524a7f898b78a4494acb13590cc33a5 95ef6b7cb4874aacd6530c5899648efa8ca7f810 a2c254a9c4a8130009fc7c7360a4ef11b8dc82f925b0ae2a6132ca746523e95b Loading...

	#5 Eval - 3f73848ff9cab1c56fb1c772c76997d9	186 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 3f73848ff9cab1c56fb1c772c76997d9 534134cff6c87463ae536bba24f6cd5ebe2fc006 2349b1354f3e220673b34b93b68b54139ed4a3718cf9acaab0a85d963b9914d9 Loading...

	#6 Eval - f92a21c2dd64470fefcb6e15e1c96927	70 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash f92a21c2dd64470fefcb6e15e1c96927 c0e0b14b14d977cb5677b48aad3e704e6b72b97b 65dd1d2e2af92538ee41a30e0543e6642ecb366559b8a6c9c4c0c8e7b40bdd85 Loading...

	#7 Eval - 1423f5ce268361f08ae5631318cebf11	94 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 1423f5ce268361f08ae5631318cebf11 80fb302fc9a9fb08fca975db6c198e630c26f4b9 c135f4db44926984c323ce6ce0ec5246cbe467b542e14b853087fdd2585fce52 Loading...

	#8 Eval - 4ad139244b2be11932aaaef03b3e149c	34 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1068 Hash 4ad139244b2be11932aaaef03b3e149c 1363eb1e48360cc01f053ff568f30cef760b66ef b4b37f36642b7fca1c032feef78bd782d543834c661b208ec028fbafee50572a Loading...

	#9 Eval - 72078cd4d1afc993a69865578c55e217	101 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 72078cd4d1afc993a69865578c55e217 13aed800127f3408c81e7100d00a55696071ff16 5e2d9075ff8ddb779018259bc5fa0ae9fbc2e48262bc60cccb190b4ea0365e80 Loading...

	#10 Eval - 05b8c74cbd96fbf2de4c1a352702fbf4	6 B	2023-03-07 01:02	2025-05-09 05:11
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 05:11 Times Seen60832 Hash 05b8c74cbd96fbf2de4c1a352702fbf4 320ad267d8d969f285eda5c184f5455bd29c8c95 44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba Loading...

	#11 Eval - 5b85d2a9335d88053252ec5cf1f59778	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 5b85d2a9335d88053252ec5cf1f59778 9ed065a68ed905e4906cce0341e377b9d3401b5d 9172012575af2ed3d65f154840dce9570e579cf024b6eb7619ab20939bbe26c0 Loading...

	#12 Eval - c2027d8d704da8ecb0c79c8be1b3af85	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash c2027d8d704da8ecb0c79c8be1b3af85 f190df8c27ffc546072fc19ad8ca7f24ce0181f0 241ded013cba5332b46f2caf28a49ef78310f480990de77f51cfa1670fd7a89e Loading...

	#13 Eval - fd43e6eb5bc8310d1610a6d5f370b8a1	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1172 Hash fd43e6eb5bc8310d1610a6d5f370b8a1 75e5d771561f571900b6ff742d5a0926765e4a4e 524c0cf019933937e7a269aebd14f2f4fe5ad9806a4147f21bd4d2667b20c497 Loading...

	#14 Eval - 4c62bc4fd3c4e105cb3fb62fb748d59c	203 B	2023-06-16 07:31	2025-05-09 03:04
Pretty Observations First Seen2023-06-16 07:31 Last Seen2025-05-09 03:04 Times Seen36899 Hash 4c62bc4fd3c4e105cb3fb62fb748d59c f6e2d1e74e35ec4c4740ba02e890b98bda11417f 9f4a6a370cd350425d8ac08047e7646116468672e99765ca198e6d463ee5286d Loading...

	#15 Eval - d1aac2c1669e64bbd37e54d08f6de26f	128 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash d1aac2c1669e64bbd37e54d08f6de26f 8051a9e3c1d96c91c250451fdf729b421e86c4ab 3112b9358c92aae0e652154623af8813397643ab4f51ce2ab418f76df641de75 Loading...

	#16 Eval - e480d2c4a9b80b2ce5d3ccd411a92216	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash e480d2c4a9b80b2ce5d3ccd411a92216 676d2552494791cfc87f00f9eb52749d7800c1aa 19bdfe0e261b20fc8bcce176c50d5a2e6f47bfbff152d380bdfadc4f02fccd39 Loading...

	#17 Eval - ff33f1b12213e021c2c4a888141953ba	2 B	2023-03-07 12:25	2024-11-24 18:00
Pretty Observations First Seen2023-03-07 12:25 Last Seen2024-11-24 18:00 Times Seen1306 Hash ff33f1b12213e021c2c4a888141953ba e0417928efb829deba056fc53babf67b9aab8d1a c75de8c1b7c3ae5252091267a736a9bf57001d80e82668b3cb3cd09e2f6a43cb Loading...

	#18 Eval - 1651982e1ef59fbc3e9db66dbe7759d5	2 B	2023-03-10 11:14	2025-04-10 05:44
Pretty Observations First Seen2023-03-10 11:14 Last Seen2025-04-10 05:44 Times Seen1368 Hash 1651982e1ef59fbc3e9db66dbe7759d5 0c221b9f489dfeffc42254a5e00bed663eef7ff3 0bb404b255c8235d6d5113cc3e49262a99c374b16f16cd6bf2380052b091c876 Loading...

	#19 Eval - 9ac2216e46efc369c5071c5354e35cbe	138 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 9ac2216e46efc369c5071c5354e35cbe 31ed9ffd5e3859c6b971c99db2c49aa994f3a6e3 624220c829ce4ef16e20faa66d6d0ffb779fc5e202fb0a183a784644809bba8c Loading...

	#20 Eval - 29d6804c8e813dda3eaa1d7f7e8aeff3	2 B	2023-03-26 10:23	2024-08-29 17:56
Pretty Observations First Seen2023-03-26 10:23 Last Seen2024-08-29 17:56 Times Seen1214 Hash 29d6804c8e813dda3eaa1d7f7e8aeff3 e82efebd1470e4323e34610ac576c0fb960f5970 a270ba425f03a58dbac8697cede66acbc6bb9353ae07dddefe94b0378e995655 Loading...

	#21 Eval - 258f49887ef8d14ac268c92b02503aaa	2 B	2023-04-01 11:01	2025-02-18 16:16
Pretty Observations First Seen2023-04-01 11:01 Last Seen2025-02-18 16:16 Times Seen1404 Hash 258f49887ef8d14ac268c92b02503aaa 2038bdec9210202d0d9d74839e3925ff0cd91ba1 55490a4bf3a8e8cb5eed69720293a700ff01ef7da2bfc749f332f626cb584916 Loading...

	#22 Eval - bc6a53554dfd8722ebdc82ae6b867fae	218 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash bc6a53554dfd8722ebdc82ae6b867fae e9ad55a66061d69f0784066b8d995d6225b01bd0 6ab303c49200201cdb5aa8d6f63a9be5131cfe5255cd484dd0575635d15b0742 Loading...

	#23 Eval - 730283a915b1e5b3a6fe194dc5e563d4	262 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 730283a915b1e5b3a6fe194dc5e563d4 141f0863a220202fd0d054b36c3fc2b8e13362e5 2b7c5f131e434e66e1789b6a1f92e72beec4793f9bbbde01477a552a99e8f998 Loading...

	#24 Eval - afffb04a1f2e8f0cc035cfe28bf455a8	131 B	2023-07-02 14:54	2024-08-22 11:17
Pretty Observations First Seen2023-07-02 14:54 Last Seen2024-08-22 11:17 Times Seen20347 Hash afffb04a1f2e8f0cc035cfe28bf455a8 920c52f3e931c79600ab73dca9d4baceaa721aa3 1224c72af04d20c26e9dea6a1295f8703ef495872d17d051e94ac95dab0cf66a Loading...

	#25 Eval - 9a28adb59d68218410bc2c4a0f573440	542 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 9a28adb59d68218410bc2c4a0f573440 6c79460ca29abeccda0d6c6a032316916f1a6e67 1da8456ed7a948eece52643d7195b8948cba069829909710c8ec6bbf23c3a8e9 Loading...

	#26 Eval - 784ee48bb53a17d152e0db840a149f10	355 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 784ee48bb53a17d152e0db840a149f10 7c92e2ae1dcd8c3b5615ac424e393dfb85208fdb 22c193067b968b6faf369e98eabf9ff1595e87a7cee462e087c246d4694eb992 Loading...

	#27 Eval - f0e976b756b6afe7f40bca206a2d7150	29 B	2023-03-07 01:02	2025-05-09 09:30
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen42461 Hash f0e976b756b6afe7f40bca206a2d7150 db9bee9a7bba93a60330ec5ef1334d9c164fcd56 029b84af88c5d6ced58173997a15fa47011e198e5449027d87e2f7b871f332c2 Loading...

	#28 Eval - 55a055409207a12d5937b243fd508bde	2 B	2023-03-07 01:02	2025-01-14 13:00
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-01-14 13:00 Times Seen1555 Hash 55a055409207a12d5937b243fd508bde d17bb082e04f08a5f47e5f92f26b8d0ba2b800de 6e314c4d6b87797d60858511e299d6a5931286a23b0b396620cca42cc19305d9 Loading...

	#29 Eval - a7c683352a65202c3e49119b87c6a4c1	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash a7c683352a65202c3e49119b87c6a4c1 0297f73fe4c4e991936a843d279905a420cbb916 4d5761942ec94c8890b1081ca0c0ee683e4d7f31a25d6e6d0a3d45b08f86567a Loading...

	#30 Eval - ecc6996aef3a1ead6fd56d7ccb0b9565	1.1 kB	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ecc6996aef3a1ead6fd56d7ccb0b9565 ea06009b1a1ccd3d17417f2da860e875de89ca4e b70cee8fadbc1784a8eca5c28bf0a27f084c7e47ac0abdf6438bf7b5c7275159 Loading...

	#31 Eval - 996fa50c0a755806e9650127e6624789	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 996fa50c0a755806e9650127e6624789 3a6fea018a8445abd35e543d44f934fc2563a517 568c89c26bfd58beb998f423d417846629e6de5451efbe8590ea5fad7384f343 Loading...

	#32 Eval - 9be5f6606c8a463a15615ba27d6086c3	63 B	2023-03-13 02:11	2024-08-22 11:17
Pretty Observations First Seen2023-03-13 02:11 Last Seen2024-08-22 11:17 Times Seen25387 Hash 9be5f6606c8a463a15615ba27d6086c3 86a2fe727ef0ec4e23f1be261de127f0713e3f32 57e4541e6b4799c76812f6de6ff4aa7605c94d3cc7aebb5e8770c57efa4d28f0 Loading...

	#33 Eval - 9a1d6db237ac592a951c3a06650c1657	448 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 9a1d6db237ac592a951c3a06650c1657 4240a4ba7c36a2a318620d0a693e3bd96c2d5ce9 da16da7d72b3e8bd2082b80e76cc48862e9804a1c5d4481d6fca442ae26c7d94 Loading...

	#34 Eval - ad9811610eeca7e6ce38634e616937fc	95 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ad9811610eeca7e6ce38634e616937fc a35b69583d9bf33cead87a0220371d7c8e2bfad7 f9b3bdb14cf13056c558762d609c27e28bd68a50511bd14d1aff243903feb9e2 Loading...

	#35 Eval - ca85604235d7f4c281594488c534359d	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ca85604235d7f4c281594488c534359d 7a9738947fec3f20dbb5a1d6f04846ed82a52de7 7746d4736cacf547fd161ad06f304cdd9dc31128d6913675c57f13687393f812 Loading...

	#36 Eval - f3de292838b77673829c8b132b519291	457 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash f3de292838b77673829c8b132b519291 3590129075fe6709c3db75a9a8e5a26b527dd573 01f56df1bbf90e6350b02be6dc1efef00968111a6cc39642be6d84fe4a48442f Loading...

	#37 Eval - 22749e392e6ff8a3e00b06b719d6f708	94 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 22749e392e6ff8a3e00b06b719d6f708 d5073e07040a54cf541d37952391ae329f3807f3 8af2a5a54682fd42abec1f48b0a33fdee83a9da111e4108fbe139acd2fb0a73a Loading...

	#38 Eval - 4d693a8619963f7750462b678770e604	2 B	2023-03-08 03:40	2025-03-19 06:00
Pretty Observations First Seen2023-03-08 03:40 Last Seen2025-03-19 06:00 Times Seen1396 Hash 4d693a8619963f7750462b678770e604 91052b1cecbef0d754d1ca776f805e3a4876d0ac 1d92ad4b6987fa0347cc5d2fb6cf9e47c83f4f6caeb3b5ef6f629730528921c3 Loading...

	#39 Eval - 7fc56270e7a70fa81a5935b72eacbe29	1 B	2023-03-07 01:15	2025-05-08 07:56
Pretty Observations First Seen2023-03-07 01:15 Last Seen2025-05-08 07:56 Times Seen8933 Hash 7fc56270e7a70fa81a5935b72eacbe29 6dcd4ce23d88e2ee9568ba546c007c63d9131c1b 559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd Loading...

	#40 Eval - 316c88dce4f6c65c54fb6b13835d073e	66 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 316c88dce4f6c65c54fb6b13835d073e aba38af06d2fbd20ac7abf3c8f2b6ab3b78382e2 ded22956ad75465a4fb606b27ec70fabdf439d9c0add4e56638797c6577302ab Loading...

	#41 Eval - 1151f24be3c63db056f10938a42ab0ea	27 B	2023-03-07 01:02	2024-08-22 11:17
Pretty Observations First Seen2023-03-07 01:02 Last Seen2024-08-22 11:17 Times Seen17952 Hash 1151f24be3c63db056f10938a42ab0ea 5284a27f38597741e877ab31328cc8178b005676 0bc774ed3674af6aae8dd2c83bf89261e13ee293742afeda5161156a54bfc8ee Loading...

	#42 Eval - 1da8d5d4ca9c3118679d17b8075f3fe9	2 B	2023-04-01 10:33	2024-10-11 09:09
Pretty Observations First Seen2023-04-01 10:33 Last Seen2024-10-11 09:09 Times Seen1263 Hash 1da8d5d4ca9c3118679d17b8075f3fe9 612f4fe0c132b93689a97cdd4bcea00312cf2516 845444e9928f80df13db50b90f3dec57288d4a7418caf7270f585aed66f9fc2e Loading...

	#43 Eval - 54d54a126a783bc9cba8c06137136943	2 B	2023-03-12 21:10	2025-05-04 15:26
Pretty Observations First Seen2023-03-12 21:10 Last Seen2025-05-04 15:26 Times Seen1612 Hash 54d54a126a783bc9cba8c06137136943 e066133fdba5e5077ee034d757dc6dfcebd12979 5312fb609f60384731fcfcb95deef3602239bf61f865a07bd8e08d818d22e9fa Loading...

	#44 Eval - 9e6eb95c2715f986f8c530b43d3d9878	216 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 9e6eb95c2715f986f8c530b43d3d9878 48a2cd819813e9e5d5cb7f7ecd448a8deec4c1ee 033915c7d0119cfcf5511be6678292b253938c80041cb5c6283bc9efb2b2a07e Loading...

	#45 Eval - 1952a01898073d1e561b9b4f2e42cbd7	2 B	2023-03-07 12:02	2025-03-17 03:59
Pretty Observations First Seen2023-03-07 12:02 Last Seen2025-03-17 03:59 Times Seen1351 Hash 1952a01898073d1e561b9b4f2e42cbd7 e8c5e5be4d4926e3acc74ed8dd3beb18fa6b1593 be18b85f77fc024db379acf19e8a1ce62307ab7bb1bca395389ecfc2dafaf741 Loading...

	#46 Eval - ff44570aca8241914870afbc310cdb85	1 B	0001-01-01 00:00	2025-05-09 09:26
Pretty Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 09:26 Times Seen174471 Hash ff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5 Loading...

	#47 Eval - 78368ee39441a9b171eb86fb28d1ec29	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 78368ee39441a9b171eb86fb28d1ec29 b8002127cd1469ae2b4847083335ec4b21f5658d 6ba11754ba7ad7f91e50b9b325efdf121e1e3debe27d920549e76c92ce8de897 Loading...

	#48 Eval - c165c9ef46570e3a9c232c8fda494817	44 kB	2024-08-20 16:57	2024-08-20 16:57
Pretty Observations First Seen2024-08-20 16:57 Last Seen2024-08-20 16:57 Times Seen1 Hash c165c9ef46570e3a9c232c8fda494817 194a00aaf2213c56e7097b6b53ecda18d8e8ccb8 48a27e2673f45744b93a05124837107cb156e96a45013731ae4cb866f5d7a1af Loading...

	#49 Eval - d384bbfa2b16cec1beac8d021eec0ae4	2 B	2023-03-07 17:52	2025-01-28 05:49
Pretty Observations First Seen2023-03-07 17:52 Last Seen2025-01-28 05:49 Times Seen1311 Hash d384bbfa2b16cec1beac8d021eec0ae4 da2ec569ba4fb2c415633321f7f311abb50f7c62 d3293502aa4ca6ce54c8a9b6fe3b56e07cd1ddeb4380d5ae25708f002acefd00 Loading...

	#50 Eval - 8e6067e6cba5685518ac1870eedd53dd	82 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 8e6067e6cba5685518ac1870eedd53dd 4871305b095ba6fbf43288abbb50fd6e99acf487 dcea2d930d1a480b5ab8d7172752ca23311a30e1912807d319c2794db762abf6 Loading...

	#51 Eval - 7d939ed9480c83d36c2790cbb1ecb51e	53 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 7d939ed9480c83d36c2790cbb1ecb51e b8d20139a294af92880a5b6b4619e66eb39d9ba6 dc583ff9cf964e0c017d45a40c45453fa4fcf95c3a0dbb79d9ae6b3a58036b9a Loading...

	#52 Eval - 0d80d99d7f209071a284c9ab6d14accf	83 B	2023-03-07 01:02	2025-05-09 09:30
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen53524 Hash 0d80d99d7f209071a284c9ab6d14accf c91e7389c28a7b35eeb114484808a20cddb8c20e 0cb21d1de060008bab472c15c63e6f15828de601f85deff00d701d26c0f6819a Loading...

	#53 Eval - 8db38226dea32f40ac22120562175e64	326 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 8db38226dea32f40ac22120562175e64 3cd5843b7febf3b49a5b316b6938abeba44e01a1 57bb5102cc822b6b5c0813083a797f6cb383ce08a8f1178c62a308b6c3925a88 Loading...

	#54 Eval - 9d0137bffa0f20d5e8e9f54f2c84cf0a	10 B	2023-03-07 01:02	2025-05-09 03:04
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:04 Times Seen36949 Hash 9d0137bffa0f20d5e8e9f54f2c84cf0a 39edf6d919f82b9692a2edfecc78427a82567c42 269d4d56785ffc82f3ed05d8ee3b84fc18d7474663ddd06c6fd285165190bb19 Loading...

	#55 Eval - 9c922d2fb836f917bba064d4f5120356	2 B	2023-03-08 15:47	2024-10-30 20:33
Pretty Observations First Seen2023-03-08 15:47 Last Seen2024-10-30 20:33 Times Seen1300 Hash 9c922d2fb836f917bba064d4f5120356 6e1d936831296656f25902b88e2f9dd325657275 7ae8c65efac702d3251c067e624364ad04c37c275ff657bab87758f7cd70a354 Loading...

	#56 Eval - 71e4d0554bb5f5c000c0c9aadaa525d6	2 B	2023-03-10 09:11	2025-05-04 15:26
Pretty Observations First Seen2023-03-10 09:11 Last Seen2025-05-04 15:26 Times Seen1852 Hash 71e4d0554bb5f5c000c0c9aadaa525d6 e3a8d6c3636413f47bb05ae120b4412b45bf77c5 7102152f55997f1cd5d2075c9f2de834970fb1ed9ddde80d3b8a2886cb4b5b76 Loading...

	#57 Eval - 37a6259cc0c1dae299a7866489dff0bd	4 B	2023-03-07 01:02	2025-05-09 07:51
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:51 Times Seen61419 Hash 37a6259cc0c1dae299a7866489dff0bd 2be88ca4242c76e8253ac62474851065032d6833 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b Loading...

	#58 Eval - f1290186a5d0b1ceab27f4e77c0c5d68	1 B	2023-03-07 01:15	2025-05-08 19:50
Pretty Observations First Seen2023-03-07 01:15 Last Seen2025-05-08 19:50 Times Seen10125 Hash f1290186a5d0b1ceab27f4e77c0c5d68 aff024fe4ab0fece4091de044c58c9ae4233383a 50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 Loading...

	#59 Eval - d6795d219f44e8d813bd108b0b0697d3	51 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash d6795d219f44e8d813bd108b0b0697d3 d4c35b23ff70193949f9d2a26332c04240a666ae 849a9a26af6dd4a2885df9e67660fc0499b37507be5af381b650407b4ee55489 Loading...

	#60 Eval - a4b57ebe6d5df0079c3541b6e3555db9	107 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1172 Hash a4b57ebe6d5df0079c3541b6e3555db9 1468f1239db42c171c41664ba784ffe30ffb00cc 4847ea981dce1ffed5867d6591026ef44fd1fe129bc44f07b96d272f12145e14 Loading...

	#61 Eval - 8d9c307cb7f3c4a32822a51922d1ceaa	1 B	2023-03-07 01:02	2025-05-08 01:07
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 01:07 Times Seen9198 Hash 8d9c307cb7f3c4a32822a51922d1ceaa b51a60734da64be0e618bacbea2865a8a7dcd669 8ce86a6ae65d3692e7305e2c58ac62eebd97d3d943e093f577da25c36988246b Loading...

	#62 Eval - ad9301dc28dcf3f33940160e8c441655	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ad9301dc28dcf3f33940160e8c441655 08934f9233806e6a77b6abc04076990a1916b85a 4fa8fddd6a851e6a78aa41275b7ca5fcccb7d098b8905e0036de7e84a29abd0b Loading...

	#63 Eval - 380903fb205f082a4e298e86a482e9de	78 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1172 Hash 380903fb205f082a4e298e86a482e9de e2f77f8bcc77f5ae57ac901ff0bf11700a8074c6 e3ee0f7d7c7584252a35665734de2d84d707d36dd85c199d4830a29ee5680072 Loading...

	#64 Eval - 919a757fdc48e184311118be632a15bc	70 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 919a757fdc48e184311118be632a15bc 107614700290ae7355e326881ada1b93d0e4544b b7ef28087730dcffade440fb901774574dc794d418f8a898b2d9b971ed089c1f Loading...

	#65 Eval - f097fc9707f31a96ff14cdefe933ebc0	260 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash f097fc9707f31a96ff14cdefe933ebc0 33ef393ee38cb5c3faa9a894db62708aa2a07842 80068a3c75ca108940cf152a663da7e4532596ab73f41050acc4463446110697 Loading...

	#66 Eval - bd4496eb0285aba06273987971f6063a	35 B	2023-03-07 01:02	2025-05-08 10:53
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 10:53 Times Seen38076 Hash bd4496eb0285aba06273987971f6063a 8c7d085c9d54b41debd437430b6852de7f898857 f2a353ed5469812b863c5fbeb58b4d46b864ba4e20a49f57f9c44c7cda45f46b Loading...

	#67 Eval - e57d452bb9c82493ad804af002d3906f	471 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash e57d452bb9c82493ad804af002d3906f f227d6619c4c189942937a0bf2dd603c4418505c e153979cf28e326f2c7666b4939a145976750668eb87f8bf6d1191b9dd675d09 Loading...

	#68 Eval - 4a3f55450960dff92c67b9df27e8dae9	249 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 4a3f55450960dff92c67b9df27e8dae9 ba8c2ce6ad07fae1d04750f73125096077d26dfc 03a1a57827b1c6f356e0836846a0776972b13c5547e698532b0e3993c55a03b2 Loading...

	#69 Eval - 96d66a4d9708fdb6dd5597f3bbc7d624	195 B	2023-03-08 14:47	2025-05-09 07:51
Pretty Observations First Seen2023-03-08 14:47 Last Seen2025-05-09 07:51 Times Seen44650 Hash 96d66a4d9708fdb6dd5597f3bbc7d624 e10a66fa8a836f6f948941262b70e1fc928a446e 3cabac574ada654802fc1c4518d870f0791a9a3ac31371677e75fb683e47ce89 Loading...

	#70 Eval - 3782ce66fe3b7d798a6eb88607810592	1.1 kB	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 3782ce66fe3b7d798a6eb88607810592 85a2b3c1c84021b7a7367f05ffde8bfb607dcc15 2dc4a01e2837f1ee4306446c507713fda6880ded756f9c92d2f4035088375930 Loading...

	#71 Eval - 78f9a7b3e55776b3956cdb2d590c168e	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 78f9a7b3e55776b3956cdb2d590c168e bbadb59109fe9c2578e0a3b8ced18f84dba19b83 8b37b27281d3c83d13360b58219f1d6f9881a8244ed5176e9ecbedbff9a05912 Loading...

	#72 Eval - a85d68427636bc2196556b890c41256d	466 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash a85d68427636bc2196556b890c41256d 0bf0975a20c6bee5ae41e43e0671ff134b6b5e24 01371362bfae3e7fba35a6751c3e62946c44b9d8be629564915fbed755671d9f Loading...

	#73 Eval - 8a122fe5c5402a4baacce7345ecc3285	403 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 8a122fe5c5402a4baacce7345ecc3285 92dfc92442a6bde082625c5fadc7ec9d93629aba dc52bb4b041395913cb4e1c4f340e382f0fcaa8e30a7e25e89b1c48f0ecfaf09 Loading...

	#74 Eval - 0563fcd3c81eef58e50b984c70677036	159 B	2023-03-07 01:02	2024-08-22 11:17
Pretty Observations First Seen2023-03-07 01:02 Last Seen2024-08-22 11:17 Times Seen17943 Hash 0563fcd3c81eef58e50b984c70677036 297f56d56ec1918a65a72c146da33d3ffb468684 ed2b7d8395578b6813022e5d55ce8066479d2def9c664882260f1516472c1838 Loading...

	#75 Eval - 8c80c017097fffe05cc78cad551ef08c	26 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 8c80c017097fffe05cc78cad551ef08c 45d21b94f4a893d325e35c1bb2d0bc9b6873d5e8 2e5af31b220d5621a1efe1f82aae92bf575062df08aa90c81e7bcdfb786a71e6 Loading...

	#76 Eval - 83878c91171338902e0fe0fb97a8c47a	1 B	2023-03-07 01:29	2025-05-08 07:56
Pretty Observations First Seen2023-03-07 01:29 Last Seen2025-05-08 07:56 Times Seen6947 Hash 83878c91171338902e0fe0fb97a8c47a 516b9783fca517eecbd1d064da2d165310b19759 148de9c5a7a44d19e56cd9ae1a554bf67847afb0c58f6e12fa29ac7ddfca9940 Loading...

	#77 Eval - cd722e593c33d3dd01bccfb9daea1c90	258 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash cd722e593c33d3dd01bccfb9daea1c90 2eccb00ad91fc5a92ba69ffc29a57685ab300307 5678024cef7c38c06441e35dc82f46e82dc6a3adbcdf2538836d5510c5c94839 Loading...

	#78 Eval - 08b646c3f8aa1b7e8741d021dc57c22f	96 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 08b646c3f8aa1b7e8741d021dc57c22f a8f7ead1071e0fdb7f5c612944390d7d040a2eb7 be93ae7bd7201e98190f26dc968f684f68d3a6801accd1dbe4cd93892db3e138 Loading...

	#79 Eval - 47273b13f41cdd965a1fb55f8ee29cae	166 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 47273b13f41cdd965a1fb55f8ee29cae 110e5f578f00fcc4894c48692a4e8208964e1615 4fb216ccf56707e146d06f27b77a07fca8c1d5b1d8eeb5f5d80bb9e32be1d67a Loading...

	#80 Eval - a931635074a5017da74948b67e16c76f	206 B	2023-03-07 01:02	2025-05-09 07:51
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:51 Times Seen44702 Hash a931635074a5017da74948b67e16c76f a6799582ad16a7c1ab8221c166268130df6691d2 1fb437ac78114eda813a7c4d5771b6d3aa34908a5ca3b743d5eb5c79088cf82c Loading...

	#81 Eval - 62b85c7159991075b2f42e1c44a16549	56 B	2024-08-20 16:57	2024-08-20 16:57
Pretty Observations First Seen2024-08-20 16:57 Last Seen2024-08-20 16:57 Times Seen1 Hash 62b85c7159991075b2f42e1c44a16549 cf2f983d0ed6cb2cf7e85a95e3873d739b7f7e0c eb26d0403ed4ddc8fcfce28527b25c1d85a7674eb4243858f2f600d19d315e44 Loading...

	#82 Eval - 191364d442c58d03c434a6fe7dc88949	26 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 191364d442c58d03c434a6fe7dc88949 f1b2f7d20d648e8e30ddc7740c6439fd2126aa94 dc8c21b1f1402e0f05041a0fd69417f9cbfcc31de0ab850521bfdcee2c944ddb Loading...

	#83 Eval - 0cc175b9c0f1b6a831c399e269772661	1 B	2023-03-07 01:02	2025-05-06 14:51
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-06 14:51 Times Seen10981 Hash 0cc175b9c0f1b6a831c399e269772661 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb Loading...

	#84 Eval - a34c997da8f62c6751a11b90efa0703d	2 B	2023-03-08 12:10	2025-03-30 01:58
Pretty Observations First Seen2023-03-08 12:10 Last Seen2025-03-30 01:58 Times Seen1285 Hash a34c997da8f62c6751a11b90efa0703d b3cd16bf4d27f6df229f52b95d1dfaf62dbd779d 031b52ffd3cdb68797252799e42588772700c8d8ba43b644d074a2feba14fb9e Loading...

	#85 Eval - 3fd29e3b64dab0a0a6bcf4a9c77bf89f	157 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 3fd29e3b64dab0a0a6bcf4a9c77bf89f c305553ec6fdfcfb4ebab20fe529f43bc1500b29 c0d4933355e9141d6037c331a6d8523529af08d1dfa53401ac32517cc3f97a6e Loading...

	#86 Eval - 7afbc06554b46dc8e594a121d677aa0e	184 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 7afbc06554b46dc8e594a121d677aa0e 31c09053771d8d85a928df74c4645bb0c3559451 27e29c6c969f35482379d01e226d878d976fcd6431b3406e6ba43cfa80f5e789 Loading...

	#87 Eval - b3e664cbc391171ae8752b7d8d9b0422	2 B	2023-03-08 21:28	2025-03-17 19:19
Pretty Observations First Seen2023-03-08 21:28 Last Seen2025-03-17 19:19 Times Seen1258 Hash b3e664cbc391171ae8752b7d8d9b0422 b117b6b4947f7c44aee3e5e0fd24cf91fa52751c 65c325fb80a0e7f790657fae7d8b7a07bb83e660b22ecbf70efbae4bb03f4fa3 Loading...

	#88 Eval - 24cc3dc813f384fde380df619f1525cb	19 B	2023-03-07 01:02	2025-05-09 09:30
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen46771 Hash 24cc3dc813f384fde380df619f1525cb 56399e3ce57ff98d68c7de98a563e572230dff6b 5421715bbdaf2550e31d10fc28d444310a8fe7147bbddecf0abb490358a1553b Loading...

	#89 Eval - 90749cdccc92b64023af65b2c2e09841	52 B	2023-06-30 03:07	2025-01-10 21:02
Pretty Observations First Seen2023-06-30 03:07 Last Seen2025-01-10 21:02 Times Seen37627 Hash 90749cdccc92b64023af65b2c2e09841 c462a67f6bc05d361593fd7bdc0821fc6fbb27b4 23f5d7bca8a3fd67ad081a77c0f5ab552436896346a404b9a58840870ec9eb1d Loading...

	#90 Eval - a735596ddc266cbc06c317d706b22644	148 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash a735596ddc266cbc06c317d706b22644 56331e312bf72b4b3ece9c314335617936c190b4 543605d4a92a8fa23544a88e25334f5c124ad19c9c5b58e2f6ec220ba465472a Loading...

	#91 Eval - 0d38787062c702b4a5490400bca2ccce	26 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 0d38787062c702b4a5490400bca2ccce e83276562617ef4a927dd9553b287b2fef635e2f 1c053726d70a76c76a5800466a5144779c72e6c321d3a5aaef778d894a4d70a9 Loading...

	#92 Eval - 2f227586dafabaf8cf8b1e8ad7aebf4e	55 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 2f227586dafabaf8cf8b1e8ad7aebf4e 61396115c2b65c961670115e409de018621408cc c7b1d56f93da36e5a0d167d12e14297f05b7de8f5e9754a8cb4a7ec4e5c57845 Loading...

	#93 Eval - fafed4711ac09cc405d4131c67b21ddb	212 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash fafed4711ac09cc405d4131c67b21ddb cd306c4a85fa4a7db4e1334887a766365d5ac18a bf6572308c26c2391bd2b8f101283f82a16f8e39edb5176b0d8a814a04c0ac9e Loading...

	#94 Eval - 8d8b85adc4d2474a84fbca1381afb3c7	83 B	2023-03-07 01:02	2025-05-09 09:30
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 09:30 Times Seen44846 Hash 8d8b85adc4d2474a84fbca1381afb3c7 3815645d5a8680fd3ed4ce5a3b82f8d432448698 3eb8abc484d33a620c974de75babdd2caae4fff7dc8daad7d860dd41c93ee611 Loading...

	#95 Eval - 2db95e8e1a9267b7a1188556b2013b33	1 B	2023-03-07 01:15	2025-05-09 09:30
Pretty Observations First Seen2023-03-07 01:15 Last Seen2025-05-09 09:30 Times Seen8793 Hash 2db95e8e1a9267b7a1188556b2013b33 07c342be6e560e7f43842e2e21b774e61d85f047 acac86c0e609ca906f632b0e2dacccb2b77d22b0621f20ebece1a4835b93f6f0 Loading...

	#96 Eval - 3c989753898032f47af57aefa99310b6	450 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 3c989753898032f47af57aefa99310b6 5814c02f884f563c81f32d5360cbb4d12c5eed15 0637263bf70543c4e4281c8536aac6cb8d29a3b4356add73495eb6c6997ccb16 Loading...

	#97 Eval - 0fce16d25d273c0b97e90b3ef896bfc7	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 0fce16d25d273c0b97e90b3ef896bfc7 cc4c14e723771aa4ded6f173b3ba4d2ceca68f2b 73a98000c5f79aaacc6ab4c5169c1e6467cef92d57879d3a59aace09aa0e7de4 Loading...

	#98 Eval - ac6c413a9d6d1b9291d1187d6d301125	307 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ac6c413a9d6d1b9291d1187d6d301125 2d72ca8ad1445c1bf7a11fc35fcf05054c65cbab c675ece2cf7fcc86950e464a0229075a49ecf9e1188b081d061d9f344c95ba22 Loading...

	#99 Eval - cdaf6e12c498bf964dd8f2eaa30672c9	264 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash cdaf6e12c498bf964dd8f2eaa30672c9 b73db6a52dd3d1b313993254def737237df22a4c b0c54b83cffe3925eb355166b2213d3780e05c420f25cea702c0b8f740fe8438 Loading...

	#100 Eval - ee3a76b8b7181491af6a491f08fb16e4	247 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ee3a76b8b7181491af6a491f08fb16e4 b92921bdb88cda7b2cd7a88cdd83985858431689 93faf06bbd3a34004cf97ddc3e63a6bb0cd68edcd0c9a629ce8f35243cd5fbdc Loading...

	#101 Eval - 7a7690d1db8ab92afb0142a22e528995	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1172 Hash 7a7690d1db8ab92afb0142a22e528995 7adffd13d8f12567b8f70358a2ae5c6e9e2b7745 6674b1c8e253de47d37b5da928215d3be0638d915ce571a785ff6ce6ebe4ff5f Loading...

	#102 Eval - 987bf3b4c2bfccb58db186c4cf253307	77 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 987bf3b4c2bfccb58db186c4cf253307 4b9dc62ac52f9979799a7db84c0732d22e8a5f6c a0c4112eaebc84e9756847b1872d8feb23b241050feeaeb44eacfcbfdd2b947a Loading...

	#103 Eval - 7a591c318f728691581746d3fd25daaa	78 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 7a591c318f728691581746d3fd25daaa d7ed1564eefc602d0ba390dc95715760ba8e6cbf 94625a5eece37d48e6b08344c1d515759b586d4178b2a0f34cb4b37bc3d7c88f Loading...

	#104 Eval - b62f16c86d91d8dbeff4506b39ea90be	143 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash b62f16c86d91d8dbeff4506b39ea90be 7438230d971aa2be4631895a463ed98d9960273f 91b69657b4f027e51062abbbd604d42a00e8ac0dffb77a457e5123e1acdb1a86 Loading...

	#105 Eval - f7373a2c8ea4b1cafd7ab9e8c294331d	2 B	2023-09-15 14:52	2025-03-29 05:22
Pretty Observations First Seen2023-09-15 14:52 Last Seen2025-03-29 05:22 Times Seen1213 Hash f7373a2c8ea4b1cafd7ab9e8c294331d 6dfa06dccc4b9f5533fce101fb950064f3faf2f9 c1ad8f358a0652523011bde1a9a35b1c1b4741151f9fae22d95e88c40d1250be Loading...

	#106 Eval - e167d02fe0030e9939cb623fea0f2f00	133 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash e167d02fe0030e9939cb623fea0f2f00 b29a033667c6bf7fa62ca9d9b2ede4782c4cb16c 5f32d2bd35725c0b5d945239f7cb2a7701d5b1301bad22e7afec5bdc69fc0963 Loading...

	#107 Eval - a8e7b977655faa8482d6523555d49a6c	130 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash a8e7b977655faa8482d6523555d49a6c b5593f40e796b94eea898ecc26c89ecd3795a360 11085274b8c123912689ccd2c8808f25714bed86bd57be2d4421e0f1c7454e3a Loading...

	#108 Eval - ea8b6c254d03e5ea9b10464c43be0bb1	93 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash ea8b6c254d03e5ea9b10464c43be0bb1 c359d61bf82d93d0aaefe4e638204f30b6a0ce67 7cec55b665a0adca983327b137ae0447e289bf4e972ed4f4ae0e3eae8eead446 Loading...

	#109 Eval - 55d322e798c152c1623a52b1fd1d107e	2 B	2023-03-08 14:40	2025-01-28 17:28
Pretty Observations First Seen2023-03-08 14:40 Last Seen2025-01-28 17:28 Times Seen1506 Hash 55d322e798c152c1623a52b1fd1d107e 3fa7708a2fbc2263b3b2a0dc8279aa1f29af59ba d83d23aa0d3f185c1660be3eb925e10a5ecacd5fa2aa88fb69e67bc473897ef7 Loading...

	#110 Eval - da8097ab150a16d8034630a8fa235266	142 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash da8097ab150a16d8034630a8fa235266 3cbb761d761386e7dc749c4b0d890f2d06dfb953 a7e196e6469080b3fa211daa50fec712267247f21f23155a1c1e0850346e2209 Loading...

	#111 Eval - 98a11465a8f3959645fcfd99d3ac93cb	118 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 98a11465a8f3959645fcfd99d3ac93cb 375897e17fe55be0a59b6ed5abbff8baeef225ba de4e74a1c98f7b42c1ae7ed00fdc64572728371e0a81fca60c2455bb073f4d23 Loading...

	#112 Eval - 2d7299e7da8cda01d88bb86e7c432b1e	146 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 2d7299e7da8cda01d88bb86e7c432b1e 26fd086f948765093ee329b1c4e6d823070c6573 4c1401cf44d05901be5f029ddb981b84a0532f34b91a67bda69091ec71214245 Loading...

	#113 Eval - 512705e20c3ae6147fb654ec8a735888	22 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 512705e20c3ae6147fb654ec8a735888 a00d19eebc4467591f464d0312afa47885c41cd0 dfc5800b5e625b7445c5d42c5760a8dd30fa380aa6f24753fff4fa58e56a21d1 Loading...

	#114 Eval - e0150e15ebb59574a5213a86e933580a	353 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash e0150e15ebb59574a5213a86e933580a 95b6fd07870c060414a3791173ad5be575e6c2bf 5d007d276fd86e8e745bbfaf927fa61e07351c664567347d948c7b393002d4a2 Loading...

	#115 Eval - c12f6e385015fe6a68b988fbb39a75a6	59 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash c12f6e385015fe6a68b988fbb39a75a6 1b05968e941043141c87a3f58b1c6b7ae8bfc87b 062064f8258d6d57f85cd09f875af20e6c052a0f8e039f432908dba60680b529 Loading...

	#116 Eval - 68af0ab14d3a29484b7cc5b3c9c828cf	135 B	2023-11-07 13:48	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:48 Last Seen2024-08-20 20:33 Times Seen1173 Hash 68af0ab14d3a29484b7cc5b3c9c828cf dbc28a446e8b63620243641b46c06834bb0c9147 a4f498cc5433dc8d6c33844c1b83be8de499e968959f647d98df5f30f1ab2598 Loading...

	#117 Eval - bae3f90cb000352645e35fad60da411c	35 B	2023-03-07 01:02	2025-05-09 02:45
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 02:45 Times Seen51718 Hash bae3f90cb000352645e35fad60da411c 00023f94c170125b979cb1914925d06ab1abfbce 1e3606d95ce27d593157594820335681a9380f51a96147303cd8000e60a95e12 Loading...

	#118 Eval - d48a24ae9672ee573050e4d3aeeebe4d	29 B	2023-03-07 01:02	2025-05-09 07:51
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:51 Times Seen51882 Hash d48a24ae9672ee573050e4d3aeeebe4d 8f8c4d27852980a1ec5a8b1aba30769001314ec8 53e5b7d706a350fe98d52499058624e15cddc1541f17370f94a899a386c50255 Loading...

	#119 Eval - f465da03521180d47c811a98c793a2d6	9 B	2023-03-07 01:02	2025-05-09 03:04
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:04 Times Seen36939 Hash f465da03521180d47c811a98c793a2d6 9b76105ff4c8bb84cd630914d772f4cc73df0155 e8183224e440eb4578fd87c4c47735f9ede4c43b1c6ebbdcd7033e98aba6a009 Loading...

	#120 Eval - f69f8a97602c0e8d86cbf26eb0fc8024	2 B	2023-03-08 13:02	2025-05-08 01:07
Pretty Observations First Seen2023-03-08 13:02 Last Seen2025-05-08 01:07 Times Seen1824 Hash f69f8a97602c0e8d86cbf26eb0fc8024 1363c20e8e3fef6df75dd6c368cef6c326f7f5b4 ca44086fd065d8275d64a706375e8b02fa1cdc9c5b1ba056f1b845758642625d Loading...

	#121 Eval - e7e87fd9dff633c4e522b93a0204e6e9	2 B	2023-04-18 10:33	2025-01-28 19:17
Pretty Observations First Seen2023-04-18 10:33 Last Seen2025-01-28 19:17 Times Seen2063 Hash e7e87fd9dff633c4e522b93a0204e6e9 bc3a4adad797cb0810a3b52f4410398d5ac5b13c ea1d169bded815aa0e65bee8d45b2f4d0ab207e122b8fad937bc0d6973924ada Loading...

HTTP Transactions (129)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

142.250.74.106

200 OK

33 kB

URL GET HTTP/1.1
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP
142.250.74.106:80
ASN
#15169 GOOGLE

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (32072)
Size
33 kB (32954 bytes)
Hash
e0e0559014b222245deb26b6ae8bd940
e2f3603e23711f6446f278a411d905623d65201e
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

HTTP Headers

GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 Nov 2023 21:48:58 GMT
Expires: Thu, 28 Nov 2024 21:48:58 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 303955
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding

www.jacklmoore.com/colorbox/example1/colorbox.css

185.199.109.153

200 OK

1.5 kB

URL GET HTTP/1.1
www.jacklmoore.com/colorbox/example1/colorbox.css
IP
185.199.109.153:80
ASN
#54113 FASTLY

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text
Size
1.5 kB (1460 bytes)
Hash
bbf688345ad4210ae3e38ad44a759b18
917e0a570e692ebc3616d188cea87b9b0969a071
7c19e7fddbe8e759b0a0248f156a88336c307256a93eddffbc7192cc2f8fe933

HTTP Headers

GET /colorbox/example1/colorbox.css HTTP/1.1
Host: www.jacklmoore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1460
Server: GitHub.com
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 10 Apr 2022 05:47:46 GMT
Access-Control-Allow-Origin: *
ETag: W/"62526f82-114f"
expires: Sun, 03 Dec 2023 10:24:53 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: A672:69C8:6720AC4:68DA786:656C551D
Accept-Ranges: bytes
Date: Sun, 03 Dec 2023 10:14:53 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1644-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1701598493.070637,VS0,VE182
Vary: Accept-Encoding
X-Fastly-Request-ID: 7835823bc5b174b973275dda33c73c2fca215df5

164.115.43.44/hospital/web/index.php

164.115.43.44

200 OK

109 kB

URL User Request GET HTTP/1.1
164.115.43.44/hospital/web/index.php
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (674), with CRLF, LF line terminators
Size
109 kB (109392 bytes)
Hash
e7c1ef6783382528698b3bc3f9578c25
9bb28427dc393698797ce52710ee7844fdedc2e8
f26ba52e66f002419de815b7c7fbcd178637c9792a394be45eff11ceb0228191

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/index.php HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:52 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; path=/; httponly
cookiesession1=678B76F4BD24803B08FBD4044E164577;Expires=Mon, 02 Dec 2024 10:14:52 GMT;Path=/;HttpOnly
content-length: 109392

164.115.43.44/hospital/web/assets/88a39f1e/css/themes/image.css

164.115.43.44

200 OK

206 B

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/88a39f1e/css/themes/image.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
206 B (206 bytes)
Hash
5224f48ad1621dad8dbcb99d983f5bf9
50abc03ed7c2eb47243e912f65699ccaed3e14e1
7fb9487c9fe47198088893139120386c9bc41006509e810edd10c42a6404dc5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/88a39f1e/css/themes/image.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "ce-56cdb4f27fbc0"
Accept-Ranges: bytes
Content-Length: 206
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/owl.carousel/owl-carousel/owl.carousel.css

164.115.43.44

200 OK

1.5 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/owl.carousel/owl-carousel/owl.carousel.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
1.5 kB (1547 bytes)
Hash
d49fbfc6c0444e7c67b2ee7ae284a293
986a35e93e719dd08b35c8c8762626ceb495418a
c9430ccc20d8d58e10dbcaba36ae11739cf20190424b6f55c0d8cf90241658f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/owl.carousel/owl-carousel/owl.carousel.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 18 Apr 2017 07:46:31 GMT
ETag: "60b-54d6c1b2883c0"
Accept-Ranges: bytes
Content-Length: 1547
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/67ec78d7/css/ripples.css

164.115.43.44

200 OK

1.0 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/css/ripples.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
1.0 kB (1009 bytes)
Hash
aadfb267f7c3b0e07cef9a7db53acaad
8bd8fcac0f3fa29ada835bf63349533b8835ea7c
5fcfd06edc59285267685cb0397733b39815e2115e8bf3a52c8619a4ed727069

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/css/ripples.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:44 GMT
ETag: "3f1-56cdb4f20e34f"
Accept-Ranges: bytes
Content-Length: 1009
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.jacklmoore.com/colorbox/jquery.colorbox.js

185.199.109.153

200 OK

8.9 kB

URL GET HTTP/1.1
www.jacklmoore.com/colorbox/jquery.colorbox.js
IP
185.199.109.153:80
ASN
#54113 FASTLY

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text
Size
8.9 kB (8925 bytes)
Hash
2769d3c25dc8edb989788823b8c81e57
21ac7e1924dc1c9c3c129f1786d1d153f43e3b92
598bb39a9e2ce06b0fd1fb3ee55ea21c955af996d7cb08598271f2689f79bd25

HTTP Headers

GET /colorbox/jquery.colorbox.js HTTP/1.1
Host: www.jacklmoore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 8925
Server: GitHub.com
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sun, 10 Apr 2022 05:47:46 GMT
Access-Control-Allow-Origin: *
ETag: W/"62526f82-71f0"
expires: Sun, 03 Dec 2023 07:11:52 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: CD1A:D891:2DD6D7C:2E9C7A3:656C27DC
Accept-Ranges: bytes
Date: Sun, 03 Dec 2023 10:14:53 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1644-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1701598493.410750,VS0,VE119
Vary: Accept-Encoding
X-Fastly-Request-ID: b65360175d99cf862474a5f91d1c69507a8333f7

164.115.43.44/hospital/web/assets/67ec78d7/css/ripples.min.css

164.115.43.44

200 OK

786 B

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/css/ripples.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (741), with CRLF line terminators
Size
786 B (786 bytes)
Hash
4df9b8a78dd012f910dda53b72065303
a88c1f6dbcbed81483e21df3fdbd2af1c462ab64
5fa735f4e4b9d9c6ad77923373148f4787f80a660d8dac3df343ca564e07289f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/css/ripples.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:44 GMT
ETag: "312-56cdb4f20f2ef"
Accept-Ranges: bytes
Content-Length: 786
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/67ec78d7/css/site.css

164.115.43.44

200 OK

2.3 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/css/site.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
2.3 kB (2274 bytes)
Hash
aac7351c275fad265d08d281061c7295
c3843b97f075b82a306059fd46eac1439c40acce
3cf6703e23c4c5f5b1a16b2d93441966e2177d40720b00798a24d62fd3f0cf5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/css/site.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:44 GMT
ETag: "8e2-56cdb4f210677"
Accept-Ranges: bytes
Content-Length: 2274
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/67ec78d7/font-awesome/css/font-awesome.min.css

164.115.43.44

200 OK

24 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/font-awesome/css/font-awesome.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (23577), with CRLF line terminators
Size
24 kB (23742 bytes)
Hash
f667e6132f8470a39d2395b81ab4ef09
3e435d5167460aaf367836e1973e90a47039faea
222d75918bb518d46a4d283da7de243b4409d597a8c6856070a07e96b600e6d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:44 GMT
ETag: "5cbe-56cdb4f22b042"
Accept-Ranges: bytes
Content-Length: 23742
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/67ec78d7/fonts/fonts.css

164.115.43.44

200 OK

1.5 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/fonts/fonts.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
1.5 kB (1542 bytes)
Hash
48b5c18f05a51a9be17a479de56d9934
b2076bdd2574df6ae382c41b38decc56dd6e3140
923aa286fcf06604706f5d6bab854760e6c3e9c8e2f8a7dab1b6d2b8daaff9f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/fonts/fonts.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "606-56cdb4f25f04e"
Accept-Ranges: bytes
Content-Length: 1542
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/6456f1ce/css/bootstrap-tabs-x.css

164.115.43.44

200 OK

7.8 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/6456f1ce/css/bootstrap-tabs-x.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
7.8 kB (7835 bytes)
Hash
f29e5bc2b5ac6336a11016582c03b421
8927b9a0bc65b1ce09eaa196996ae99072c44985
3c33c2b69aa9ba304dbf400a309719389610773752de63b6b3d1c58203620d86

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/6456f1ce/css/bootstrap-tabs-x.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:35 GMT
ETag: "1e9b-56cdb4e998e16"
Accept-Ranges: bytes
Content-Length: 7835
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/95decc00/css/kv-widgets.css

164.115.43.44

200 OK

725 B

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/95decc00/css/kv-widgets.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
725 B (725 bytes)
Hash
26240da9a450d13374baeb5d1146414d
4555f6bb38453029564a5a75b6e14903de42077c
3249bf33bb636adb0295fe1189b79eb7632adf8a7e58db32f6c5f05f7397de98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/95decc00/css/kv-widgets.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "2d5-56cdb4e9fcfae"
Accept-Ranges: bytes
Content-Length: 725
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/18268b73/fullcalendar.min.css

164.115.43.44

200 OK

15 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/18268b73/fullcalendar.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (15148), with CRLF line terminators
Size
15 kB (15255 bytes)
Hash
486556af1452188adfd749f7880e47ec
ef01debc130887bcc1550ca9a7576f2e610b23b8
19b47ff0b3d0bbd74d47408ff62eabe785fc95788444c68c9ce52522299c5570

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/18268b73/fullcalendar.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "3b97-56cdb4ea16dc0"
Accept-Ranges: bytes
Content-Length: 15255
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital

164.115.43.44

301 Moved Permanently

238 B

URL GET HTTP/1.1
164.115.43.44/hospital
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
e3e264e6194b4368e82707d1be2fc1db
451039d2bca34e66da0a15136bbdcc5e8f8adad9
da7a226d702aad0bf2b782fb63e13bfaded0007bb1b0a17dcab04038627c2e05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Location: http://164.115.43.44/hospital/
Content-Length: 238
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

164.115.43.44/hospital/web/assets/2b33065f/css/bootstrap.css

164.115.43.44

200 OK

153 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/2b33065f/css/bootstrap.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (540), with CRLF line terminators
Size
153 kB (152767 bytes)
Hash
794f8177af9645a4f4e2d74fa0c1cc73
afb383fa13c40821106e7b39b2e29c06a2f01ff5
a29236eed54ff257f34dd88abfd5a2f14b9190d84802f6703152d6b4ea511ca9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/2b33065f/css/bootstrap.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "254bf-56cdb4e9caee2"
Accept-Ranges: bytes
Content-Length: 152767
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/28b8f359/yii.js

164.115.43.44

200 OK

19 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/28b8f359/yii.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
19 kB (18598 bytes)
Hash
d8f87356cfbe45f95773a4f3bfeddbc0
0e13159148a98c17704451fdac919ab24b428c68
13fe4f185430fe114aaa048304d741281159947bf23cc93a3a7d59fd5fc76a10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/28b8f359/yii.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "48a6-56cdb4e9b7e31"
Accept-Ranges: bytes
Content-Length: 18598
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/a5dfc11b/themes/smoothness/jquery-ui.css

164.115.43.44

200 OK

36 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/a5dfc11b/themes/smoothness/jquery-ui.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (2363), with CRLF line terminators
Size
36 kB (36437 bytes)
Hash
7bbf1240a8461ec9b83207237d05022d
b88676dc1f917fddeded83bfc57237076fb857f6
c87b93427458ffcc687de50c24b749794c35bd314c22a9760f4cf0bcf0b74487

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/a5dfc11b/themes/smoothness/jquery-ui.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:42 GMT
ETag: "8e55-56cdb4f024737"
Accept-Ranges: bytes
Content-Length: 36437
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/67ec78d7/css/material.min.css

164.115.43.44

200 OK

1.1 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/css/material.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (65536), with no line terminators
Size
1.1 MB (1136754 bytes)
Hash
fe6d0864f0e41013f0d0d2cec6c947c1
ba4d676d0c85ffbdf91a66797e4a96f99b0ee982
db12875e9829c0b2eeddde7fba6b8972d4ad57e7b47aebec2ce33598d26303e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/css/material.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:44 GMT
ETag: "115872-56cdb4f20cbdf"
Accept-Ranges: bytes
Content-Length: 1136754
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/hospital/web/assets/67ec78d7/js/material.js

164.115.43.44

200 OK

8.1 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/js/material.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
8.1 kB (8064 bytes)
Hash
6da18e6a568ff336aa156d2c428f1bab
c2d9e6f547099efcff073cb13b29361d6bfa2f61
4d22e9c6b3af0002b21eac029df92f38462dbfcc44fc53bf438db5e8215f85cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/js/material.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "1f80-56cdb4f2701bf"
Accept-Ranges: bytes
Content-Length: 8064
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.js

164.115.43.44

200 OK

7.7 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
7.7 kB (7684 bytes)
Hash
6d31aaed21e2967ae2455395ee9ba575
d71551e79413588e671ee809dd42ead6af770cd5
4518acecbc24a4b4d0e1f6e9844ee42ee4bfbb2db2bedfd94f4d39a12c22d86b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/js/ripples.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "1e04-56cdb4f276750"
Accept-Ranges: bytes
Content-Length: 7684
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/67ec78d7/js/material.min.js

164.115.43.44

200 OK

4.4 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/js/material.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (4327), with CRLF line terminators
Size
4.4 kB (4369 bytes)
Hash
b0d91cc649d3974d2beb9c9102fcfc21
28172e701b8ed55133002053de300796f345ba16
7b97a3cb942f795484c27cf3e796f23fac5e5fedec431ad04156f407614fc796

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/js/material.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "1111-56cdb4f2728cf"
Accept-Ranges: bytes
Content-Length: 4369
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.min.js

164.115.43.44

200 OK

2.8 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/js/ripples.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (2763), with CRLF line terminators
Size
2.8 kB (2804 bytes)
Hash
0bceb1dfc9a6927c39bff3d76390a36a
6a6ebfbddd206c4a871b0f09ba879f38ae9bc068
8ad941b2cf8df4fe4b86a7480dde4b37bd6d8637d04f0ed05a32b8cb8ea631ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/js/ripples.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "af4-56cdb4f278690"
Accept-Ranges: bytes
Content-Length: 2804
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/owl.carousel/owl-carousel/owl.carousel.min.js

164.115.43.44

200 OK

24 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/owl.carousel/owl-carousel/owl.carousel.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (635), with CRLF line terminators
Size
24 kB (23936 bytes)
Hash
8c52f27fcac36c7667f8fb846e1e94d5
e5862559db659ffd530c91452d668c5e7b3f0f2d
6c1e31700f68d1666de6b0992e89d413434707718bf729a472404029845bdbad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/owl.carousel/owl-carousel/owl.carousel.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 18 Apr 2017 07:46:32 GMT
ETag: "5d80-54d6c1b37c600"
Accept-Ranges: bytes
Content-Length: 23936
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/js/index.js

164.115.43.44

200 OK

1.9 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/js/index.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1909 bytes)
Hash
2a3de47589338c1dba911833b7cd3dfc
e816e705b98200c6b665307e8bc7d5770e42ee47
c7dfeb11a399840c7544a035939acb8acfb41a6077cb0631d0120b27a0846f77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/js/index.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 18 Apr 2017 07:46:29 GMT
ETag: "775-54d6c1b09ff40"
Accept-Ranges: bytes
Content-Length: 1909
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/2b33065f/js/bootstrap.js

164.115.43.44

200 OK

72 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/2b33065f/js/bootstrap.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
72 kB (72084 bytes)
Hash
24276f268f56771dc4141e6b3d93a2aa
474b25cebd06d57a38090c6716d5dfaa5591baad
d5fa375baaa8c2ae0f8a7a42b0ab21695a9ec04c68166ceb44118a6d27405449

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/2b33065f/js/bootstrap.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "11994-56cdb4e9ee54d"
Accept-Ranges: bytes
Content-Length: 72084
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/6456f1ce/js/bootstrap-tabs-x.js

164.115.43.44

200 OK

7.3 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/6456f1ce/js/bootstrap-tabs-x.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
7.3 kB (7292 bytes)
Hash
91db0c3a9fb5dc2cab9fb8a39b81ff55
14a43b76106263d6376d1f705ce67d54ff7013a3
7b65757f5e6346549f639b13c5d778ec51ec7f4b2fca31aeb3739c62346090d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/6456f1ce/js/bootstrap-tabs-x.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:35 GMT
ETag: "1c7c-56cdb4e9a64ef"
Accept-Ranges: bytes
Content-Length: 7292
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/95decc00/js/kv-widgets.js

164.115.43.44

200 OK

1.1 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/95decc00/js/kv-widgets.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1092 bytes)
Hash
09e47d15efbd5c3768e009c43abea69e
d37eb493480584eb3aac71320f9f982ad55dc9a8
73f094731fe3b3a2d718db2a0ee0a6e757a6339dce3b898c33371bd327b8de8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/95decc00/js/kv-widgets.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "444-56cdb4e9ff2d6"
Accept-Ranges: bytes
Content-Length: 1092
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/37e49b9e/moment.js

164.115.43.44

200 OK

128 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/37e49b9e/moment.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Algol 68 source text\012- Pascal source, ASCII text, with CRLF line terminators
Size
128 kB (127759 bytes)
Hash
6173af690dc476b563deeaf02b4edb21
ce74f58c44a79e9da489d285e774a40c015ccb80
d0727f6592ef311fb92c444362ece347824a6dc7ca3b9d677462dec6f3cebc5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/37e49b9e/moment.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:38 GMT
ETag: "1f30f-56cdb4ebd8d1d"
Accept-Ranges: bytes
Content-Length: 127759
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/18268b73/locale/th.js

164.115.43.44

200 OK

3.4 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/18268b73/locale/th.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Unicode text, UTF-8 text, with very long lines (2167), with no line terminators
Size
3.4 kB (3433 bytes)
Hash
5295ce92d1baec69473c01327c4bfc2b
bca7c5fac4bb6c7ef538a08c542998e52be14e56
63286a03664b26113424fb1262635d346687e18e989c3666eade85e16b3a8476

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/18268b73/locale/th.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "d69-56cdb4ea843c9"
Accept-Ranges: bytes
Content-Length: 3433
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/embed.js

142.250.74.78

200 OK

16 kB

URL GET HTTP/3
www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/embed.js
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (3391)
Size
16 kB (16506 bytes)
Hash
4b993df6aaec92ba17cc4d526ad2e4bd
a0b696788d5d621280e4f642b4c66875d40870cb
f21a803f0b7f63109cd608bfbe9769a3dc2e2a17c8e885826529d3981d15d313

HTTP Headers

GET /s/player/31e0b6d9/player_ias.vflset/en_US/embed.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 16506
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:15 GMT
expires: Fri, 29 Nov 2024 04:32:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 279759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.youtube.com/s/player/31e0b6d9/www-player.css

142.250.74.78

200 OK

49 kB

URL GET HTTP/3
www.youtube.com/s/player/31e0b6d9/www-player.css
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
49 kB (48920 bytes)
Hash
18f844aa571ef66c0f165fe56a2f0821
849c61720b741db03f689c461e8e4eedd3c4ce21
436743ad0889ad9399a1f33edb65d8bf1c71cfbce1b0fce549769e7705c9ceec

HTTP Headers

GET /s/player/31e0b6d9/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 48920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:12 GMT
expires: Fri, 29 Nov 2024 04:32:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/css
vary: Accept-Encoding, Origin
age: 279762
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.youtube.com/s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js

142.250.74.78

200 OK

98 kB

URL GET HTTP/3
www.youtube.com/s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (682)
Size
98 kB (98499 bytes)
Hash
24cd2bdc1dd00086a1efbc664060bb49
064027f89f2e8f22be774e7468f7ae4ab79efcbc
4d453a47ad0d1b30a7292b6f712d8645db141ed6adea69b8e7d802f8022365fd

HTTP Headers

GET /s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 98499
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:12 GMT
expires: Fri, 29 Nov 2024 04:32:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 279762
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

164.115.43.44/hospital/web/js/main.js

164.115.43.44

200 OK

1.6 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/js/main.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.6 kB (1609 bytes)
Hash
8e7e5ce12eb2d9f12d98e09b16324091
c2749d9fb7f8f8a0105e777ed0f2dc343f0edaa1
ff1f238e900a136a871653debc0940d95c37b8c030fff8d3973fd9d6e878b5a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/js/main.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 18 Apr 2017 07:46:29 GMT
ETag: "649-54d6c1b09ff40"
Accept-Ranges: bytes
Content-Length: 1609
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 11:28:20 GMT
expires: Fri, 29 Nov 2024 11:28:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 254795
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/hospital/web/assets/18268b73/locale-all.js

164.115.43.44

200 OK

157 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/18268b73/locale-all.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Unicode text, UTF-8 text, with very long lines (32003), with CRLF line terminators
Size
157 kB (157314 bytes)
Hash
361fc0942441729ca6e4cd80ba0edd81
c8f848e215cfab26724eb1962cbc51334baf675c
b49059c5721da12c6abace5a5977f0b43be2f403fee908b851bc69c0317561f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/18268b73/locale-all.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "26682-56cdb4ea935fb"
Accept-Ranges: bytes
Content-Length: 157314
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/assets/20653ae5/jquery.js

164.115.43.44

200 OK

267 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/20653ae5/jquery.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with CRLF line terminators
Size
267 kB (267365 bytes)
Hash
30907cfce66ebfcca66785ed6fad9fa5
49ddeac2f7898effe25af2fa7ff1fd0d7ee9b5e2
30fc40baadcbcf1ff2e024739241f6fc8479a96145b5d975978831a123457e3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/20653ae5/jquery.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:35 GMT
ETag: "41465-56cdb4e971543"
Accept-Ranges: bytes
Content-Length: 267365
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/base.js

142.250.74.78

200 OK

784 kB

URL GET HTTP/3
www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/base.js
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (555)
Size
784 kB (784263 bytes)
Hash
101fe6d09a2a65ba52bbafa55f73d316
46b1b5f64db74e841d0f606543980dea804707d8
ddc70bebc8a0e4ae5b13a5f8409693a3e88aa4b4415a75f632f11d0f0c423457

HTTP Headers

GET /s/player/31e0b6d9/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-encoding: gzip
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 784263
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:15 GMT
expires: Fri, 29 Nov 2024 04:32:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 279759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

164.115.43.44/hospital/web/assets/88a39f1e/js/jquery.scrollUp.js

164.115.43.44

200 OK

5.7 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/88a39f1e/js/jquery.scrollUp.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
5.7 kB (5669 bytes)
Hash
71ca06b14249a7812782cdf90338d622
e6393f86e69c8eeaceb647eac0281d0b94547510
9be1178fa12f1bcfeff76803f7daa29614036956bc444911e03357855e86772d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/88a39f1e/js/jquery.scrollUp.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "1625-56cdb4f283e29"
Accept-Ranges: bytes
Content-Length: 5669
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 10:04:07 GMT
expires: Fri, 29 Nov 2024 10:04:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 259848
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/hospital/

164.115.43.44

302 Found

0 B

URL GET HTTP/1.1
164.115.43.44/hospital/
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/ HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://164.115.43.44/hospital/web/index.php
DNT: 1
Connection: keep-alive
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Location: web/
Content-Length: 0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

164.115.43.44/hospital/web/assets/67ec78d7/fonts/thsarabunnew-webfont.woff

164.115.43.44

200 OK

52 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/fonts/thsarabunnew-webfont.woff
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Web Open Font Format, TrueType, length 51956, version 1.0\012- data
Size
52 kB (51956 bytes)
Hash
940b7d9976165f2795824c2dbd0de318
5077b570c4dcdc07137c64378dab87fc1258b9b3
a5f4eac957aecb8e896a19d6ba5e748133c99e74d3b620b41e81125d8a1c1fff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/fonts/thsarabunnew-webfont.woff HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/assets/67ec78d7/fonts/fonts.css
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "caf4-56cdb4f261f2e"
Accept-Ranges: bytes
Content-Length: 51956
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/font-woff

164.115.43.44/hospital/web/assets/67ec78d7/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0

164.115.43.44

200 OK

57 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Size
57 kB (56780 bytes)
Hash
97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/assets/67ec78d7/font-awesome/css/font-awesome.min.css
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:44 GMT
ETag: "ddcc-56cdb4f238eeb"
Accept-Ranges: bytes
Content-Length: 56780
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive

164.115.43.44/hospital/web/assets/2b33065f/fonts/glyphicons-halflings-regular.woff2

164.115.43.44

200 OK

18 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/2b33065f/fonts/glyphicons-halflings-regular.woff2
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/2b33065f/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/assets/2b33065f/css/bootstrap.css
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "466c-56cdb4e9eae9d"
Accept-Ranges: bytes
Content-Length: 18028
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive

164.115.43.44/hospital/web/assets/67ec78d7/fonts/thsarabunnew_bold-webfont.woff

164.115.43.44

200 OK

52 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/67ec78d7/fonts/thsarabunnew_bold-webfont.woff
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
Web Open Font Format, TrueType, length 51744, version 1.0\012- data
Size
52 kB (51744 bytes)
Hash
8d8146f04b5d6c7acd967c6bbc512cfe
8e567388f800dc1552ab488f6441572d42b80d3a
7792dfc28a9bc9559d391e8109a338a7546b04eab9f1896c7ed021b4563bc75c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/67ec78d7/fonts/thsarabunnew_bold-webfont.woff HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/assets/67ec78d7/fonts/fonts.css
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:45 GMT
ETag: "ca20-56cdb4f2659c6"
Accept-Ranges: bytes
Content-Length: 51744
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/font-woff

164.115.43.44/hospital/web/assets/a5dfc11b/jquery-ui.js

164.115.43.44

200 OK

487 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/a5dfc11b/jquery-ui.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
ASCII text, with very long lines (547), with CRLF line terminators
Size
487 kB (487212 bytes)
Hash
43109e12e36805738ddf8deca737c53b
cb6bc7d0b27bdf80a672b857bf6db0d41cc55995
37fbfc8e36798a479dd09027315d1de63f53d75aa169c97b7991ae9afbd249e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/a5dfc11b/jquery-ui.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:41 GMT
ETag: "76f2c-56cdb4ef2b2db"
Accept-Ranges: bytes
Content-Length: 487212
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/images/bos1.jpg

164.115.43.44

200 OK

13 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/bos1.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2, orientation=upper-left], baseline, precision 8, 254x336, components 3\012- data
Size
13 kB (13426 bytes)
Hash
fb8c7d61821361569fd04c9865789217
988fd0f2bcb2a8608f57fc76315e1d5dab2197e0
b34ecc01864f641057fb71cabc8cb0ed4f8b5f60ff905003ba0fb26d515e3cf5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/bos1.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 01 Dec 2021 08:44:14 GMT
ETag: "3472-5d211adb2b380"
Accept-Ranges: bytes
Content-Length: 13426
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/

164.115.43.44

200 OK

109 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (674), with CRLF, LF line terminators
Size
109 kB (109392 bytes)
Hash
0f90208813de1d9eb822ab8c3c827def
277321c9313f63b3da797e54b6b667993b069dae
21e9093e46d4c142597bd761d5e1f19eda235b5040e02c8ee25d33a2fa9b8ff0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/ HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://164.115.43.44/hospital/web/index.php
DNT: 1
Connection: keep-alive
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
content-length: 109392

164.115.43.44/hospital/web/images/LSMI_web.png

164.115.43.44

200 OK

12 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/LSMI_web.png
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
PNG image data, 376 x 79, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12385 bytes)
Hash
3586ffcd5d361db4fee216b74d1ec0a1
ec1d4580e9e1b702cdb0dadca15333f98f60a776
d54f4ec6eac4e9d7734de352264bb480eb85ed724a1d419c0e35abdf69c75096

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/LSMI_web.png HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 16 Jul 2013 09:01:44 GMT
ETag: "3061-4e19d39e0ee00"
Accept-Ranges: bytes
Content-Length: 12385
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png

164.115.43.44/hospital/web/assets/18268b73/fullcalendar.print.css

164.115.43.44

200 OK

5.8 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/18268b73/fullcalendar.print.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
troff or preprocessor input, ASCII text, with CRLF line terminators
Size
5.8 kB (5773 bytes)
Hash
9f6911457f19b7b6c098c2b98e1fff60
ed5345bf7abddc3e4a6e66884c3c5cb950aaad3b
a4f9cbd12a6f4de0ce984b82d6c5d776763dcf1f96fe3f503dfe146d95f2cd5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/18268b73/fullcalendar.print.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "168d-56cdb4ea1cf69"
Accept-Ranges: bytes
Content-Length: 5773
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/

164.115.43.44

200 OK

20 kB

URL GET HTTP/1.1
164.115.43.44/ita66/
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
20 kB (19830 bytes)
Hash
6cabf7ec0ee3968216da51260df34447
2ff4a2aea881c63abb21234159c92837bfc31164
e44273aa7127ca8c22f89fbf03d4f7f2dbfcbbe6095ca8867833f7e6c9a34349

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/ HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
content-length: 19830

164.115.43.44/hospital/web/images/logo/Logopjw.png

164.115.43.44

200 OK

45 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/logo/Logopjw.png
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
PNG image data, 600 x 136, 8-bit/color RGBA, non-interlaced\012- data
Size
45 kB (45061 bytes)
Hash
2b1049610c54e9cfe83491e9fd53ef19
f21e0f4b7893b05e32f7fdfc6ce4060ff74fc27e
18321e517add2b582d5303c8fa823e5a150647ac287f8b73a04069e829445072

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/logo/Logopjw.png HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 25 May 2023 05:08:35 GMT
ETag: "b005-5fc7d9cc7bac0"
Accept-Ranges: bytes
Content-Length: 45061
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

164.115.43.44/hospital/web/assets/18268b73/fullcalendar.js

164.115.43.44

200 OK

0 B

URL GET HTTP/1.1
164.115.43.44/hospital/web/assets/18268b73/fullcalendar.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/assets/18268b73/fullcalendar.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 23 May 2018 08:27:36 GMT
ETag: "63aa7-56cdb4ea0c9b0"
Accept-Ranges: bytes
Content-Length: 408231
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/hospital/web/images/tel1669.png

164.115.43.44

200 OK

12 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/tel1669.png
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
PNG image data, 500 x 110, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11816 bytes)
Hash
c28ac33cac7c494e1dbab24bec3fae81
128b46a14296b2f194f9b64b51cc36ac6e115d15
e82b6b94694f61b4792aa7866cfe6558a69915f46e3e5acb34afa1df9cb981ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/tel1669.png HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Fri, 31 Jul 2020 04:17:45 GMT
ETag: "2e28-5abb5121eec40"
Accept-Ranges: bytes
Content-Length: 11816
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png

jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

142.250.74.170

200 OK

33 kB

URL OPTIONS HTTP/2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (32873 bytes)
Hash
2b2ffd8f730a966ed243b578e7da50fe
2ec6a0ff38d3be25cd38534ca4ff3670697946c3
6239c37c0a02a4fa25ed36e25eed2ab44fde32e665e23dd69b3bd009374d3751

HTTP Headers

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 03 Dec 2023 10:14:55 GMT
server: ESF
cache-control: private
content-length: 32873
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/hospital/web/uploaded/news/icons/160.png

164.115.43.44

200 OK

213 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/uploaded/news/icons/160.png
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
PNG image data, 709 x 354, 8-bit/color RGB, non-interlaced\012- data
Size
213 kB (213402 bytes)
Hash
db575fad3e4e2644e5b8fc55cce4f6e5
1d34ec6cc135fc6a7e55c7e941a1158436c7e49d
669e8a9a771262cc2e82d5a3e3c0741178435ed169d8c6275f010c129fc78bbb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/uploaded/news/icons/160.png HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Mon, 16 Aug 2021 07:51:32 GMT
ETag: "3419a-5c9a878354900"
Accept-Ranges: bytes
Content-Length: 213402
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png

164.115.43.44/hospital/web/photolibrarys/Adpz5bf3wy8IJ6v8e_XeFN/

164.115.43.44

200 OK

1.0 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/Adpz5bf3wy8IJ6v8e_XeFN/
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1001 bytes)
Hash
3c105274d49879f238d6b96ab9be618f
80d0b8630d42242a3b85b64401598087801922f7
ae28aec2c17b3221eb12cf24b2802be8ef6ff52bacdf6997598448ff6d9d131d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/Adpz5bf3wy8IJ6v8e_XeFN/ HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 1001
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

i.ytimg.com/vi_webp/RSq66Sr9uac/sddefault.webp

172.217.21.182

200 OK

21 kB

URL GET HTTP/2
i.ytimg.com/vi_webp/RSq66Sr9uac/sddefault.webp
IP
172.217.21.182:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subjectedgestatic.com
FingerprintC8:30:4C:1A:A8:FF:83:E1:A2:7F:DB:02:8C:D9:05:46:C4:D6:CA:95
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
21 kB (21350 bytes)
Hash
7b8be75d1e884e670b518950e37886cc
59e79ea54e8f658c87deb00dbe730fd1435d1283
235c90c5f5b8c0caeae38b0823e7db13db32b25bd7abdedc0b3af739822a8ec6

HTTP Headers

GET /vi_webp/RSq66Sr9uac/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 21350
date: Sun, 03 Dec 2023 10:14:56 GMT
expires: Sun, 03 Dec 2023 12:14:56 GMT
cache-control: public, max-age=7200
etag: "1522921045"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/hospital/web/images/ha/vision2023.png

164.115.43.44

200 OK

358 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/ha/vision2023.png
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
PNG image data, 794 x 1123, 8-bit/color RGBA, non-interlaced\012- data
Size
358 kB (357892 bytes)
Hash
dc19c255285ae1d143927ae0ca3d6bd9
a2b91535b6a519e1dc3663c51fcdc843698dcda7
525b1d4fd314b7a782a668bf8a58dacdccd036fc05ee3d9ab27ff8cedd677ede

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/ha/vision2023.png HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 30 May 2023 04:30:38 GMT
ETag: "57604-5fce1aa445780"
Accept-Ranges: bytes
Content-Length: 357892
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png

www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/remote.js

142.250.74.78

200 OK

34 kB

URL GET HTTP/3
www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/remote.js
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (537)
Size
34 kB (33484 bytes)
Hash
63aa8296f70f3dcbf8b5df6faf8d46c3
2494976b44b1d3ec3b5825297e243679e7cca1dd
869da04350e0925de923dd2c39c41d18ba0625e3541bd5059ed5a611550552b6

HTTP Headers

GET /s/player/31e0b6d9/player_ias.vflset/en_US/remote.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 33484
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:21 GMT
expires: Fri, 29 Nov 2024 04:32:21 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 279755
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

142.250.74.170

200 OK

0 B

URL OPTIONS HTTP/3
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 03 Dec 2023 10:14:56 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

164.115.43.44/ita66/plugins/fontawesome-free/css/all.min.css

164.115.43.44

200 OK

57 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/fontawesome-free/css/all.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (56656)
Size
57 kB (56842 bytes)
Hash
41d394990448b2c2b1afe840e837dc8e
29250ef1fa6bfbda364a1112a86b2fb7157dd44b
f8de3f57f49b005896d4c3c10979df9cff5048ddfe29ebbe36507ed1ebff60a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/fontawesome-free/css/all.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "de0a-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 56842
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css

jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

142.250.74.170

200 OK

110 B

URL OPTIONS HTTP/3
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
110 B (110 bytes)
Hash
de2ece2f391429666aa22723fa9e39cd
d8da03877b908a41d14755805d5f9d3eec992399
aee7b75078d59ed9e517fa367e833821e4f7f479828ff8ee978780cf7e52d35b

HTTP Headers

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1186
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 03 Dec 2023 10:14:56 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/js/th/lYY52XQrUlH64Wh-f-QMzQSikq1nuSlNPE5Z4_DU2e4.js

142.250.74.132

200 OK

15 kB

URL GET HTTP/2
www.google.com/js/th/lYY52XQrUlH64Wh-f-QMzQSikq1nuSlNPE5Z4_DU2e4.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
ASCII text, with very long lines (38673)
Size
15 kB (15149 bytes)
Hash
1e5f8b711886c56ac3b42b46e8a98b36
801b5154aa0c22d8cca350a48af2682456633fde
958639d9742b5251fae1687e7fe40ccd04a292ad67b9294d3c4e59e3f0d4d9ee

HTTP Headers

GET /js/th/lYY52XQrUlH64Wh-f-QMzQSikq1nuSlNPE5Z4_DU2e4.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 15149
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 11:08:52 GMT
expires: Thu, 28 Nov 2024 11:08:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 17:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 342364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/hospital/web/images/nogif.jpg

164.115.43.44

200 OK

655 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/nogif.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.1 (Windows), datetime=2022:12:21 15:57:31], baseline, precision 8, 1600x900, components 3\012- data
Size
655 kB (655259 bytes)
Hash
dc6f1511e1164cd44ec8953ccb05c000
1050be98d28745476590efc939ff862f108d50a3
a689658509ca1c16ff03fcb4f142b55375e3ffe93ff48a984e512580cda08a73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/nogif.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 21 Dec 2022 08:57:33 GMT
ETag: "9ff9b-5f052be39d940"
Accept-Ranges: bytes
Content-Length: 655259
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/Po6IcWkBtcjdpdp1mefy4p/c8c39032ce49147aafe3456e0f23035d.jpg

164.115.43.44

200 OK

380 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/Po6IcWkBtcjdpdp1mefy4p/c8c39032ce49147aafe3456e0f23035d.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
380 kB (379950 bytes)
Hash
9ec60de80d77a42814952c85510137e7
1a7c85d63e4bf6e57f00fb19718890f9f2bfa838
6ce6a4c7bff1d1f26faf9b468e619d91d8346bc1a7f6aa35d4f57d0451ebcbf0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/Po6IcWkBtcjdpdp1mefy4p/c8c39032ce49147aafe3456e0f23035d.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 24 Feb 2022 08:34:48 GMT
ETag: "5cc2e-5d8bf74820adb"
Accept-Ranges: bytes
Content-Length: 379950
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/ita66/plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css

164.115.43.44

200 OK

9.1 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (836), with CRLF, LF line terminators
Size
9.1 kB (9071 bytes)
Hash
be1a1448dd867946cb6a580d348bc369
444757a3725470f67dddb403dc8788aea0cb1c86
be2d34616cdaf0c442488e4676c14ba6d0192142e7cb930f9fad8fc447ff6536

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/tempusdominus-bootstrap-4/css/tempusdominus-bootstrap-4.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "236f-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 9071
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/plugins/icheck-bootstrap/icheck-bootstrap.min.css

164.115.43.44

200 OK

12 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/icheck-bootstrap/icheck-bootstrap.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (12293), with CRLF line terminators
Size
12 kB (12505 bytes)
Hash
e067d8454ea71a421ac69892bc0f1bdf
3185a60f3cafa077277c925bb83a80517a1ed9a7
7f1c6f368fef383f3c0107eb1a1f3c0fbe308187b1e3b93dfac6b76d69827a52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/icheck-bootstrap/icheck-bootstrap.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "30d9-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 12505
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css

www.youtube.com/generate_204?eaEXig

142.250.74.78

204 No Content

0 B

URL GET HTTP/3
www.youtube.com/generate_204?eaEXig
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /generate_204?eaEXig HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 10:14:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

164.115.43.44/ita66/plugins/jqvmap/jqvmap.min.css

164.115.43.44

200 OK

613 B

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/jqvmap/jqvmap.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (612)
Size
613 B (613 bytes)
Hash
126a06688aa11c13a58772a516cf6d72
e9230a3801d2e674864a1b801fbf0b7eac59d1e6
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/jqvmap/jqvmap.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "265-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 613
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/plugins/overlayScrollbars/css/OverlayScrollbars.min.css

164.115.43.44

200 OK

20 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/overlayScrollbars/css/OverlayScrollbars.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (19243)
Size
20 kB (19470 bytes)
Hash
eecdf1a424a68e5ee7c2a5c2ab9d62f1
7d7cdccce8b7b79df4e812380d06408ce335992d
7df82b8eed52fe2aa69b1adf0feb904d177286ce98568bfc496c401cf2d37614

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/overlayScrollbars/css/OverlayScrollbars.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "4c0e-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 19470
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css

yt3.ggpht.com/3inJ78NumLjNpqeK6ixV173XFu3AV-ZcKhEQQbPuym0Hlq1qebbHqpzCI_uBqqN-2lVib0C0V-A=s68-c-k-c0x00ffffff-no-rj

142.250.74.161

200 OK

1.5 kB

URL GET HTTP/2
yt3.ggpht.com/3inJ78NumLjNpqeK6ixV173XFu3AV-ZcKhEQQbPuym0Hlq1qebbHqpzCI_uBqqN-2lVib0C0V-A=s68-c-k-c0x00ffffff-no-rj
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Size
1.5 kB (1501 bytes)
Hash
21a6fe4aee591cc80e00d4def6f105dc
62c9f1aea87f206b67d3bf76e15928cbf45b6849
0edce1577d256f02afaca431261ac083c643b0023c6ffdb776db22a164a54307

HTTP Headers

GET /3inJ78NumLjNpqeK6ixV173XFu3AV-ZcKhEQQbPuym0Hlq1qebbHqpzCI_uBqqN-2lVib0C0V-A=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v1"
expires: Mon, 04 Dec 2023 10:14:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="channels4_profile.jpg"
x-content-type-options: nosniff
date: Sun, 03 Dec 2023 10:14:56 GMT
server: fife
content-length: 1501
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/ita66/plugins/daterangepicker/daterangepicker.css

164.115.43.44

200 OK

8.1 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/daterangepicker/daterangepicker.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with CRLF line terminators
Size
8.1 kB (8069 bytes)
Hash
55e1d560821b4a4b141b0ab6cbb74d26
8ea448a2344bcc364a92e8c9282fc1585874512e
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/daterangepicker/daterangepicker.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "1f85-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 8069
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/plugins/summernote/summernote-bs4.css

164.115.43.44

200 OK

19 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/summernote/summernote-bs4.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (18647), with no line terminators
Size
19 kB (18647 bytes)
Hash
549b762da219736cc3a8179735ba61cd
4501e16117944c197a925cef1a278ca103aacdf4
08b3181d5897342c4351dff248b789263c8bb6d7816708ea678739a7a53b2fbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/summernote/summernote-bs4.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "48d7-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 18647
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/css/bootstrap.min.css

164.115.43.44

200 OK

157 kB

URL GET HTTP/1.1
164.115.43.44/ita66/css/bootstrap.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (39783), with CRLF line terminators
Size
157 kB (157211 bytes)
Hash
65807a29f2e8721ef7ba70123ce632e4
b3c0a433cf8f6a71ea59d4fe86632e4201d80359
afb04835c07505bd152d141eb6d1dbd18323e16e5a0a87cd8463aa84c94c8243

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/css/bootstrap.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 09 Apr 2019 12:08:06 GMT
ETag: "2661b-58617ce3c9580"
Accept-Ranges: bytes
Content-Length: 157211
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/css/style.css

164.115.43.44

200 OK

4.0 kB

URL GET HTTP/1.1
164.115.43.44/ita66/css/style.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text
Size
4.0 kB (4043 bytes)
Hash
da1d2fb930d9197ec0d5a9b9d4f1507e
f923957d5713ca64e4bb0153221f30298d99820b
d000ec52d9b3801b3221a1c5efff262b86b095deeef07408bde7a49198f4afff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/css/style.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 18 Mar 2020 06:22:40 GMT
ETag: "fcb-5a11b1447ec00"
Accept-Ranges: bytes
Content-Length: 4043
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/dist/css/adminlte.min.css

164.115.43.44

200 OK

603 kB

URL GET HTTP/1.1
164.115.43.44/ita66/dist/css/adminlte.min.css
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (65141)
Size
603 kB (602813 bytes)
Hash
910ac55aefb30feb1e68afb805213a3e
85a868fa4f880d51104775004f059955da73af3b
12f9018fd11c48eb11d1d3714b2459351e29bfadaefd08199ea31165de8be29d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/dist/css/adminlte.min.css HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "932bd-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 602813
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css

164.115.43.44/ita66/js/jquery.min.js

164.115.43.44

404 Not Found

220 B

URL GET HTTP/1.1
164.115.43.44/ita66/js/jquery.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
220 B (220 bytes)
Hash
4060e4af891b2dfa22c54d04893923bf
6d7c069f1e63cc25550ab694454f0e97f7a04433
2f87acb049945c75bc88b19338e09def7f034691a8dcc5ebfec6dbc3230dca67

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/js/jquery.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 220
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

164.115.43.44/ita66/js/bootstrap.min.js

164.115.43.44

404 Not Found

223 B

URL GET HTTP/1.1
164.115.43.44/ita66/js/bootstrap.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
223 B (223 bytes)
Hash
71cd4fa1fb76e6b2e665f5183b623bc9
9628b09e714e2011737812aa1a7d253d0ac975f8
881cd0cc9cf25a2f542218ad9c28a23ecb4508607da065a17d33ddab340b17c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/js/bootstrap.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 223
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

164.115.43.44/ita66/js/fontawsome.js

164.115.43.44

404 Not Found

220 B

URL GET HTTP/1.1
164.115.43.44/ita66/js/fontawsome.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
220 B (220 bytes)
Hash
f048550cfc68150bfbb05d9a5ba84ae2
61709ae2587abcf09728c21e631762aa72675b28
191907b858a7d677b0a3d59edf9dd8cbff22a0fa75caa25fd5990902ac2af0d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/js/fontawsome.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 220
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

164.115.43.44/ita66/plugins/jquery/jquery.min.js

164.115.43.44

200 OK

88 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/jquery/jquery.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (65451)
Size
88 kB (88145 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/jquery/jquery.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "15851-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 88145
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/jquery-ui/jquery-ui.min.js

164.115.43.44

200 OK

254 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/jquery-ui/jquery-ui.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (32074)
Size
254 kB (253669 bytes)
Hash
c15b1008dec3c8967ea657a7bb4baaec
78489e580adaef931e6e5b131dab556c397e4a1a
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/jquery-ui/jquery-ui.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "3dee5-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 253669
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/bootstrap/js/bootstrap.bundle.min.js

164.115.43.44

200 OK

79 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/bootstrap/js/bootstrap.bundle.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (65297)
Size
79 kB (78635 bytes)
Hash
a454220fc07088bf1fdd19313b6bfd50
265a733cb7fbc481fd2510a659a85ad55c93c895
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "1332b-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 78635
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/chart.js/Chart.min.js

164.115.43.44

200 OK

173 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/chart.js/Chart.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (65414)
Size
173 kB (172810 bytes)
Hash
5423897f58abad24d4ae62381db3417d
1445ca9d819381bbefaf4e1e21efbf3533ab7bcc
6485aa93c81317de6df661c89711cbe32718bb9d881d5703884f6be566ae3631

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/chart.js/Chart.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "2a30a-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 172810
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/sparklines/sparkline.js

164.115.43.44

200 OK

7.2 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/sparklines/sparkline.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with CRLF line terminators
Size
7.2 kB (7219 bytes)
Hash
3ffd8341d66e61f94991e97394a0a6f9
e81642192dfcfbc2c44da63ed8821529bdbcb8cc
643753ec4cdd550d26401f2b1e45cabdb04341587a4ac28954909980b5a69de3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/sparklines/sparkline.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "1c33-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 7219
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/jqvmap/jquery.vmap.min.js

164.115.43.44

200 OK

21 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/jqvmap/jquery.vmap.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (20912)
Size
21 kB (21150 bytes)
Hash
935f68d33bdd88a1341647523f7813a2
2ea92021c03f2956158f67aa51f08fbdcf0fed38
4f1dd628138e379c385de592abd2dd881302e37cf6dd80a7a13cf95b83221a09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/jqvmap/jquery.vmap.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "529e-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 21150
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/jqvmap/maps/jquery.vmap.usa.js

164.115.43.44

200 OK

48 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/jqvmap/maps/jquery.vmap.usa.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (47680)
Size
48 kB (47712 bytes)
Hash
43e330fe0440c72344722238695dc793
9877bca1d7babc71d4068dbb6c57672ce850878a
c6603cbe3c9ec566e4657a9f46f8c870f86c125fb6885a208549228a1c0acde8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/jqvmap/maps/jquery.vmap.usa.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "ba60-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 47712
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/jquery-knob/jquery.knob.min.js

164.115.43.44

200 OK

11 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/jquery-knob/jquery.knob.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (10804), with no line terminators
Size
11 kB (10804 bytes)
Hash
e708020309de1747a08957f691324ac8
4df8f239f9a18fcdd446d2238e6c1b0e32ea52d5
db5e38abe34e33f5d4e99c52a914c9f0fd16fc2918eb35dcea65d8b78fa617db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/jquery-knob/jquery.knob.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "2a34-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 10804
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/moment/moment.min.js

164.115.43.44

200 OK

53 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/moment/moment.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (53324), with no line terminators
Size
53 kB (53324 bytes)
Hash
761502841c035afcf6a9bdc5d0a20d11
69ab16ba8ca68431ab59eff286c7ed1e520bca30
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/moment/moment.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "d04c-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 53324
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/daterangepicker/daterangepicker.js

164.115.43.44

200 OK

67 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/daterangepicker/daterangepicker.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with CRLF line terminators
Size
67 kB (67268 bytes)
Hash
eea458a9a48a89094b8adf75a89dabce
8042e37aef14f4dee78e350bcf2ff961a54c0299
7071393d236d9c35f0904907d217b95e42453e2056a452aa06005bf5459df9d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/daterangepicker/daterangepicker.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "106c4-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 67268
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js

164.115.43.44

200 OK

57 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (32032)
Size
57 kB (56879 bytes)
Hash
ac4d4d755b70ee1a00f7fc78cc85bc05
e6ce53ab1858b532c037334b512e010f0f093943
cf4a0a620eb188bab7c891aca7f2ec63d5f291bc1e4251e5e368c7bf65d3073e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/tempusdominus-bootstrap-4/js/tempusdominus-bootstrap-4.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "de2f-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 56879
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/summernote/summernote-bs4.min.js

164.115.43.44

200 OK

128 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/summernote/summernote-bs4.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (65450)
Size
128 kB (127927 bytes)
Hash
e1828c10ba4dee962f9be1a7494789e6
3ca3382a49700536b989ccb2ccbd1ab655b814bb
8cf2b50019380ae16f4abdf5bf808b53b5fb5c2be2c594a2f1f4d30b0fedb2da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/summernote/summernote-bs4.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "1f3b7-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 127927
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js

164.115.43.44

200 OK

42 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text, with very long lines (41849)
Size
42 kB (42076 bytes)
Hash
b9248cb54d63e2b173e6fafc3d1654c4
8d3d4c908db775e6e9dd658250f1e1ec3a80b81a
92d19fd35b64fd48bbd5b3d31dca62b260a164542fe5af298cf05037233c7749

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "a45c-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 42076
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/dist/js/adminlte.js

164.115.43.44

200 OK

54 kB

URL GET HTTP/1.1
164.115.43.44/ita66/dist/js/adminlte.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text
Size
54 kB (54173 bytes)
Hash
e750c01aaf38601429c71425a9c6ff86
7d6cc88ca7bfd3317caffed152e1b5a810c0e2fd
b85717aaa03eb27be84971065ea8cbe10b66f387384be208dc89cc99ee388e30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/dist/js/adminlte.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "d39d-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 54173
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/dist/js/pages/dashboard.js

164.115.43.44

200 OK

7.6 kB

URL GET HTTP/1.1
164.115.43.44/ita66/dist/js/pages/dashboard.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text
Size
7.6 kB (7577 bytes)
Hash
778ac038287811d827b6784b9b6bee41
76dbca6af5a10c7a0fe4081af5d3ea92512dbdf4
fed707524ce1241d055a02f61ef9332ac5d748972dfb77b12d9ba63fd80ff1fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/dist/js/pages/dashboard.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "1d99-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 7577
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/dist/js/demo.js

164.115.43.44

200 OK

12 kB

URL GET HTTP/1.1
164.115.43.44/ita66/dist/js/demo.js
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
ASCII text
Size
12 kB (12181 bytes)
Hash
736dc546c6354a9e89331b7bbcf44993
cd366f0aa3387b6fdea9d0ba8f2fb88075c00c4d
7156ea6e3afdcd4933b639699c18d0bfcd75ea842987da78fe867269022b95f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/dist/js/demo.js HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "2f95-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 12181
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript

164.115.43.44/ita66/plugins/fontawesome-free/webfonts/fa-solid-900.woff2

164.115.43.44

200 OK

76 kB

URL GET HTTP/1.1
164.115.43.44/ita66/plugins/fontawesome-free/webfonts/fa-solid-900.woff2
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
Web Open Font Format (Version 2), TrueType, length 75728, version 330.32636\012- data
Size
76 kB (75728 bytes)
Hash
44d537ab79f921fde5a28b2c1636f397
b2879f9e1d0985a96842bf7f55a2b2cc4c636d04
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/plugins/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/plugins/fontawesome-free/css/all.min.css
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 19 Nov 2019 17:41:28 GMT
ETag: "127d0-597b692e6e200"
Accept-Ranges: bytes
Content-Length: 75728
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive

164.115.43.44/ita66/css/fonts/sukhumvitset-text-webfont.woff2

164.115.43.44

200 OK

34 kB

URL GET HTTP/1.1
164.115.43.44/ita66/css/fonts/sukhumvitset-text-webfont.woff2
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
Web Open Font Format (Version 2), TrueType, length 34452, version 0.66\012- data
Size
34 kB (34452 bytes)
Hash
015ae8cf3bf3e722e599e7e4603de2df
1226004502f3a64da535dbbd4e6917bdc3e94f01
98580bb9b36c9a0a0a591f9c361e13c0de4bd6d3d37c46422c021bf8434ebdd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/css/fonts/sukhumvitset-text-webfont.woff2 HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/css/style.css
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 04 May 2017 17:50:22 GMT
ETag: "8694-54eb66827b380"
Accept-Ranges: bytes
Content-Length: 34452
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive

164.115.43.44/hospital/web/photolibrarys/zv7HWFwA-riUWmgItN0R47/44e274eab88fdf21090e8da946d71200.jpg

164.115.43.44

200 OK

434 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/zv7HWFwA-riUWmgItN0R47/44e274eab88fdf21090e8da946d71200.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
434 kB (433461 bytes)
Hash
639baf4e54d553e9b977cb70987f7c67
bd37dd576049180b66d9a47738380df0f970453f
6a54467ab5f04631a5f237fd953017df80f927a6f886cb9f0dd64eebcf1bc776

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/zv7HWFwA-riUWmgItN0R47/44e274eab88fdf21090e8da946d71200.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 24 Feb 2022 07:36:11 GMT
ETag: "69d35-5d8bea2e6a87f"
Accept-Ranges: bytes
Content-Length: 433461
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/jpeg

www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

142.250.74.78

200 OK

31 B

URL POST HTTP/3
www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
JSON data\012- , ASCII text
Size
31 B (31 bytes)
Hash
5e1fa6fd9abd549a576f3f24b1d3c8d4
d5335d7f7d33be6a0b663f03b2df4df2521c4a87
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

HTTP Headers

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1701598503223
Content-Type: application/json
X-Goog-Visitor-Id: CgtTbEdwM0p2ZkVoTSieqrGrBjIICgJOTxICEgA%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20231128.01.01
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1701598500403&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C510%2C287&vis=1&wgl=true&ca_type=image
Content-Length: 16660
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Sun, 03 Dec 2023 10:14:57 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+271; expires=Tue, 02-Dec-2025 10:14:57 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 03 Dec 2023 10:14:57 GMT
cache-control: private

164.115.43.44/hospital/web/photolibrarys/lHCdEI4YFERb8kjUrszJ8e/c0a5eb359f1faae0a362dcb926b0054e.jpg

164.115.43.44

200 OK

537 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/lHCdEI4YFERb8kjUrszJ8e/c0a5eb359f1faae0a362dcb926b0054e.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
537 kB (536807 bytes)
Hash
e5d598030ef21ca26bf58df0449a9162
11a32421844bd9010a8c887506a7c2a8853b13d1
f91fefd0960524ad6a1a78705b5cb45ca62acd15645187acd084f8a1acbe02b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/lHCdEI4YFERb8kjUrszJ8e/c0a5eb359f1faae0a362dcb926b0054e.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 22 Jul 2021 03:59:18 GMT
ETag: "830e7-5c7ae4fa875bf"
Accept-Ranges: bytes
Content-Length: 536807
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/3nRMJSOEe9DcAwtjQE85Q7/44b442dcca870f24f016214b2156e69d.jpg

164.115.43.44

200 OK

372 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/3nRMJSOEe9DcAwtjQE85Q7/44b442dcca870f24f016214b2156e69d.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
372 kB (372075 bytes)
Hash
b988493bf8f05bf3e5532b94bc152f2b
773d40c4170732c6fb9be9a123f5e74b7303d353
1a1b8698175089f234cf36f53ff00f82eea19ee6dd49b26a358775f4eec86393

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/3nRMJSOEe9DcAwtjQE85Q7/44b442dcca870f24f016214b2156e69d.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Mon, 26 Apr 2021 07:22:45 GMT
ETag: "5ad6b-5c0db031429b0"
Accept-Ranges: bytes
Content-Length: 372075
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/qCBDqheUBPeaDAzkdpU5_U/f8ef19bbe7c57dbc1ece44a9363a0360.jpg

164.115.43.44

200 OK

368 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/qCBDqheUBPeaDAzkdpU5_U/f8ef19bbe7c57dbc1ece44a9363a0360.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
368 kB (368167 bytes)
Hash
3190f950ed77ade9b7e3c3605403dcab
2e108451cc444ff35af9a8efa97864ac81ad3ca2
952856038224142a98e6959ea8e036d609a0cc59017d82dbca76871c0ec3ad09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/qCBDqheUBPeaDAzkdpU5_U/f8ef19bbe7c57dbc1ece44a9363a0360.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Sat, 10 Apr 2021 05:24:21 GMT
ETag: "59e27-5bf977e2f592d"
Accept-Ranges: bytes
Content-Length: 368167
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/IQtE8DNEh5trgzkn5dprCu/2ca8eb664f447166fc1e97ca8ad928bb.jpg

164.115.43.44

200 OK

1.0 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/IQtE8DNEh5trgzkn5dprCu/2ca8eb664f447166fc1e97ca8ad928bb.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1754, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1240], baseline, precision 8, 1240x1754, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 16, minimum point enabled, calibration: offset 0.000000, slope 4754540834632868954551630168064.000000\012- data
Size
1.0 MB (1042558 bytes)
Hash
328485e4906319941bfeed3c10e9f87d
0522326d66aa10cf225349ced164614b88d4979f
779ef655b1eff2d77a5e81bdaaec429accc30c4f33d3db8981f5086ba44c2f78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/IQtE8DNEh5trgzkn5dprCu/2ca8eb664f447166fc1e97ca8ad928bb.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 10 Feb 2022 08:05:16 GMT
ETag: "fe87e-5d7a5691b7740"
Accept-Ranges: bytes
Content-Length: 1042558
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/pYEuahH-N13GNcc1bMDlUH/8a260a369f6c8131247777cfb22ee451.jpg

164.115.43.44

200 OK

392 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/pYEuahH-N13GNcc1bMDlUH/8a260a369f6c8131247777cfb22ee451.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
392 kB (392449 bytes)
Hash
7ae8470b7c7573673d09f78df96aaad3
9add3e15bd8938897cc1321e1435313905316f54
79bd104d0162023838570cb9250878ba831c286a13e9bb0cc108397ec37ec5a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/pYEuahH-N13GNcc1bMDlUH/8a260a369f6c8131247777cfb22ee451.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 07 Apr 2021 03:19:47 GMT
ETag: "5fd01-5bf59672cffd1"
Accept-Ranges: bytes
Content-Length: 392449
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/lnJ8OPghkfIsE2hekjzVbi/25f0a8ebc70b502ffdde712acf532839.jpg

164.115.43.44

200 OK

413 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/lnJ8OPghkfIsE2hekjzVbi/25f0a8ebc70b502ffdde712acf532839.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
413 kB (413331 bytes)
Hash
340a2c8bc3cddcc2f6ebc2fdf01a77ba
614a6c58f162069a0a74e9ce1437567c1fc2c869
e41fd800485fa5627b16d23af1fb1d334b5d0222e6e9e22e52d4b24b87f7ed60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/lnJ8OPghkfIsE2hekjzVbi/25f0a8ebc70b502ffdde712acf532839.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Mon, 05 Apr 2021 11:14:08 GMT
ETag: "64e93-5bf37cbe6fe23"
Accept-Ranges: bytes
Content-Length: 413331
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/JOIgMALzDVzHKS0Ys5xSjn/da907c174e0eedf4464794d68ce612c1.jpg

164.115.43.44

200 OK

378 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/JOIgMALzDVzHKS0Ys5xSjn/da907c174e0eedf4464794d68ce612c1.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
378 kB (377651 bytes)
Hash
1b1bca31f8d05e6008e1c5ca58cd2566
a4fbd61a7f38a27d1372ffec7e98e7833e99f21e
f46b4fc0317a3202a7c4b500022a1891bcce1edd3d6009b8b043ac098073be16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/JOIgMALzDVzHKS0Ys5xSjn/da907c174e0eedf4464794d68ce612c1.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Fri, 29 Jan 2021 07:41:14 GMT
ETag: "5c333-5ba052100e9f9"
Accept-Ranges: bytes
Content-Length: 377651
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/CcPZJkziMpuMZu0fRCIgTg/6c6a659115f024810b8a3e3ed52d5d71.jpg

164.115.43.44

200 OK

546 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/CcPZJkziMpuMZu0fRCIgTg/6c6a659115f024810b8a3e3ed52d5d71.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
546 kB (546103 bytes)
Hash
6a4d8de68f71948e6ba7b8363dc023f5
1ede01d9c8fc5459b38b14c0c358477becd527ad
5be8fe43870f05ab18ff2b8519b9ac510d1652d170419e25c6baf0e2fcd41a76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/CcPZJkziMpuMZu0fRCIgTg/6c6a659115f024810b8a3e3ed52d5d71.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 24 Feb 2022 07:34:16 GMT
ETag: "85537-5d8be9c06897b"
Accept-Ranges: bytes
Content-Length: 546103
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/Q_kQZfYCX6C62HFYZBRrRt/0f6f7db72afbd15b312ab6ee75d784b3.jpg

164.115.43.44

200 OK

1.3 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/Q_kQZfYCX6C62HFYZBRrRt/0f6f7db72afbd15b312ab6ee75d784b3.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1754, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1240], baseline, precision 8, 1240x1754, components 3\012- data
Size
1.3 MB (1286038 bytes)
Hash
cb1640f8939d74f2370d8551685b9228
3b7b27917088ea21066cc184a123444e03b9e6bd
f735d9b4745f8d86a2f06cab92772207055d65c9eacbf852b698ddafe09fc002

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/Q_kQZfYCX6C62HFYZBRrRt/0f6f7db72afbd15b312ab6ee75d784b3.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 15 Feb 2022 07:59:52 GMT
ETag: "139f96-5d809eb064749"
Accept-Ranges: bytes
Content-Length: 1286038
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/E9xrAt_JDlUlKR72EWfYIk/fc549ec59e524f1932db653beeed9749.jpg

164.115.43.44

200 OK

425 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/E9xrAt_JDlUlKR72EWfYIk/fc549ec59e524f1932db653beeed9749.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
425 kB (424746 bytes)
Hash
3e9bcc17d8cde1c8f9574ce24d243a20
256db78a07c6cc265e56eae12b1482c9a36ffee3
50b5ccec26dc73122bd072adb4518de859ece3a057fb9ad925d642bca49396a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/E9xrAt_JDlUlKR72EWfYIk/fc549ec59e524f1932db653beeed9749.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Mon, 18 Jan 2021 09:20:35 GMT
ETag: "67b2a-5b9293c0f4b69"
Accept-Ranges: bytes
Content-Length: 424746
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/jSLrq-8iV_k8hnbklqOYu7/d783d8ad537cd3b06c159805bd6f3067.jpg

164.115.43.44

200 OK

432 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/jSLrq-8iV_k8hnbklqOYu7/d783d8ad537cd3b06c159805bd6f3067.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
432 kB (432155 bytes)
Hash
216e1dac8cae6fe4bc727e0d92604292
45c53740d9671c2a4eacfc76fa59cfb6d919f437
2e6a1ecb27305f3fc539e4ab666806c1f377b15421336d16681acce3831cd7be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/jSLrq-8iV_k8hnbklqOYu7/d783d8ad537cd3b06c159805bd6f3067.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Fri, 04 Dec 2020 07:59:17 GMT
ETag: "6981b-5b59eda72bd8f"
Accept-Ranges: bytes
Content-Length: 432155
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/sxxoB5x2o6b38C2N1XAEDL/1528a392ab9f9d4cab75fa35816684b0.jpg

164.115.43.44

200 OK

351 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/sxxoB5x2o6b38C2N1XAEDL/1528a392ab9f9d4cab75fa35816684b0.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
351 kB (350592 bytes)
Hash
df7ed24d85494687e9b7163e87a48a27
5c79bfdd40fcc6e9db1be5da4f6a607c4607dc6d
0d50b6df75c61a481ea78d21d0f9c7e8a2b734530b7aee5758806e231bd53e78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/sxxoB5x2o6b38C2N1XAEDL/1528a392ab9f9d4cab75fa35816684b0.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 02 Dec 2020 09:04:27 GMT
ETag: "55980-5b57787c939f3"
Accept-Ranges: bytes
Content-Length: 350592
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/Kt95NfGa-6lTcF_rqYw2Vv/ccd955d9af30c3e6e6fa553cd1733edc.jpg

164.115.43.44

200 OK

356 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/Kt95NfGa-6lTcF_rqYw2Vv/ccd955d9af30c3e6e6fa553cd1733edc.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
356 kB (355980 bytes)
Hash
c017c150999b8d5982d64008567fa991
5b74f6796bf869d60602d86a540f58fadfea19c2
7b8cce7df5fd89211a4b26b3e233d4856fd3424a913de47715dcb3b45ab40925

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/Kt95NfGa-6lTcF_rqYw2Vv/ccd955d9af30c3e6e6fa553cd1733edc.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 01 Dec 2020 07:37:23 GMT
ETag: "56e8c-5b562328d6c05"
Accept-Ranges: bytes
Content-Length: 355980
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/l7Wv7g_4ci-YczWldRidNY/07560ef7e94db7d8c6e0af6c9f6d6555.jpg

164.115.43.44

200 OK

353 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/l7Wv7g_4ci-YczWldRidNY/07560ef7e94db7d8c6e0af6c9f6d6555.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
353 kB (353016 bytes)
Hash
a394afcb261dd1643714b09351f7b948
cc28f988fe7892dd5dce2250be23d5812cce6378
7db76d61976f27ef0b6893e1c89a4131ac8a36eb597618b3029fb9bac8158170

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/l7Wv7g_4ci-YczWldRidNY/07560ef7e94db7d8c6e0af6c9f6d6555.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 01 Dec 2020 07:30:43 GMT
ETag: "562f8-5b5621ab5ca7a"
Accept-Ranges: bytes
Content-Length: 353016
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/photolibrarys/hF32Z68ONJlnKwlk8BNDDV/09477fafc612f410ad2186cc77f1d9a0.jpg

164.115.43.44

200 OK

358 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/hF32Z68ONJlnKwlk8BNDDV/09477fafc612f410ad2186cc77f1d9a0.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1754, components 3\012- data
Size
358 kB (358171 bytes)
Hash
3a0edeb0127821e78fbff257afa1a0ac
ee1de72a01c2bf9a9ee62506a067689f7da285e8
ca202b4d4481b4e99a48784b9fa16e1c1c7658bc8bbac9f063db84398231aa15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/hF32Z68ONJlnKwlk8BNDDV/09477fafc612f410ad2186cc77f1d9a0.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Tue, 01 Dec 2020 07:34:15 GMT
ETag: "5771b-5b5622765e3de"
Accept-Ranges: bytes
Content-Length: 358171
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/ita66/dist/img/logomoph.png

164.115.43.44

200 OK

21 kB

URL GET HTTP/1.1
164.115.43.44/ita66/dist/img/logomoph.png
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/ita66/

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20860 bytes)
Hash
71ec81a92df96988b033effe3778cff3
8e5d907f48ee467fbc7d6e7aa5fa7ccfd4912522
d40a7923fe721862504fb99bccd22d3e36b68bb987cd0a2edd292a4e4786ab85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/dist/img/logomoph.png HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/ita66/
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Sun, 12 Jan 2020 03:24:08 GMT
ETag: "517c-59be8e4450600"
Accept-Ranges: bytes
Content-Length: 20860
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: image/png

164.115.43.44/hospital/web/images/thsss.jpg

164.115.43.44

200 OK

472 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/thsss.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1980x513, components 3\012- data
Size
472 kB (472462 bytes)
Hash
013437e1f32ed07ac8dcdf5544fba49f
bf9d4cb5644b093efb7dff88bdf0ac53a8e487ea
2960ee2001b8b7659ec5fe8a214ef616e552b2d42f1adbb19266b7402b351b21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/thsss.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 11 Dec 2019 08:59:21 GMT
ETag: "7358e-59969d82d0c40"
Accept-Ranges: bytes
Content-Length: 472462
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/images/info/info21.jpg

164.115.43.44

200 OK

2.0 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/info/info21.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, baseline, precision 8, 3296x1241, components 4\012- data
Size
2.0 MB (1988362 bytes)
Hash
2b694fe98ddc7f01464e96623f3538e4
1bc5659726e77e73ce5b471d18fd116246159db5
505707b0841f3f51a1bf6954219f5c99cbe5de5ffa5b550413907e9ad3bc6679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/info/info21.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 15 Apr 2021 15:08:53 GMT
ETag: "1e570a-5c0043dd00b40"
Accept-Ranges: bytes
Content-Length: 1988362
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/images/info/info22.jpg

164.115.43.44

200 OK

1.5 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/info/info22.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, baseline, precision 8, 3296x1241, components 4\012- data
Size
1.5 MB (1514635 bytes)
Hash
679f9ba73024bc83bd1d0cc4a8e5fcbf
6bc087ce8dd3ae4b4a2610e49986ea3d7b683aef
dc28754f7d7fce6ef3792b3a9007c8dfdcf4bd4f490fd0109aa792fd778a9d96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/info/info22.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 15 Apr 2021 15:07:49 GMT
ETag: "171c8b-5c00439ff7b40"
Accept-Ranges: bytes
Content-Length: 1514635
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/favicon.ico

164.115.43.44

404 Not Found

209 B

URL GET HTTP/1.1
164.115.43.44/favicon.ico
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
209 B (209 bytes)
Hash
18ffb59b61525f781cf9251045be575d
bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 03 Dec 2023 10:14:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 209
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

164.115.43.44/ita66/

164.115.43.44

200 OK

20 kB

URL GET HTTP/1.1
164.115.43.44/ita66/
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
20 kB (19830 bytes)
Hash
6cabf7ec0ee3968216da51260df34447
2ff4a2aea881c63abb21234159c92837bfc31164
e44273aa7127ca8c22f89fbf03d4f7f2dbfcbbe6095ca8867833f7e6c9a34349

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ita66/ HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:15:12 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: cookiesession1=678B76F47993D1758CB125109D4A103D;Expires=Mon, 02 Dec 2024 10:15:12 GMT;Path=/;HttpOnly
content-length: 19830

www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

142.250.74.78

200 OK

31 B

URL POST HTTP/3
www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://www.youtube.com/embed/RSq66Sr9uac
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
JSON data\012- , ASCII text
Size
31 B (31 bytes)
Hash
5e1fa6fd9abd549a576f3f24b1d3c8d4
d5335d7f7d33be6a0b663f03b2df4df2521c4a87
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

HTTP Headers

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1701598519225
Content-Type: application/json
X-Goog-Visitor-Id: CgtTbEdwM0p2ZkVoTSieqrGrBjIICgJOTxICEgA%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20231128.01.01
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1701598500403&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C510%2C287&vis=1&wgl=true&ca_type=image
Content-Length: 1093
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/RSq66Sr9uac
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Sun, 03 Dec 2023 10:15:14 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+000; expires=Tue, 02-Dec-2025 10:15:14 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 03 Dec 2023 10:15:14 GMT
cache-control: private

fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700

142.250.74.170

200 OK

9.3 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://164.115.43.44/ita66/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (9493), with no line terminators
Size
9.3 kB (9269 bytes)
Hash
677faf88c9909312ed868d669b63221b
105d45dc6337d2a4784a010c930a21a6e9aa3db7
42d26d154178d6041f6e62ee0519a70508605444e58b0aad646144562b1d45d4

HTTP Headers

GET /css?family=Source+Sans+Pro:300,400,400i,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 10:14:56 GMT
date: Sun, 03 Dec 2023 10:14:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

164.115.43.44/hospital/web/photolibrarys/vG0aiBGy9pF12SpnctXQKj/9038e16e71f7628dff233762a31552b4.jpg

164.115.43.44

200 OK

1.3 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/vG0aiBGy9pF12SpnctXQKj/9038e16e71f7628dff233762a31552b4.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1754, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1240], baseline, precision 8, 1240x1754, components 3\012- data
Size
1.3 MB (1333381 bytes)
Hash
9ad501ec0041d30f28051a7a3268b986
10455b28f21da0bfd6a55418ec10c099b9181a81
321cf8c93509804c68f3b78d50633ce23048eea8e070ad646bb814b7ce3ddba6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/vG0aiBGy9pF12SpnctXQKj/9038e16e71f7628dff233762a31552b4.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 17 Mar 2022 03:19:52 GMT
ETag: "145885-5da6180e52130"
Accept-Ranges: bytes
Content-Length: 1333381
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg

164.115.43.44/hospital/web/images/info/info20.jpg

164.115.43.44

200 OK

1.9 MB

URL GET HTTP/1.1
164.115.43.44/hospital/web/images/info/info20.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type

Size
1.9 MB (1851995 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/images/info/info20.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 15 Apr 2021 15:08:42 GMT
ETag: "1c425b-5c0043d283280"
Accept-Ranges: bytes
Content-Length: 1851995
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg

code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css

104.26.7.173

200 OK

51 kB

URL GET HTTP/2
code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
IP
104.26.7.173:443
ASN
#13335 CLOUDFLARENET

Requested by
http://164.115.43.44/ita66/
Certificate
IssuerCloudflare, Inc.
Subjectionicframework.com
FingerprintF0:95:87:C3:E4:A0:31:2D:83:93:BF:FD:9F:E3:6A:84:64:FB:AC:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type

Size
51 kB (51284 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 10:14:56 GMT
content-type: text/css; charset=utf-8
x-origin-cache: HIT
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
access-control-allow-origin: *
etag: W/"64382bc3-c854"
expires: Mon, 27 Nov 2023 21:19:56 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-github-request-id: D232:C648:639EA:65491:65650677
via: 1.1 varnish
age: 85315
x-served-by: cache-cph2320048-CPH
x-cache: HIT
x-cache-hits: 1
x-timer: S1701513181.035930,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: a3da77acc76a98397e5df6668ea8be4ff5aa803b
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmTMUD5SBBoNzerX8wu%2B1w8HvEQMp2zXeKKnTyWw8NA1aZSMaTFmR0ZQvRIPZJW0BTQxGcvXErgyNrZPoLjoMZXQQOFqAA11mVomZJNpf0iXDNsf0jX4k9a8tCXaifHwRyYGh%2BobnoF3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fb0ba9ae3ebe4e-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.youtube.com/embed/RSq66Sr9uac

142.250.74.78

200 OK

92 kB

URL GET HTTP/2
www.youtube.com/embed/RSq66Sr9uac
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
http://164.115.43.44/hospital/web/index.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
92 kB (92334 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /embed/RSq66Sr9uac HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 10:14:54 GMT
strict-transport-security: max-age=31536000
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=SycHlsfM-bw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=SlGp3JvfEhM; Domain=.youtube.com; Expires=Fri, 31-May-2024 10:14:54 GMT; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_PRIVACY_METADATA=CgJOTxICEgA%3D; Domain=.youtube.com; Expires=Fri, 31-May-2024 10:14:54 GMT; Path=/; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+455; expires=Tue, 02-Dec-2025 10:14:54 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

164.115.43.44/hospital/web/photolibrarys/mnR8NhzpeRDHimeNVWvqyG/ed26f98cbe2775630d7917cf56099f3b.jpg

164.115.43.44

200 OK

472 kB

URL GET HTTP/1.1
164.115.43.44/hospital/web/photolibrarys/mnR8NhzpeRDHimeNVWvqyG/ed26f98cbe2775630d7917cf56099f3b.jpg
IP
164.115.43.44:80
ASN
#9835 Government Information Technology Services

Requested by
http://164.115.43.44/hospital/web/index.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1108x1478, components 3\012- data
Size
472 kB (472302 bytes)
Hash
0c466a4813e954e8c2e5c3d869c982e7
481cddd7def57218141f3a45b0618f6c208533a9
1f9544fce7b22b5e81c350a17266590d816174beb414d2f59206370c76ba9b53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hospital/web/photolibrarys/mnR8NhzpeRDHimeNVWvqyG/ed26f98cbe2775630d7917cf56099f3b.jpg HTTP/1.1
Host: 164.115.43.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://164.115.43.44/hospital/web/index.php
Cookie: _csrf=59c9ba75e13d48edcae86179079f375494d49aab530e893b768b407cabe7f9d7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22KHy9gvyJqH0L2voywZQBNST7mKyP__GR%22%3B%7D; cookiesession1=678B76F4BD24803B08FBD4044E164577
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 10:14:56 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Wed, 16 Mar 2022 10:07:00 GMT
ETag: "734ee-5da531316d378"
Accept-Ranges: bytes
Content-Length: 472302
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg

code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1

104.26.7.173

200 OK

188 kB

URL GET HTTP/3
code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1
IP
104.26.7.173:443
ASN
#13335 CLOUDFLARENET

Requested by
http://164.115.43.44/ita66/
Certificate
IssuerCloudflare, Inc.
Subjectionicframework.com
FingerprintF0:95:87:C3:E4:A0:31:2D:83:93:BF:FD:9F:E3:6A:84:64:FB:AC:2E
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
TrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh\012- data
Size
188 kB (188508 bytes)
Hash
dd4781d1acc57ba4c4808d1b44301201
956116ebe4b3a315b1a43009567e6f8ad0a9a720
5e700835ec05293a3d0f9e354e7d038319d34521cd279e782198dff6d1dd58f2

HTTP Headers

GET /ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1 HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://164.115.43.44
DNT: 1
Connection: keep-alive
Referer: https://code.ionicframework.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 10:14:57 GMT
content-type: font/ttf
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
access-control-allow-origin: *
etag: W/"64382bc3-2e05c"
expires: Tue, 31 Oct 2023 01:58:07 GMT
cache-control: max-age=31536000
x-proxy-cache: MISS
x-github-request-id: 1FCE:113C:7FF887E:822A137:65405CD4
via: 1.1 varnish
x-served-by: cache-cph2320048-CPH
x-cache: HIT
x-cache-hits: 6
x-timer: S1701598497.333956,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 4b8416006bc17c729ad5788a7a546ad6cc904625
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PjZYABZ%2BNC%2FKw3Crlo8abM786gKJVEKR%2FAAk0bhYLTHsZoOIkuIGzSinoAmikkQiv5HOzhyGwB7lI%2BgGKamXKf7GjHYgDFm7TAfrmmRDu7KNc1qqNu8rg8aNQCJbMNZo2GaZ9Ajtbne"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fb0bb03d25997e-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (180)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by