139.9.197.177:8080/tplus/view/login.html
139.9.197.177200 OK 9.8 kB URL User Request GET HTTP/1.1 139.9.197.177:8080/tplus/view/login.html
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5af2ae2fdb40402fad8bf4428c594a65
5bad241257cc75d9e982e740121534db6c26f3f4
1914dd0a3cd5fa5c580b104cedb97dcfff07b8d579f48a9e4f8af8164658ae9e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/view/login.html HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:58 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-99b8"
Content-Encoding: gzip
139.9.197.177:8080/tplus/css/ticon/login/style.css
139.9.197.177200 OK 666 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ticon/login/style.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with CRLF line terminators
Hash f314bd9a285088171213e8cba3f96e58
b0279476826ebb3940afdfe2f9d1b369b66f5485
f27a5863db5ea1aa9738c4dabccbe64484e4c36789eae7e156dd59e10ee1dc6e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ticon/login/style.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Feb 2022 02:31:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6205ca97-909"
Content-Encoding: gzip
139.9.197.177:8080/tplus/css/ticonfont/logos/iconfont.css
139.9.197.177200 OK 928 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ticonfont/logos/iconfont.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with CRLF line terminators
Hash e0cdbbaf172af04a28acb25be8c92e19
e47cfc1eb212f9e68f757d81e3c97ac7657380ec
0adca6d761009e909205ee7b0b121e01594f3e20c66d0cf98103f0f0f6d79c7a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ticonfont/logos/iconfont.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-1407"
Content-Encoding: gzip
139.9.197.177:8080/tplus/css/ticonfont/portalvoucher/iconfont.css
139.9.197.177200 OK 2.0 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ticonfont/portalvoucher/iconfont.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with CRLF line terminators
Hash f1bd177181f7978626431867409b6c02
ff57666503cc925b404d18323e06509efcd08504
6b871c1028a3669b09495190649a38f87bf3322eed7639adb6ecd36bb8076750
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ticonfont/portalvoucher/iconfont.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-27b6"
Content-Encoding: gzip
139.9.197.177:8080/tplus/css/login/login-ad.css
139.9.197.177200 OK 849 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/login/login-ad.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with CRLF line terminators
Hash 32cecbfe0f493b17a1dcd948d0fe211a
e187a77b6bebf7b0ea16885730fc5c11aafec3cd
21361fab7a4152b0c495cec9d8ec318fe392059d65476295a07e608447717965
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/login/login-ad.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Feb 2022 02:31:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6205ca97-14f2"
Content-Encoding: gzip
139.9.197.177:8080/tplus/lib/css/tp.control.css.ashx
139.9.197.177200 OK 27 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/lib/css/tp.control.css.ashx
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with very long lines (559), with CRLF line terminators
Hash af7379d9273d7e2f531a50192652f45f
e60f993744d045466a4893106545580d3beecf5b
fdb69f9ac0256da8f8992b22387388fe4827dc976bd773fdb311ffee496716a1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/lib/css/tp.control.css.ashx HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Content-Length: 27408
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Content-Encoding: gzip
Set-Cookie: ASP.NET_SessionId=1i1ju4ehfxjwlqfkxwdklcjq; path=/; HttpOnly; SameSite=Lax
Cache-Control: public, no-cache="Set-Cookie"
Last-Modified: Fri, 26 Apr 2024 11:19:59 GMT
ETag: tplus.lib.css3101099C075AC69F55BD0184A75C6D40.css.ashx
139.9.197.177:8080/tplus/css/login/login.css
139.9.197.177200 OK 8.6 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/login/login.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 24be175eea1cb5a83043e3f7f7239a16
b57e954074ee9567a57d4e884c11c0845edbb18b
969aff4293fcf86195f17a058a7cfac418568268bfae216540f830758e30f133
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/login/login.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-84a6"
Content-Encoding: gzip
t.static.chanjet.com/app/AppQRIcon/TPLUSAPP.png
98.98.132.213200 OK 42 kB URL GET HTTP/2 t.static.chanjet.com/app/AppQRIcon/TPLUSAPP.png
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, components 3
Hash 64355214b054019c9f311d06da06a103
7b554912bd2d5b2d06862c2068fd186ecdd544f1
6800255f7852e37e63b9863d2c872dca4d7598b9e894d3fa3e53779f8e96d03b
GET /app/AppQRIcon/TPLUSAPP.png HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/png
content-length: 41895
accept-ranges: bytes
age: 269023
content-md5: ZDVSFLBUAZyfMR0G2gahAw==
etag: "64355214B054019C9F311D06DA06A103"
last-modified: Tue, 06 Apr 2021 05:59:35 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 9525143256147531599
x-oss-object-type: Normal
x-oss-request-id: 662773010E1FCB3935109F5D
x-oss-server-time: 40
x-oss-storage-class: Standard
x-request-id: 5242433cd81310a306e4a325e8faf2e5
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:19:59 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
t.static.chanjet.com/adv/news180/img/dec/tplus.jpg
98.98.132.213200 OK 194 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/tplus.jpg
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 1540x1540, components 3
Size 194 kB (194006 bytes)
Hash b287ed3040d2f5c2f603f0b11849258f
507892d6d5cd2a201a219fb77f25d03496cbacce
62c8226cf2fc1a0a518d6b45389c4e86b0a5f898af4ecab1da8769022a63a803
GET /adv/news180/img/dec/tplus.jpg HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/jpeg
content-length: 194006
accept-ranges: bytes
age: 269023
content-md5: softMEDS9cL2A/CxGEkljw==
etag: "B287ED3040D2F5C2F603F0B11849258F"
last-modified: Thu, 07 Dec 2023 09:17:57 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 78989698247345741
x-oss-object-type: Normal
x-oss-request-id: 66277301419DF7373645B4BD
x-oss-server-time: 54
x-oss-storage-class: Standard
x-request-id: 3afad47f90a3c516ef15526b3563b076
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:19:59 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
t.static.chanjet.com/adv/news180/img/dec/zhcj.png
98.98.132.213200 OK 255 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/zhcj.png
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1540x1540, components 3
Size 255 kB (254880 bytes)
Hash 4cef22ce32f491a342021ce504a115af
6cb8500fe1a29152c52f1d9788337f98fdf5ab3b
ffd1f04f822b8ef083ae22632e1c5c6b557409ba00c5f8fbd298e5799cf8c362
GET /adv/news180/img/dec/zhcj.png HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/png
content-length: 254880
accept-ranges: bytes
age: 269019
content-md5: TO8izjL0kaNCAhzlBKEVrw==
etag: "4CEF22CE32F491A342021CE504A115AF"
last-modified: Thu, 29 Sep 2022 11:30:33 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 15308644309945211970
x-oss-object-type: Normal
x-oss-request-id: 66277304ABC3F43430B8A778
x-oss-server-time: 20
x-oss-storage-class: Standard
x-request-id: a8da5c2ac70ac0b84aaf8642b7fe9ace
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:19:59 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
t.static.chanjet.com/adv/news180/img/dec/djgzfx.png
98.98.132.213200 OK 254 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/djgzfx.png
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1544x1540, components 3
Size 254 kB (254239 bytes)
Hash c511257f943503ee73b064f1d253a97d
ce0b490c64f1bc545598657a5d0e36617be2aed7
faea62570285d145d9426618697ec261b2e54ad0e905a3c8cf81ea08456f2a40
GET /adv/news180/img/dec/djgzfx.png HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/png
content-length: 254239
accept-ranges: bytes
age: 269022
content-md5: xRElf5Q1A+5zsGTx0lOpfQ==
etag: "C511257F943503EE73B064F1D253A97D"
last-modified: Thu, 29 Sep 2022 11:30:33 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 779010558100988590
x-oss-object-type: Normal
x-oss-request-id: 662773017E6EEB31393033F4
x-oss-server-time: 39
x-oss-storage-class: Standard
x-request-id: fe4d75d02a6e8694f03db05466352e9d
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:19:59 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
139.9.197.177:8080/tplus/css/ex/loginex.css
139.9.197.177200 OK 111 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ex/loginex.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with CRLF line terminators
Hash 9bee5a3117c16d12448d4b56decc0a44
75351b482c590f1edfc33a47fa1826d003b1bdad
ef515b4fa495ea54d6fb85eea19579e166a81b59f812f1274ffddaa29440c87a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ex/loginex.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Content-Length: 111
Last-Modified: Fri, 11 Feb 2022 02:31:50 GMT
Connection: keep-alive
ETag: "6205ca96-6f"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/css/login/t-hover.css
139.9.197.177200 OK 458 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/login/t-hover.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with CRLF line terminators
Hash d4e4a5147167571b4f70e36e6b713ec4
8aef63175948d7be573247cd41353e81fbb8ef4b
bc49ae1e3c3a3e03937a893cd8208e664d426f6bafe10f8e43bc9edd8dadeaea
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/login/t-hover.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Feb 2022 02:31:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6205ca97-4c6"
Content-Encoding: gzip
139.9.197.177:8080/tplus/css/common/t-btn.css
139.9.197.177200 OK 832 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/common/t-btn.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash d8f3a4ab179cff042b9dc28639eb6751
20e4c8ae79606bba5eccca4828001e92c339a192
1d717474004d9fa55e3203742d299c99ae7df1033e6b1e99f77fb7040070b423
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/common/t-btn.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Wed, 19 Oct 2022 23:15:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6350851d-bbc"
Content-Encoding: gzip
t.static.chanjet.com/adv/news180/img/dec/zjgl.png
98.98.132.213200 OK 247 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/zjgl.png
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1540x1540, components 3
Size 247 kB (247418 bytes)
Hash 020700948d39ce590cec2e16d93fe424
ca46c55739c73092716b0fedf6e3bf9b7bdd7307
90601209449c9700067a159ef4af32f0d340641b30ed126e456be2864a3ec56e
GET /adv/news180/img/dec/zjgl.png HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/png
content-length: 247418
accept-ranges: bytes
age: 269019
content-md5: AgcAlI05zlkM7C4W2T/kJA==
etag: "020700948D39CE590CEC2E16D93FE424"
last-modified: Thu, 29 Sep 2022 11:30:33 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 18110102738224241108
x-oss-object-type: Normal
x-oss-request-id: 6627730415CB0337317901EC
x-oss-server-time: 75
x-oss-storage-class: Standard
x-request-id: c90597438db8585633d3e6206dc0a732
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:19:59 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
t.static.chanjet.com/adv/news180/img/dec/wlxqjh.png
98.98.132.213200 OK 270 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/wlxqjh.png
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1540x1540, components 3
Size 270 kB (270176 bytes)
Hash 856f24749c742bbbd260199bff35c6f2
12c57f027b9936c2475cfa7c142db91a71bdaf11
c021ab672d89b178570ad4980c288664295ec64794da6332d87b6e4f5bfe436c
GET /adv/news180/img/dec/wlxqjh.png HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/png
content-length: 270176
accept-ranges: bytes
age: 269022
content-md5: hW8kdJx0K7vSYBmb/zXG8g==
etag: "856F24749C742BBBD260199BFF35C6F2"
last-modified: Thu, 29 Sep 2022 11:30:33 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 7414457317648691657
x-oss-object-type: Normal
x-oss-request-id: 66277301419DF73530EAAFBD
x-oss-server-time: 35
x-oss-storage-class: Standard
x-request-id: 7f092cf5e61c88824a16d444471f5994
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:19:59 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
139.9.197.177:8080/tplus/js/ResourceJs/Common.zh-CN.js
139.9.197.177200 OK 5.8 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/ResourceJs/Common.zh-CN.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1676a819d84d01270a03da74ca77a12f
a998a03ba60dc7ccf4b36e463fbc31455d558109
795a70130cd12ff09cddb2622483e5eca281a86b2aa5cc9e11f645aa0e0d95a9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/ResourceJs/Common.zh-CN.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-47bf"
Content-Encoding: gzip
139.9.197.177:8080/tplus/view/auth/css/warn.css
139.9.197.177200 OK 392 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/view/auth/css/warn.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5a12ee8351a84abae9c851f75465769b
17f504b539562cbe01fba146f517c4bb3158c631
6938d508e7473e34134743f50200fb285aa62e1d4d63b6c005c0e8e84399ea34
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/view/auth/css/warn.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-5be"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/exam/component/window/AeroWindow.css
139.9.197.177200 OK 1.5 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/exam/component/window/AeroWindow.css
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash ad6d78aaf56365abe19810f203657ba1
8cbb4bc32f5854fd8b6f4d2f1dd3a574344f1014
23c5cbbb433d8917cc14108ef01669383bc57574ace2c86934b35d53936e3777
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/exam/component/window/AeroWindow.css HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:19:59 GMT
Content-Type: text/css
Last-Modified: Thu, 29 Sep 2022 10:56:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633579c5-1e7b"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/ex/ex.js
139.9.197.177200 OK 844 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/ex/ex.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Hash 14fe2a63d8dd5905643ee734f200065e
aa0a1bd82ec05de81601abab0014bded33d6b1c3
7a25ad5b67cba335d28bd0081ee8c4de5dd3fbbafa17a770cd987d98ba10ab32
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/ex/ex.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 19 Oct 2022 23:15:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6350851d-869"
Content-Encoding: gzip
139.9.197.177:8080/tplus/app/viewextend.js
139.9.197.177200 OK 199 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/app/viewextend.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash 4b2301a3600329e27c5fc6509199139c
f58f9eaff3c8d40ef6f2a8202660abb4e20028c0
2d5f12c9e2edb5e831bd3be0cfef450ad6125b691e7c6a8d7a3a96281112d841
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/app/viewextend.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Content-Length: 199
Last-Modified: Sun, 25 Sep 2022 21:49:02 GMT
Connection: keep-alive
ETag: "6330ccce-c7"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/js/ResourceJs/Login.zh-CN.js
139.9.197.177200 OK 2.7 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/ResourceJs/Login.zh-CN.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 text, with very long lines (532)
Hash eec5099e7a303da799119fd8efd9a1ca
92591f6fb3fb46ce29b3cc20f4e280c83f3048c5
dc2d14caa65a3ba9b166f91046fe37bad0a471ed0f85f98b7b59da9766be0155
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/ResourceJs/Login.zh-CN.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Sun, 25 Sep 2022 22:01:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6330cfcb-185b"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/clientversion.js
139.9.197.177200 OK 25 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/clientversion.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with no line terminators
Hash 4a8eecfa1c945fe32f61d31c18133bb6
3c9f30d173cd660af0ef891fb89533269b5ff447
cbacc50607a7251d3a50492499576a2470fbf027d02c4dba5a223c1272b39f6d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/clientversion.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Content-Length: 25
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Connection: keep-alive
ETag: "659e10fc-19"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/js/portal/portal.setting.js
139.9.197.177200 OK 1.8 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/portal/portal.setting.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 4eab117c4bd98c45878f6eeb0057f844
b37d8d45b37f7576167fe18aefda9867b18f0659
d27b6eef2ae5a5d27e6ddb19b805555c81ed42aa45ff895bcf67be50bd66d4da
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/portal/portal.setting.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-1800"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/login/login.exam.js
139.9.197.177200 OK 969 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/login/login.exam.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (526)
Hash b95f44de9249fbddc1e4475bcf5c488c
4efa022007b33043d8b0bc3eac6874d70d598ebf
7ac49694394a67a88debbac1e4f72a0c9373e8bc369c05142b9fae00886e8a7c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/login/login.exam.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Sun, 25 Sep 2022 22:01:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6330cf9d-851"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/login/login.ashx?f=login.model.js,login.controller.js
139.9.197.177200 OK 47 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/login/login.ashx?f=login.model.js,login.controller.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Unicode text, UTF-8 text, with very long lines (321), with CRLF line terminators
Hash 84bc418102c5c9f2ee1d4d463e3e5800
93800cfb671512fe7a65e7c2e3d5c8885ca8ad6b
c6140db20dca1ed66c52a10ff93230d3dde7dc9d873e8e9893d27dcef89ccbf4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/login/login.ashx?f=login.model.js,login.controller.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Content-Length: 47273
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Content-Encoding: gzip
Set-Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp; path=/; HttpOnly; SameSite=Lax
Cache-Control: public, no-cache="Set-Cookie"
Last-Modified: Fri, 26 Apr 2024 11:20:00 GMT
ETag: tplus.js.login2E94A59E97DEE0B42713261B7F64D5FD.js.ashx
139.9.197.177:8080/tplus/css/ticonfont/portalvoucher/iconfont.woff2?t=1697681198285
139.9.197.177200 OK 33 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ticonfont/portalvoucher/iconfont.woff2?t=1697681198285
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Web Open Font Format (Version 2), TrueType, length 32932, version 1.0
Hash 03d62bdd2013b411c885ba7c9503e962
3cbcb75ea6fe4f0cd53215ec2f0d7bbacdcb6eb0
3d9588165aafce2c54807fd8930acf8fc8cee8c91f6c163da7f06a4d948c1e73
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ticonfont/portalvoucher/iconfont.woff2?t=1697681198285 HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/css/ticonfont/portalvoucher/iconfont.css
Cookie: ASP.NET_SessionId=1i1ju4ehfxjwlqfkxwdklcjq
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: font/woff2
Content-Length: 32932
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Connection: keep-alive
ETag: "659e10fc-80a4"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/css/ticonfont/logos/iconfont.woff2?t=1669796307145
139.9.197.177200 OK 31 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ticonfont/logos/iconfont.woff2?t=1669796307145
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type Web Open Font Format (Version 2), TrueType, length 31400, version 1.0
Hash 1661d33305272c45b8c05c53a298985e
2e5df5dfbfa15bef21a20357c51dfffa96890551
fb1755dafe3786e94d994c4456c21a1e6c954013e214bfb27f5e7c5b096d7e99
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ticonfont/logos/iconfont.woff2?t=1669796307145 HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/css/ticonfont/logos/iconfont.css
Cookie: ASP.NET_SessionId=1i1ju4ehfxjwlqfkxwdklcjq
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: font/woff2
Content-Length: 31400
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Connection: keep-alive
ETag: "659e10fc-7aa8"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/js/login/login.adv.js
139.9.197.177200 OK 5.0 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/login/login.adv.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Hash 3fe4b3971ade7ca39e534232cdc6624f
2ec9d6c12efe7424d3c934aac22503ca51f440ad
5d8f457b831fa6bbb2a7b7488d8f5f1125d7e579577a097bc04c25d232f10fc3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/login/login.adv.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-3ec9"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/statistics/statistics.js
139.9.197.177200 OK 2.7 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/statistics/statistics.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Hash 827eeb69b661124d169b595785ae7a4d
f61e7d35812f24f7179c1f62a739cebf5b20aa02
05e87861b58d9898409f56f32a88f0b15ffd809ae602ce0efeee91458611bb34
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/statistics/statistics.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-20de"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/tp.control.js.ashx
139.9.197.177200 OK 89 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/tp.control.js.ashx
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, ASCII text, with very long lines (547), with CRLF, LF line terminators
Hash 28fdb9107978d3cefe8601e016ee0924
81d169ae1d606304b57057687f632d1e817210fc
28eb162515624fe94a3c0f6da46b793c9a059eb43ac1e886d293e76953926af4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/tp.control.js.ashx HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Content-Length: 88838
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Content-Encoding: gzip
Set-Cookie: ASP.NET_SessionId=oqkv5dft5n1oj240xppw1sef; path=/; HttpOnly; SameSite=Lax
Cache-Control: public, no-cache="Set-Cookie"
Last-Modified: Fri, 26 Apr 2024 11:20:00 GMT
ETag: tplus.js034D12BC640780F67D0994DB7094A0E4.js.ashx
139.9.197.177:8080/tplus/view/auth/js/warn.js
139.9.197.177200 OK 1.6 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/view/auth/js/warn.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash bab64b3dc02b97f4d4bc70e8ae19b2dd
220f8be92b4ebb02f61729571dd0f68a1f3a2341
d46535863b0f1eb8aa74ea36f2bcc78d2d367baf5e2a563c1825d6d36af5b667
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/view/auth/js/warn.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-f26"
Content-Encoding: gzip
t.static.chanjet.com/adv/news180/img/dec/szcm.jpg
98.98.132.213200 OK 192 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/szcm.jpg
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 1540x1540, components 3
Size 192 kB (192517 bytes)
Hash f71fcfa45ce4ad9d0c622f956fd7d96a
b5da018e3e9f6207a455b973cbfe907cd5efa894
6bc34db2f97ce26476b0b65701513cdfac75d68b703f6ef897f3ca102f7b2f01
GET /adv/news180/img/dec/szcm.jpg HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/jpeg
content-length: 192517
accept-ranges: bytes
age: 269020
content-md5: 9x/PpFzkrZ0MYi+Vb9fZag==
etag: "F71FCFA45CE4AD9D0C622F956FD7D96A"
last-modified: Thu, 07 Dec 2023 09:17:57 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 5341768457466483094
x-oss-object-type: Normal
x-oss-request-id: 662773045D7854323514F395
x-oss-server-time: 64
x-oss-storage-class: Standard
x-request-id: 90e4ddefd75c2de3ea5d99ad926131fc
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:20:00 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
t.static.chanjet.com/adv/news180/img/dec/zlzs.jpg
98.98.132.213200 OK 217 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/zlzs.jpg
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 1540x1540, components 3
Size 217 kB (217155 bytes)
Hash 466390c6e95d0f27945bc5e96a461e0d
069920a0430c003c2dd03733018c9639a470ae0a
9b43f45594069aaa9a31d38a6ffe4491060577c3f3ead72a2bf9c4e9b38421d7
GET /adv/news180/img/dec/zlzs.jpg HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/jpeg
content-length: 217155
accept-ranges: bytes
age: 269018
content-md5: RmOQxuldDyeUW8XpakYeDQ==
etag: "466390C6E95D0F27945BC5E96A461E0D"
last-modified: Thu, 07 Dec 2023 09:17:57 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 9897346123413353153
x-oss-object-type: Normal
x-oss-request-id: 66277306B304E9353944BEDF
x-oss-server-time: 58
x-oss-storage-class: Standard
x-request-id: 68060c9a221d92e525df87e8e6368c3d
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:20:00 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
139.9.197.177:8080/tplus/js/exam/component/window/window.js
139.9.197.177200 OK 537 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/exam/component/window/window.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, ASCII text, with very long lines (488)
Hash 563137d4ad14de9c43e89e3dc8bf579a
aef13a2e42459c9e2e6bc29808d3d2c84d6861df
d93e8df9ae5f2cadcb3a447c9c62476569c439b0441a5125d27041b6f8b1cb50
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/exam/component/window/window.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Sun, 25 Sep 2022 22:00:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6330cf97-5ca"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/exam/component/window/jquery-AeroWindow.js
139.9.197.177200 OK 5.4 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/exam/component/window/jquery-AeroWindow.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Hash bfda93fdca45d1c08438b237b526f2cf
3fe83a452d76a2b663fddb4c9caa48158878893d
cae319dcd9f9204a1ae94760f46f663ecaf05523b55fc766cc8ba9045019369f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/exam/component/window/jquery-AeroWindow.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 29 Sep 2022 10:56:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633579c5-531c"
Content-Encoding: gzip
t.static.chanjet.com/adv/news180/img/dec/zhcj.jpg
98.98.132.213200 OK 205 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/zhcj.jpg
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 1540x1540, components 3
Size 205 kB (205042 bytes)
Hash 301c86963fe036a058a569a0f7de26fc
ddd68cfe2e25d4949e14e6276c2051dc432d8cb8
2e6610a3dff68affec57881c197e768f3b46cf336eed485392fa967d3ad42bef
GET /adv/news180/img/dec/zhcj.jpg HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/jpeg
content-length: 205042
accept-ranges: bytes
age: 269023
content-md5: MByGlj/gNqBYpWmg994m/A==
etag: "301C86963FE036A058A569A0F7DE26FC"
last-modified: Thu, 07 Dec 2023 09:17:57 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 7124830143495921768
x-oss-object-type: Normal
x-oss-request-id: 66277301746E333732015EB6
x-oss-server-time: 14
x-oss-storage-class: Standard
x-request-id: 3d4f6a1a411e0a737f78283d3bcf7405
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:20:00 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
139.9.197.177:8080/tplus/js/exam/component/common.js
139.9.197.177200 OK 1 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/exam/component/common.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/exam/component/common.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Content-Length: 1
Last-Modified: Sun, 25 Sep 2022 22:00:53 GMT
Connection: keep-alive
ETag: "6330cf95-1"
Accept-Ranges: bytes
t.static.chanjet.com/adv/news180/img/dec/zxgl.jpg
98.98.132.213200 OK 288 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/img/dec/zxgl.jpg
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 1540x1540, components 3
Size 288 kB (287673 bytes)
Hash 6f2f3e4b70ffb1a8953522c24ebfa099
78828015428a6c94393730513973090761f948da
87b911386b09ff0d8fff898ad44c1b02db5c880c0b8e0d403b336a50c9fae529
GET /adv/news180/img/dec/zxgl.jpg HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: image/jpeg
content-length: 287673
accept-ranges: bytes
age: 269018
content-md5: by8+S3D/saiVNSLCTr+gmQ==
etag: "6F2F3E4B70FFB1A8953522C24EBFA099"
last-modified: Thu, 07 Dec 2023 09:17:57 GMT
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 562569853499505923
x-oss-object-type: Normal
x-oss-request-id: 662773068CFD48393118433A
x-oss-server-time: 45
x-oss-storage-class: Standard
x-request-id: 4830a289ef028328e912a7c9cec6f0a8
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:20:00 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
139.9.197.177:8080/tplus/img/login/newicon.png
139.9.197.177200 OK 880 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/img/login/newicon.png
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type PNG image data, 32 x 16, 8-bit/color RGBA, non-interlaced
Hash 1277055d10726571d1ab6273498478e2
0f51757df7ba7d611027791c82bfde3f8059d401
fff64544426e0d8f8c24bac5ecfa3c50867a6943b9f555a3f5f58c7bc25d5fd5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/img/login/newicon.png HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: image/png
Content-Length: 880
Last-Modified: Fri, 11 Feb 2022 02:31:51 GMT
Connection: keep-alive
ETag: "6205ca97-370"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/css/ticon/login/fonts/ticon.ttf?mfvv8m
139.9.197.177200 OK 24 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/css/ticon/login/fonts/ticon.ttf?mfvv8m
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ticon
Hash 7f724308174e7a821f44a7edc56e1b2b
e24677935c1c8e6f26020b8015580c7072e75a47
318aab79d0c95e4e9056409fa9c55a5db75eccee7c3f5df9d1e64ba477f13774
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/css/ticon/login/fonts/ticon.ttf?mfvv8m HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/css/ticon/login/style.css
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/octet-stream
Content-Length: 24312
Last-Modified: Fri, 11 Feb 2022 02:31:51 GMT
Connection: keep-alive
ETag: "6205ca97-5ef8"
Accept-Ranges: bytes
139.9.197.177:8080/tplus/js/common/watermark.js
139.9.197.177200 OK 1.7 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/common/watermark.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, ASCII text, with very long lines (527)
Hash 6c540b3b5d8b12c3d23453cee66aac2c
ca76d12d7691a983707295528fb7bebcfec48a5a
33a12acbb8caa83c374beb9e4da8769e21686d2e15e250ea5c96e5d283c60832
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/common/watermark.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Sun, 25 Sep 2022 22:00:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6330cf86-1252"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/exam/component/window/jquery.easing.1.3.js
139.9.197.177200 OK 919 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/exam/component/window/jquery.easing.1.3.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type ASCII text, with very long lines (515)
Hash 2032c5e50bca03062c3dfbfc14183161
2047e95a8eca71bcb2493f3bcac5bc59c5864369
f0a6170baed32b207c96b7fbd73833b050b0afb8d7c474152099b28c29a1672b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/exam/component/window/jquery.easing.1.3.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:01 GMT
Content-Type: application/x-javascript
Last-Modified: Sun, 25 Sep 2022 22:00:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6330cf97-dd9"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/encryption.umd.js
139.9.197.177200 OK 59 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/encryption.umd.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, ASCII text, with very long lines (24588), with CRLF line terminators
Hash 2533d542b9445216cef76d355b26c941
1cc1c1cfeaeae3d3c09cca0aa43f4e9f324042eb
2b382af48d89773e42f2bd430755e4a1e6886f52b640b9cad1a6a72f5e054a9a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/encryption.umd.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-31613"
Content-Encoding: gzip
139.9.197.177:8080/tplus/js/aqd.js
139.9.197.177200 OK 72 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/js/aqd.js
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (379), with CRLF line terminators
Hash 5ba08b8ae62a06f8eb281ec5f50051da
7c33ca25c848f9a3f1f2a36e610dd9bfc8d7b885
7cdd79fdf455352df9bf2c388d39e29c50c441b8aa8b4f955d99245501db24e0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/js/aqd.js HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 10 Jan 2024 03:37:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"659e10fc-48740"
Content-Encoding: gzip
139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetLoginInit
139.9.197.177200 OK 31 B URL POST HTTP/1.1 139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetLoginInit
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash 6114e2e449df26017c4fd8467e07cf80
d600cc5ef4e4970cc87214ff8ba8269fe09ff9a9
29c5f14391f7fed4d52c34e7ec69ead7934a755d1660235f0e782a40614e896a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetLoginInit HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-AjaxPro-Method: GetLoginInit
user_req_id: 0_0_0_20033735
X-Requested-With: XMLHttpRequest
Content-Length: 2
Origin: http://139.9.197.177:8080
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:01 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 31
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=HasDemoAccount
139.9.197.177200 OK 15 B URL POST HTTP/1.1 139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=HasDemoAccount
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash d5ff00391a04a9c38a80239b4bb480a5
c0338288abd30f72cd65dad83833448f345f78fa
1e544d43b574a8e36402bd746d6a6260b4e1169718052ad5354a5b58c6ad01c5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=HasDemoAccount HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-AjaxPro-Method: HasDemoAccount
user_req_id: 0_0_0_5167736
X-Requested-With: XMLHttpRequest
Origin: http://139.9.197.177:8080
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:01 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 15
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetVersionType
139.9.197.177200 OK 317 B URL POST HTTP/1.1 139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetVersionType
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash ca61e980592a24bb8e4fc73fe772831d
8f4ff8a2cda786ae7dce47fa5aae800b1232bfd2
71866818541de53b800ea92420e7d0868d71d99c26972a89667365159a5801ad
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetVersionType HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-AjaxPro-Method: GetVersionType
user_req_id: 0_0_0_29396486
X-Requested-With: XMLHttpRequest
Content-Length: 15
Origin: http://139.9.197.177:8080
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:01 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 317
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
139.9.197.177:8080/tplus/tapi/v1/customlogo/getLogo
139.9.197.177200 OK 49 B URL GET HTTP/1.1 139.9.197.177:8080/tplus/tapi/v1/customlogo/getLogo
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash 1a0c5490bef95c3b2340e0d617b8d2f0
b9de6de49e20e7e21e204d3093a287db94fd1704
a53790295e0e00b30889794f8961295da255fbfa5a6ae8cb3b601cdd096019c0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/tapi/v1/customlogo/getLogo HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 49
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=IsLoadCheckCode
139.9.197.177200 OK 13 B URL POST HTTP/1.1 139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=IsLoadCheckCode
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash 448585770466803d7f439dedd663c0a9
d7da5c66153bf2a9f185ae6fe9af53ffe30c531a
b5da670deebffa683aa63b331c32a85c4b3d9c718e2a65ae7232eca4f059e380
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=IsLoadCheckCode HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-AjaxPro-Method: IsLoadCheckCode
user_req_id: 0_0_0_71747152
X-Requested-With: XMLHttpRequest
Content-Length: 15
Origin: http://139.9.197.177:8080
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 13
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
139.9.197.177:8080/tplus/img/login/b-1.png
139.9.197.177200 OK 2.2 kB URL GET HTTP/1.1 139.9.197.177:8080/tplus/img/login/b-1.png
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Hash 195a302677974c8a5951be05ef4524d4
67295ccf4563a0697fe61c139cc063cdcfc26dc6
df74eded1eccad0332b688e905af51a4ccde41411ae0a061bee953458b0de167
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tplus/img/login/b-1.png HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/css/login/login.css
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:02 GMT
Content-Type: image/png
Content-Length: 2198
Last-Modified: Fri, 11 Feb 2022 02:31:51 GMT
Connection: keep-alive
ETag: "6205ca97-896"
Accept-Ranges: bytes
t.static.chanjet.com/loginStaticfiles/18.000.000.0000/favicon-128x128.ico
98.98.132.213200 OK 68 kB URL GET HTTP/1.1 t.static.chanjet.com/loginStaticfiles/18.000.000.0000/favicon-128x128.ico
IP 98.98.132.213:80
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Hash 940364f0bba12135a766b1db3c50a59a
2b47cf3ee8293acf444980effd0f0f3569cfb3e3
95b19aa2a1c608decc3c7aecb872f3d559c0c5b7d47f8f00fab6f9723731bd1c
GET /loginStaticfiles/18.000.000.0000/favicon-128x128.ico HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Byte-nginx
Content-Type: image/x-icon
Content-Length: 67646
Connection: keep-alive
Accept-Ranges: bytes
Age: 269023
Content-Md5: lANk8LuhITWnZrHbPFClmg==
Etag: "940364F0BBA12135A766B1DB3C50A59A"
Last-Modified: Thu, 23 Nov 2023 08:09:40 GMT
X-Bdcdn-Cache-Status: TCP_HIT
X-Oss-Hash-Crc64ecma: 10584270607694766392
X-Oss-Object-Type: Normal
X-Oss-Request-Id: 662773035587F7363539CBB4
X-Oss-Server-Time: 75
X-Oss-Storage-Class: Standard
X-Request-Id: d66e70eb0f44b8eca8498ad603171a36
X-Request-Ip: 91.90.42.154
X-Response-Cache: edge_hit
X-Response-Cinfo: 91.90.42.154
X-Tt-Trace-Tag: id=5
Date: Fri, 26 Apr 2024 11:20:02 GMT
via: cache04.oversea-NL-AMS1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
t.static.chanjet.com/loginStaticfiles/18.000.000.0000/favicon-16.ico
98.98.132.213200 OK 1.2 kB URL GET HTTP/1.1 t.static.chanjet.com/loginStaticfiles/18.000.000.0000/favicon-16.ico
IP 98.98.132.213:80
Requested by http://139.9.197.177:8080/tplus/view/login.html
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash 44effb4a99ad355fc22b21ada8116b1c
8d49140cccaf3802f6fb04b034072d25a00e9d90
70b1fa10cdc382af181c23b54159c2552494184b61020e0f2b1453e6d153fdd7
GET /loginStaticfiles/18.000.000.0000/favicon-16.ico HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Byte-nginx
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Accept-Ranges: bytes
Age: 269025
Content-Md5: RO/7SpmtNV/CKyGtqBFrHA==
Etag: "44EFFB4A99AD355FC22B21ADA8116B1C"
Last-Modified: Fri, 28 Oct 2022 01:12:11 GMT
Via: cache05.oversea-NL-AMS2,cache02.oversea-NL-AMS1
X-Bdcdn-Cache-Status: TCP_MISS,TCP_HIT
X-Oss-Hash-Crc64ecma: 2346084848537697774
X-Oss-Object-Type: Normal
X-Oss-Request-Id: 66277302CE90F33933274044
X-Oss-Server-Time: 27
X-Oss-Storage-Class: Standard
X-Request-Id: 045c63472acbf1ae463ab7b5f2f9984a
X-Request-Ip: 91.90.42.154
X-Response-Cache: parent_hit
X-Response-Cinfo: 91.90.42.154
X-Tt-Trace-Tag: id=5
Date: Fri, 26 Apr 2024 11:20:02 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetLoginCompanyNameandAQD
139.9.197.177200 OK 285 B URL POST HTTP/1.1 139.9.197.177:8080/tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetLoginCompanyNameandAQD
IP 139.9.197.177:8080
ASN #55990 Huawei Cloud Service data center
Requested by http://139.9.197.177:8080/tplus/view/login.html
Hash b11c4ca24e1179b43a2b5968f023b5f6
7aad4c173e1e96dd62d861a8820703cc3a6aab7e
93e915732846dfb9f5be20d497aed0eac4ee4a045daedf1cc86e967608f09d38
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /tplus/ajaxpro/Ufida.T.SM.Login.UIP.LoginManager,Ufida.T.SM.Login.UIP.ashx?method=GetLoginCompanyNameandAQD HTTP/1.1
Host: 139.9.197.177:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-AjaxPro-Method: GetLoginCompanyNameandAQD
user_req_id: 0_0_0_45121784
X-Requested-With: XMLHttpRequest
Origin: http://139.9.197.177:8080
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/tplus/view/login.html
Cookie: ASP.NET_SessionId=ut2iqhr1iniqe5h4etj0wcdp
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 26 Apr 2024 11:20:03 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 285
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
hm.baidu.com/hm.js?fd4ca40261bc424e2d120b806d985a14
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?fd4ca40261bc424e2d120b806d985a14
IP 14.215.183.79:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (638)
Hash daf661066ea49a5345bae52f38a6a3c3
ca5803cfbff1cc8bb695ca0c11ab7c0d1655f3e5
675c0897c32a1514a048f2ef307f1912735afe3c8922bafcd68e47f07888e88e
GET /hm.js?fd4ca40261bc424e2d120b806d985a14 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11276
Content-Type: application/javascript
Date: Fri, 26 Apr 2024 11:20:03 GMT
Etag: 51e10b34d30951419120517196ddd26b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=26526BC5C47AF0C7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1152169753&si=fd4ca40261bc424e2d120b806d985a14&v=1.3.0&lv=1&sn=62478&r=0&ww=1280&u=http%3A%2F%2F139.9.197.177%3A8080%2Ftplus%2Fview%2Flogin.html&tt=%E7%95%85%E6%8D%B7%E9%80%9A%20T%2BCloud%20%E4%B8%93%E5%B1%9E%E4%BA%9118.0
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1152169753&si=fd4ca40261bc424e2d120b806d985a14&v=1.3.0&lv=1&sn=62478&r=0&ww=1280&u=http%3A%2F%2F139.9.197.177%3A8080%2Ftplus%2Fview%2Flogin.html&tt=%E7%95%85%E6%8D%B7%E9%80%9A%20T%2BCloud%20%E4%B8%93%E5%B1%9E%E4%BA%9118.0
IP 14.215.183.79:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1152169753&si=fd4ca40261bc424e2d120b806d985a14&v=1.3.0&lv=1&sn=62478&r=0&ww=1280&u=http%3A%2F%2F139.9.197.177%3A8080%2Ftplus%2Fview%2Flogin.html&tt=%E7%95%85%E6%8D%B7%E9%80%9A%20T%2BCloud%20%E4%B8%93%E5%B1%9E%E4%BA%9118.0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 26 Apr 2024 11:20:03 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=E2138CB7CCD8E3D0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
t.static.chanjet.com/adv/news180/data.js
98.98.132.213200 OK 8.6 kB URL GET HTTP/2 t.static.chanjet.com/adv/news180/data.js
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
Hash fa008438891a818d295f69ae1cffa469
3b6bfe8a0e05f2f556bb9b331c8e7f118e91daeb
6f9e67126f0343ab1bc4c34c0fa46fe25478bd29ce1267661b318b3598bbe9f8
GET /adv/news180/data.js HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: Byte-nginx
content-type: text/javascript
accept-ranges: bytes
age: 269021
content-encoding: br
content-md5: +gCEOIkagY0pX2muHP+kaQ==
etag: "FA008438891A818D295F69AE1CFFA469"
last-modified: Thu, 07 Dec 2023 09:17:57 GMT
vary: Accept-Encoding
x-bdcdn-cache-status: TCP_HIT
x-oss-hash-crc64ecma: 726480340791137874
x-oss-object-type: Normal
x-oss-request-id: 662773037D48AF3636565137
x-oss-server-time: 51
x-oss-storage-class: Standard
x-request-id: 3ca0ed9a06299777dfe567c68d7263a5
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:20:00 GMT
via: cache02.oversea-NL-AMS1
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2
t.static.chanjet.com/adv/news180/login_ex.css?t=1714130400860
98.98.132.213200 OK 148 B URL GET HTTP/2 t.static.chanjet.com/adv/news180/login_ex.css?t=1714130400860
IP 98.98.132.213:443
Requested by http://139.9.197.177:8080/tplus/view/login.html
Certificate IssuerDigiCert, Inc.
Subject*.static.chanjet.com
FingerprintBF:CB:5E:4E:B6:63:B1:9A:A4:1A:60:58:DB:60:EC:83:1B:52:73:48
ValidityMon, 12 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 7fb0711847e1a1226d4b1a36b0cb85fc
cb87c915978aa7c7a3579e91d95e9b9001d24cca
901625913213812a6fba351feecd783c7c4e070f0dd0d29666c9a4dc199a0fce
GET /adv/news180/login_ex.css?t=1714130400860 HTTP/1.1
Host: t.static.chanjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.9.197.177:8080/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Byte-nginx
content-type: text/css
accept-ranges: bytes
age: 2
content-encoding: br
content-md5: 1jQDJ9oLsOvG85CLW6sknw==
etag: "D6340327DA0BB0EBC6F3908B5BAB249F"
last-modified: Thu, 07 Dec 2023 09:17:58 GMT
vary: Accept-Encoding
via: cache15.jnmp,cache11.szmp04,cache04.oversea-GM-FRA3,cache02.oversea-NL-AMS1
x-bdcdn-cache-status: TCP_MISS,TCP_MISS,TCP_MISS,TCP_MISS
x-oss-hash-crc64ecma: 7068343276117093321
x-oss-object-type: Normal
x-oss-request-id: 662B8DE153C2BD3732C01B15
x-oss-server-time: 1
x-oss-storage-class: Standard
x-request-id: 674d5fb3a97cf0563acf21c9353a54af
x-request-ip: 91.90.42.154
x-response-cache: miss
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Fri, 26 Apr 2024 11:20:01 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
X-Firefox-Spdy: h2