Report - 120.76.28.239/login.php/

Report Overview

Submitted URL
120.76.28.239/login.php/
IP
120.76.28.239
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-03-29 08:25:09
Access
public
Website Title
GPS
Final URL
120.76.28.239/login.php/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2024-03-28	668 B	2.8 kB	117.27.246.96
120.76.28.239	unknown	unknown	2016-06-21	2024-02-07	3.6 kB	198 kB	120.76.28.239
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-03-28	1.4 kB	12 kB	103.235.46.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed
2024-03-29	medium	120.76.28.239	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	120.76.28.239/login.php/	459 B	2024-01-14	2024-03-29
Pretty URL 120.76.28.239/login.php/ IP 120.76.28.239 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-14 02:10:11 Last Seen2024-03-29 09:25:09 Times Seen4 Hash fa1f8de5bcc440304463e1ffec644346 60d25030533a7b39692ae490eafdce6385f4ba6f c9503d6ef6d0c91e57ef571b2d4437ad9e4f637ec0a28aa5996c4001f7a8d121 Loading...

	120.76.28.239/login.php/	250 B	2023-03-11	2024-03-29
Pretty URL 120.76.28.239/login.php/ IP 120.76.28.239 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:25:42 Last Seen2024-03-29 09:25:09 Times Seen6 Hash e3733daef87910df023a62197bda741d 206f256ea1458fa8de4fd0584fac3a11a1fa98cf b327c3577665298d2c4e83866fa77b3a86fe135c87f03b47175797663cfef548 Loading...

	120.76.28.239/login.php/	250 B	2023-03-11	2024-03-29
Pretty URL 120.76.28.239/login.php/ IP 120.76.28.239 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:25:42 Last Seen2024-03-29 09:25:09 Times Seen6 Hash 12b2f25cf9169b672e72bc353682daa2 048c99843e2bddd82e5fda320fba7ce17216a15d 19c1e12d8971eb220ec92aef853766e1777de481cf9138246c8ff27134e349a9 Loading...

	120.76.28.239/login.php/	281 B	2023-03-11	2024-03-29
Pretty URL 120.76.28.239/login.php/ IP 120.76.28.239 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:25:42 Last Seen2024-03-29 09:25:09 Times Seen6 Hash fa2bec06c4ed007e58a1980ca73cb2bb 95081493c6933392bcfe4032b8805dbd5c597026 7a0be2563b51b7a97b1f20815e8f726af14f3efd7f71bc86d1eb34ac1edfe9f9 Loading...

	120.76.28.239/login.php/	1.4 kB	2024-01-14	2024-03-29
Pretty URL 120.76.28.239/login.php/ IP 120.76.28.239 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-14 02:10:13 Last Seen2024-03-29 09:25:09 Times Seen4 Hash 6751a150ca27208a6a3f041db36c4f96 3ced5affc26c7efe0fd0e74204ec90fab1930578 6cde176093627a4a8adfcb62c6647996e893b82118f8bc6fa5e18a02e8fafea0 Loading...

	hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0	30 kB	2024-03-29	2024-03-29
Pretty URL hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 09:25:09 Last Seen2024-03-29 09:25:09 Times Seen2 Hash 8c18b6469af17a3eb7fe29105736fe01 fc8cc8f9cbd1ed08404681d8b6797acbebab93c3 c838ce9b918d939f6db7dfcf938b5ddb2aa42a4ae7117a874f75669a999cea87 Loading...

	unknown	37 B	2023-04-11	2024-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-04-29 03:18:45 Times Seen22005 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	120.76.28.239/login.php/	5.0 kB	2024-01-14	2024-03-29
Pretty URL 120.76.28.239/login.php/ IP 120.76.28.239 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-14 02:10:13 Last Seen2024-03-29 09:25:09 Times Seen4 Hash 02b5ef584591b96315ffbd7d08646bae 32988f29fb19b1c87040bef8d8fea7849a007428 04823df7c9bed10db8ff1f13f910a1413d09dc2644942e017b14cc5be725c545 Loading...

	unknown	258 B	2024-03-29	2024-03-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-03-29 09:25:09 Last Seen2024-03-29 09:25:09 Times Seen1 Hash 581a7b423e61333cc852ca67bf7fdb95 72df48dcc6870ae50e69f847f25de1062ad73eaa 986c917235c897253633a2fea0724f96ab5de3dad245bc18a5fdb042b5be155e Loading...

		Size	First Seen	Last Seen
	#1 Write - e2187bae494b3d65c38f3114b922556a	105 B	2023-03-11	2024-03-29
Pretty Observations First Seen2023-03-11 19:25:42 Last Seen2024-03-29 09:25:09 Times Seen6 Hash e2187bae494b3d65c38f3114b922556a 13ea78c7807b472f0db3f97f815d9e9106fcf2a9 d4c461a3d79c0a5bd7909eac86a69a8fcc942731152474c04860cef2fb7132d1 Loading...

HTTP Transactions (14)

URL IP Response Size

ocsp.trust-provider.cn/

117.27.246.96

600 B

URL
ocsp.trust-provider.cn/
IP
117.27.246.96:0
ASN
#133774 Fuzhou

File type
data
Size
600 B (600 bytes)
Hash
dadcffa3f042b793e2de406f65dc20ea
d77a8836361ae88b624f4f7663519d217c27a15c
17cb96c0d1640fa50146a256eaed9d9ff1cc6eeb7299f4ec54c28b3a86be8d43

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
cache-control: max-age=3600
age: 1794
expires: Thu, 04 Apr 2024 00:30:47 GMT
date: Fri, 29 Mar 2024 08:24:45 GMT
etag: "d77a8836361ae88b624f4f7663519d217c27a15c"
x-frame-options: SAMEORIGIN
x-ccacdn-proxy-id: scdpinlb5
cf-cache-status: HIT
accept-ranges: bytes
cf-ray: 86b449580a465ddb-HKG
ctl-cache-status: HIT from hk-xianggang4-ca06, HIT from he-baoding2-ca02
last-modified: Thu, 28 Mar 2024 00:30:48 GMT
request-id: 66067acd281d995b0c240afe0948333b
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17117006857ae2bbe0d7e3659c98106b2ede09ad94
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=46, edge;dur=0

120.76.28.239/login.php/

120.76.28.239

200 OK

16 kB

URL User Request GET HTTP/1.1
120.76.28.239/login.php/
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/ HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

120.76.28.239/login.php/js/userinfo.js

120.76.28.239

200 OK

16 kB

URL GET HTTP/1.1
120.76.28.239/login.php/js/userinfo.js
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/js/userinfo.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

120.76.28.239/login.php/css/type_style.css

120.76.28.239

200 OK

16 kB

URL GET HTTP/1.1
120.76.28.239/login.php/css/type_style.css
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/css/type_style.css HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

120.76.28.239/login.php/css/default-theme/jquery-ui-1.9.2.custom.min.css

120.76.28.239

200 OK

16 kB

URL GET HTTP/1.1
120.76.28.239/login.php/css/default-theme/jquery-ui-1.9.2.custom.min.css
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/css/default-theme/jquery-ui-1.9.2.custom.min.css HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

120.76.28.239/login.php/js/jquery-1.11.1.min.js

120.76.28.239

200 OK

16 kB

URL GET HTTP/1.1
120.76.28.239/login.php/js/jquery-1.11.1.min.js
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/js/jquery-1.11.1.min.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

120.76.28.239/login.php/js/css-pop.js

120.76.28.239

200 OK

16 kB

URL GET HTTP/1.1
120.76.28.239/login.php/js/css-pop.js
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/js/css-pop.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

120.76.28.239/login.php/js/jquery-ui-1.9.2.custom.min.js

120.76.28.239

200 OK

16 kB

URL GET HTTP/1.1
120.76.28.239/login.php/js/jquery-ui-1.9.2.custom.min.js
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
16 kB (15611 bytes)
Hash
c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/js/jquery-ui-1.9.2.custom.min.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

ocsp.trust-provider.cn/

117.27.246.96

600 B

URL
ocsp.trust-provider.cn/
IP
117.27.246.96:0
ASN
#133774 Fuzhou

File type
data
Size
600 B (600 bytes)
Hash
dadcffa3f042b793e2de406f65dc20ea
d77a8836361ae88b624f4f7663519d217c27a15c
17cb96c0d1640fa50146a256eaed9d9ff1cc6eeb7299f4ec54c28b3a86be8d43

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
age: 1796
x-ccacdn-proxy-id: scdpinlb5
cache-control: max-age=3600
cf-ray: 86b449580a465ddb-HKG
ctl-cache-status: HIT from hk-xianggang4-ca06, HIT from he-baoding2-ca02
etag: "d77a8836361ae88b624f4f7663519d217c27a15c"
expires: Thu, 04 Apr 2024 00:30:47 GMT
x-frame-options: SAMEORIGIN
request-id: 66067acf4c2bb9a65fd5df90749d278f
cf-cache-status: HIT
accept-ranges: bytes
date: Fri, 29 Mar 2024 08:24:47 GMT
last-modified: Thu, 28 Mar 2024 00:30:48 GMT
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17117006878e50feef672976d5d5ef8965f193a2c9
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=43, edge;dur=0

hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0

103.235.46.191

200 OK

93 B

URL GET HTTP/1.1
hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://120.76.28.239/login.php/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
HTML document, ASCII text
Size
93 B (93 bytes)
Hash
de3aafa89129408429f9230095f947bf
d971099d0e399d863e5d98535d0d76e856778676
367ab6ca297af2c1784664738e535c5a026f140e6c2725d15362b360127222da

HTTP Headers

GET /h.js?bc39e74764250d79ffdc33b2d4fdded0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Location: https://hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
Date: Fri, 29 Mar 2024 08:24:47 GMT
Content-Length: 93
Content-Type: text/html; charset=utf-8

hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://120.76.28.239/login.php/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (618)
Size
11 kB (11256 bytes)
Hash
8c18b6469af17a3eb7fe29105736fe01
fc8cc8f9cbd1ed08404681d8b6797acbebab93c3
c838ce9b918d939f6db7dfcf938b5ddb2aa42a4ae7117a874f75669a999cea87

HTTP Headers

GET /h.js?bc39e74764250d79ffdc33b2d4fdded0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://120.76.28.239/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 08:24:48 GMT
Etag: 3c6bb9a8f3fbcaba5179968f749f2ade
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F5FB0E1507257A06; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

120.76.28.239/images/favicon.ico

120.76.28.239

200 OK

68 kB

URL GET HTTP/1.1
120.76.28.239/images/favicon.ico
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Size
68 kB (67646 bytes)
Hash
7295130c92a96c478ff87384d33ff77b
f57adf92fc2645766b2b3abe2c6cc3032b269104
aa15bcfe8915a14279fa7e0795f049f57eb2ba5863a01dfc024eed8efbe21ef6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:48 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
Last-Modified: Tue, 06 Apr 2021 00:21:23 GMT
ETag: "1083e-5bf42cb4cf5ce"
Accept-Ranges: bytes
Content-Length: 67646
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=581474593&si=bc39e74764250d79ffdc33b2d4fdded0&v=1.3.0&lv=1&sn=57559&r=0&ww=1280&u=http%3A%2F%2F120.76.28.239%2Flogin.php%2F&tt=GPS

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=581474593&si=bc39e74764250d79ffdc33b2d4fdded0&v=1.3.0&lv=1&sn=57559&r=0&ww=1280&u=http%3A%2F%2F120.76.28.239%2Flogin.php%2F&tt=GPS
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://120.76.28.239/login.php/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=581474593&si=bc39e74764250d79ffdc33b2d4fdded0&v=1.3.0&lv=1&sn=57559&r=0&ww=1280&u=http%3A%2F%2F120.76.28.239%2Flogin.php%2F&tt=GPS HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 08:24:49 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0762A91F4200D0A1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

120.76.28.239/login.php/images/qr_365gps.png

120.76.28.239

200 OK

18 kB

URL GET HTTP/1.1
120.76.28.239/login.php/images/qr_365gps.png
IP
120.76.28.239:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.28.239/login.php/

File type
data
Size
18 kB (17523 bytes)
Hash
37b60e9c1b7061cfc8402d13ff755ff0
64084c8d57664e642e2fc58bc408808e48a0ae99
e371d72663011f67e0923cac56a7fe811563080f1cc53742356137457b523f16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php/images/qr_365gps.png HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:46 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by