Report - 202.139.216.245/myoffice/index.php

Report Overview

Submitted URL
202.139.216.245/myoffice/index.php
IP
202.139.216.245
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC
Submitted
2024-03-29 10:55:28
Access
public
Website Title
โรงเรียนเฉลิมพระเกียรติสมเด็จพระศรีนครินทร์ ภูเก็ต
Final URL
202.139.216.245/myoffice/index.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
68

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
202.139.216.245	unknown	unknown	No data	No data	14 kB	413 kB	202.139.216.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed
2024-03-29	medium	202.139.216.245	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	202.139.216.245/myoffice/index.php	157 B	2023-03-07	2024-04-01
Pretty URL 202.139.216.245/myoffice/index.php IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:42:39 Last Seen2024-04-01 08:56:28 Times Seen33 Hash 6212c63596dd4cac46f04f3ef9b9c7af 710959c8489cb1bb6895219f933032e72ba3d50c 49362a0917bff920ef4a373c54090247002dd42871a54ec73b0ed404adb29744 Loading...

	202.139.216.245/myoffice/index.php	126 B	2023-03-07	2024-04-01
Pretty URL 202.139.216.245/myoffice/index.php IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:42:39 Last Seen2024-04-01 08:56:28 Times Seen27 Hash 561ec8f9ce467f8c5b5e345486c06997 8cf60be2049cfa2082ac7cc98681c134faa251ad 474354de3c90ed4ff61c1c9f24abff458d47b15b9a85fec97a33e7a2ffe8a3de Loading...

	unknown	21 B	2023-04-13	2024-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-13 09:13:53 Last Seen2024-04-25 13:44:41 Times Seen65 Hash 23710fae37e9f8fc39c59097bd05d61e d234c3d63917a6383d4ca42a0d956b985a1857fd f892305ea7f40b27aff7fb3f9f16c381d804f2a06b13061bcbbe3abb0e044b5b Loading...

	unknown	118 B	2023-07-06	2024-04-01
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-07-06 12:21:42 Last Seen2024-04-01 08:56:28 Times Seen24 Hash cbf227e6da95b78b1e8db1adbe85d429 dc486ee1db4a10a7e3151e824d7412aa49018f78 0c281097b2e89b97c80eb638741b3513ad00e1776d3caaba1407750c3db23ffe Loading...

	202.139.216.245/myoffice/highslide/highslide.js	45 kB	2023-07-06	2024-04-01
Pretty URL 202.139.216.245/myoffice/highslide/highslide.js IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-06 12:21:42 Last Seen2024-04-01 08:56:28 Times Seen23 Hash db6e87a2539287a241e0efc42ca8e596 8571f954853c013b53122f0d88768ad1d6b4c919 dd9d8b3eae396eca36dd5687ec26c5a5ea71122bc2fa80d210f503663e353542 Loading...

	202.139.216.245/myoffice/highslide/highslide-html.js	14 kB	2023-05-14	2024-04-01
Pretty URL 202.139.216.245/myoffice/highslide/highslide-html.js IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 09:08:46 Last Seen2024-04-01 08:56:28 Times Seen31 Hash 67e0a7a0efeb7ea379a0d7f3da661ff3 1647fa5415fd452edf10f0598517575f73a12c02 0da0dac30e7245fa82910887bc6b058899fc38ce11eb4a6fd2ddf4848c7c8621 Loading...

	202.139.216.245/myoffice/java.js	756 B	2023-03-07	2024-04-01
Pretty URL 202.139.216.245/myoffice/java.js IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:42:39 Last Seen2024-04-01 08:56:28 Times Seen52 Hash c453853f1209ab7175aa6172cc1f23af c69da79c4b2b378773a925df915e67e859467ce5 0aca0069b9a7f8b4b4c7264ae6f3a08e6113193df7bbb39173f7b14b352e94a2 Loading...

	202.139.216.245/myoffice/index.php	203 B	2023-07-23	2024-03-29
Pretty URL 202.139.216.245/myoffice/index.php IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 11:26:55 Last Seen2024-03-29 11:55:35 Times Seen2 Hash 6a8913a420540482164f34560d705af5 fc2fcdee137fb2ad54876c3ac202054fd1cc2ed7 baf2cadbbe8316f1f7ea9d82284d0104a407e16fd26555e41c793e125e7ee4b0 Loading...

	202.139.216.245/myoffice/index.php	0 B	2023-03-07	2024-04-29
Pretty URL 202.139.216.245/myoffice/index.php IP 202.139.216.245 ASN #135566 Thailand Government Data Center and Cloud service TGDCC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-29 01:12:57 Times Seen37153372 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Eval - dcf654c09c31fb049cfa4163734a6632	100 B	2023-03-08	2024-04-01
Pretty Observations First Seen2023-03-08 22:05:04 Last Seen2024-04-01 08:56:28 Times Seen25 Hash dcf654c09c31fb049cfa4163734a6632 9ed121862296e1f8f91e376df10495a475624ea0 58e6a9609b22d017caeb603c8cf361ed0f6b4732a0133d5044bf7bdf5ef37b7b Loading...

HTTP Transactions (34)

URL IP Response Size

202.139.216.245/

202.139.216.245

4.0 kB

URL
202.139.216.245/
IP
202.139.216.245:0
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

File type
HTML document, ASCII text, with very long lines (302), with CRLF line terminators
Size
4.0 kB (4034 bytes)
Hash
3f3a23faf520b57c02cec1a414b3400d
f6a931858e328b6cc96b8906d0a11fff7fbf5561
7f25147373f8cd35820a4ec4f2e0623eac74c40fb350b9f1b8341f48ccb46de9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:06 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Length: 4034
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

202.139.216.245/myoffice/index.php

202.139.216.245

200 OK

20 kB

URL User Request GET HTTP/1.1
202.139.216.245/myoffice/index.php
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

File type
HTML document, Non-ISO extended-ASCII text, with very long lines (527), with CRLF, LF line terminators
Size
20 kB (20443 bytes)
Hash
804c084691c69c3e0988186f59eef19e
29b1fdb158b3698e852960bdf0ee219284d66039
159206a82cf2c183b5166a988cf56b6a38ac7942bf67abcda3464b46d81a7a7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/index.php HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:06 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Set-Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

202.139.216.245/myoffice/style.css

202.139.216.245

200 OK

7.0 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/style.css
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
ASCII text, with CRLF line terminators
Size
7.0 kB (6975 bytes)
Hash
71258196a5b385d0a0d1225f79d9dbd8
4894792afb26e026d40c5146e07d02296ad61239
62a45f0ff340c651bbb85fd7d29eb6ac1cddc9dbb6f4890f8f8a7852ddbaa73a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/style.css HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Tue, 17 Aug 2021 02:16:16 GMT
ETag: "1b3f-5c9b7e70adc00"
Accept-Ranges: bytes
Content-Length: 6975
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

202.139.216.245/myoffice/highslide/highslide-html.js

202.139.216.245

200 OK

14 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/highslide/highslide-html.js
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
ISO-8859 text
Size
14 kB (13700 bytes)
Hash
f8896ba77b7fe365e40bfa4aaa8ef11d
2ef2acfdb9fce638fb4f132466ba047673798fe0
7b4e8924158d3707c919a323feea4096892feed6394fbade934bf90b55584614

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/highslide/highslide-html.js HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Mon, 10 Sep 2007 06:02:24 GMT
ETag: "3584-439c1bb7f5c00"
Accept-Ranges: bytes
Content-Length: 13700
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

202.139.216.245/myoffice/java.js

202.139.216.245

200 OK

756 B

URL GET HTTP/1.1
202.139.216.245/myoffice/java.js
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
Unicode text, UTF-8 text
Size
756 B (756 bytes)
Hash
c453853f1209ab7175aa6172cc1f23af
c69da79c4b2b378773a925df915e67e859467ce5
0aca0069b9a7f8b4b4c7264ae6f3a08e6113193df7bbb39173f7b14b352e94a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/java.js HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sun, 17 Mar 2019 08:33:58 GMT
ETag: "2f4-5844622160980"
Accept-Ranges: bytes
Content-Length: 756
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

202.139.216.245/myoffice/styles.css

202.139.216.245

200 OK

1.4 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/styles.css
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
ASCII text, with CRLF line terminators
Size
1.4 kB (1443 bytes)
Hash
9fc73097fc89af7e2f20be5fc1d47227
f745de07679cd1593c5b3a9716230586f6387d53
9669397c2b8213388a4356e8799f8007193ea31250f72cab89d475c9bfa8ada8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/styles.css HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Thu, 11 Oct 2018 01:09:20 GMT
ETag: "5a3-577e99ede3000"
Accept-Ranges: bytes
Content-Length: 1443
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

202.139.216.245/myoffice/fonts/thsarabunnew.css

202.139.216.245

200 OK

2.0 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/fonts/thsarabunnew.css
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
ASCII text
Size
2.0 kB (2010 bytes)
Hash
b1a8d48784c41c0aed10ec58e8861835
b9dbab5d86f1c34088886c5c657a288ec733dfe9
9f6cea69e73103e62c2970140b8e2f77b3fee63dd587336df9ba442b301fb67e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/fonts/thsarabunnew.css HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/style.css
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sun, 17 Mar 2019 04:46:18 GMT
ETag: "7da-58442f3e2fa80"
Accept-Ranges: bytes
Content-Length: 2010
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

202.139.216.245/myoffice/font/th_fahkwang.css

202.139.216.245

200 OK

1.4 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/font/th_fahkwang.css
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
ASCII text
Size
1.4 kB (1427 bytes)
Hash
643408823d332635ea9979211e76204b
77907c4361e5e8d6ba09d881956b6544aaf25e67
15782a5f9b36de4ce0cbf9bd5301df93d9478be124512287b48414bd88624775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/font/th_fahkwang.css HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/style.css
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sun, 17 Mar 2019 04:46:42 GMT
ETag: "593-58442f5513080"
Accept-Ranges: bytes
Content-Length: 1427
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

202.139.216.245/myoffice/highslide/highslide.js

202.139.216.245

200 OK

45 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/highslide/highslide.js
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
45 kB (45210 bytes)
Hash
4b13e2afc251e4715a8261687bc5cf0a
ef65b3ffd02ebc9b5baafb7655cfa1f8ab0abd2f
971ac0f24ae68a0828ac5561ad2a0f473ccbafa65a4b796c4f8c5101fe019587

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/highslide/highslide.js HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:07 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Fri, 24 Dec 2010 13:41:38 GMT
ETag: "b09a-4982825416880"
Accept-Ranges: bytes
Content-Length: 45210
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

202.139.216.245/myoffice/images/nextblue.gif

202.139.216.245

200 OK

110 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/nextblue.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 12 x 12
Size
110 B (110 bytes)
Hash
3326a1aa9e73205fd1ede2c352bab7a0
11f7c855e33ef632efcfff05e2edcda5528d2c18
e11b95a03531d2373371ceb883aaa555a2b6259375444f44249d32dbf8388085

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/nextblue.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Mon, 06 Apr 2009 20:40:50 GMT
ETag: "6e-466e8e9ee5880"
Accept-Ranges: bytes
Content-Length: 110
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/logohead.jpg

202.139.216.245

200 OK

16 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/logohead.jpg
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape, datetime=2009:07:14 17:35:49], baseline, precision 8, 450x70, components 3
Size
16 kB (16451 bytes)
Hash
e8ef4b579a92d8737447287fe6be4119
f476765c0b7eb7aeadd1f8ff2213c4933361256e
a77ac23469daea00947cfb783a378864657d75c4c387de98b36974e862d05230

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/logohead.jpg HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 04 Mar 2023 02:45:29 GMT
ETag: "4043-5f60a0e0d28d5"
Accept-Ranges: bytes
Content-Length: 16451
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

202.139.216.245/myoffice/images/news.gif

202.139.216.245

200 OK

1.1 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/news.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 16 x 16
Size
1.1 kB (1065 bytes)
Hash
81ff471785c4651f91a49ff546ceec25
aa2de6525e2f385347a252ea1ed97b9e5c453cbb
1ac92d06fa5c89d46089c4105886eb8b981e2d6f60333ce8792bdc9cdde40188

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/news.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 10 Jan 2009 17:49:36 GMT
ETag: "429-460247f334c00"
Accept-Ranges: bytes
Content-Length: 1065
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/app.gif

202.139.216.245

200 OK

248 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/app.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 16 x 16
Size
248 B (248 bytes)
Hash
4125f86f2a45767634306424b25d8283
a79657dc3d62c1bee633ad72292b76df9ad4bb56
6ba19060858b712f29a5423622a31b8d19fac09906ef14c3ccc19ed893c2731a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/app.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Thu, 07 Sep 2006 09:36:02 GMT
ETag: "f8-41cd9d1e88480"
Accept-Ranges: bytes
Content-Length: 248
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/login.png

202.139.216.245

200 OK

8.9 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/login.png
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
PNG image data, 674 x 83, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8928 bytes)
Hash
5a23ed73eb866dcdbcd8fd75234ab28c
9aaf391a5f8fad6b63d6a787ef60e2d353de6663
237a48c545a3c195c77265c518fe57abf455b89dec76e32bdc0f7ff3f74f4f4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/login.png HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Mon, 10 Nov 2014 11:30:20 GMT
ETag: "22e0-5077f7cd30b00"
Accept-Ranges: bytes
Content-Length: 8928
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

202.139.216.245/myoffice/images/my1.png

202.139.216.245

200 OK

26 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/my1.png
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
PNG image data, 336 x 325, 8-bit/color RGBA, non-interlaced
Size
26 kB (26266 bytes)
Hash
890620db729d5507b49b9f80781845d6
9b45e68660c20afa1b9cd317f0335caa891fcf24
57604675da17bbe3c7df99ed9fe376d127b7675c0e0df3f33ba558afbaeb122f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/my1.png HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 11 Nov 2017 07:50:50 GMT
ETag: "669a-55db04bbf2a80"
Accept-Ranges: bytes
Content-Length: 26266
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

202.139.216.245/myoffice/java.js

202.139.216.245

200 OK

756 B

URL GET HTTP/1.1
202.139.216.245/myoffice/java.js
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
Unicode text, UTF-8 text
Size
756 B (756 bytes)
Hash
c453853f1209ab7175aa6172cc1f23af
c69da79c4b2b378773a925df915e67e859467ce5
0aca0069b9a7f8b4b4c7264ae6f3a08e6113193df7bbb39173f7b14b352e94a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/java.js HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sun, 17 Mar 2019 08:33:58 GMT
ETag: "2f4-5844622160980"
Accept-Ranges: bytes
Content-Length: 756
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

202.139.216.245/myoffice/images/icon_new.gif

202.139.216.245

200 OK

407 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/icon_new.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 27 x 9
Size
407 B (407 bytes)
Hash
27f18c3e74a79088ab6b2528c1904dd0
d7c70d1cdcf1c2c39c32cfbe1ad4049fafd94d41
57df687291068f40f91c2451ed18643838e087bd187d7e470b3a3a750811133f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/icon_new.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Wed, 19 Apr 2006 07:00:00 GMT
ETag: "197-411c33443dc00"
Accept-Ranges: bytes
Content-Length: 407
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/fonts/thsarabunnew-webfont.woff

202.139.216.245

200 OK

52 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/fonts/thsarabunnew-webfont.woff
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
Web Open Font Format, TrueType, length 51956, version 1.0
Size
52 kB (51956 bytes)
Hash
940b7d9976165f2795824c2dbd0de318
5077b570c4dcdc07137c64378dab87fc1258b9b3
a5f4eac957aecb8e896a19d6ba5e748133c99e74d3b620b41e81125d8a1c1fff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/fonts/thsarabunnew-webfont.woff HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/fonts/thsarabunnew.css
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 05 Nov 2011 05:40:04 GMT
ETag: "caf4-4b0f640e47500"
Accept-Ranges: bytes
Content-Length: 51956
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/x-font-woff

202.139.216.245/myoffice/images/icon_mailheader.gif

202.139.216.245

200 OK

371 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/icon_mailheader.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 16 x 16
Size
371 B (371 bytes)
Hash
b8d1f88b41b002f42036da5a078d89a3
020fed27772dd0df6011f3c59509ccbd15664e15
4d05f388d7461f0565c3056a81f6abf35ca84c9ba62bec5df14a12a0fb4bbf98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/icon_mailheader.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 10 Jan 2009 17:49:18 GMT
ETag: "173-460247e20a380"
Accept-Ranges: bytes
Content-Length: 371
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/textedit.gif

202.139.216.245

200 OK

200 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/textedit.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 16 x 16
Size
200 B (200 bytes)
Hash
bdf9ab347c464b135b3db523cf1fc938
034b5fa3528c55356a0319e719616fc1ffb7d062
fffb418c348d989f6638911dfac827ec7400a3725f3654aa235dacb7572bdca4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/textedit.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 10 Jan 2009 17:49:40 GMT
ETag: "c8-460247f705500"
Accept-Ranges: bytes
Content-Length: 200
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/arrow2.gif

202.139.216.245

200 OK

64 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/arrow2.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
GIF image data, version 89a, 12 x 11
Size
64 B (64 bytes)
Hash
b5756d41903a321eec782a2e131faf40
578b9e5b0265adf0ecbe3f3b88214af19229be9b
64fc0366e71b7c70e7f498eeab402f8db314324b8a35063550f6b2bf98a8b038

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/arrow2.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Fri, 17 Dec 2010 09:23:28 GMT
ETag: "40-49797b9172400"
Accept-Ranges: bytes
Content-Length: 64
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/07.gif

202.139.216.245

200 OK

13 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/07.gif
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
13 kB (13188 bytes)
Hash
d0904778d7607f472e82f99f8ef6805a
659efed734f0badfafdedce212a05abc50a1a68f
70e5bdb94bca9b13c17b9c675f93da1db365ecb867e0a14da6cce8454bfe492e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/07.gif HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sun, 12 Feb 2012 09:09:28 GMT
ETag: "3384-4b8c0b80e0200"
Accept-Ranges: bytes
Content-Length: 13188
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

202.139.216.245/myoffice/images/bg.jpg

202.139.216.245

200 OK

43 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/bg.jpg
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape, datetime=2014:01:22 09:20:11], baseline, precision 8, 1366x777, components 3
Size
43 kB (42783 bytes)
Hash
5440449cd4d03da6d5bb526a0cb8dbd8
4f1f36704badd6172e30704625d8e3fa5692c0d8
5297061250b41b11d831d1b7ae9126c7a2891e7df047cf7483b3ce71e3d73885

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/bg.jpg HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Thu, 21 Aug 2014 12:28:28 GMT
ETag: "a71f-50122db945300"
Accept-Ranges: bytes
Content-Length: 42783
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

202.139.216.245/myoffice/images/123.jpg

202.139.216.245

200 OK

677 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/123.jpg
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 57x42, components 3
Size
677 B (677 bytes)
Hash
fea0a44d5524d978229a74803a277b2e
6266d3c32c41f338945083b2e654b49de149cf0b
9f2307e14c90af4455aa12a68976fe1214b5a89745a9f485d762898447b8794f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/123.jpg HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Fri, 10 May 2019 07:02:50 GMT
ETag: "2a5-5888327993a80"
Accept-Ranges: bytes
Content-Length: 677
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

202.139.216.245/myoffice/images/124.jpg

202.139.216.245

200 OK

3.5 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/124.jpg
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x2500, components 3
Size
3.5 kB (3514 bytes)
Hash
50a6bf9a106a028fc651dc77d03c2b19
20630791dcbdd280c875157cedcc1b508cd66945
c132949d13acab7c45f26d944f7070fe53a61e86ea975e3701dd84280a76f38b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/124.jpg HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Thu, 21 Aug 2014 13:44:04 GMT
ETag: "dba-50123e9f23100"
Accept-Ranges: bytes
Content-Length: 3514
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

202.139.216.245/myoffice/images/1234.jpg

202.139.216.245

200 OK

677 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/1234.jpg
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 57x42, components 3
Size
677 B (677 bytes)
Hash
9bc2e881369a4f93d26a9e2d0dcef88e
91026c87f5c101db1c88491f23f3645ad946795b
a59bd9e2217576405b52f7c51ae134c5ffbce766f5a2bffe581ec7be3f3a7cf9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/1234.jpg HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Fri, 10 May 2019 06:59:22 GMT
ETag: "2a5-588831b336680"
Accept-Ranges: bytes
Content-Length: 677
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

202.139.216.245/myoffice/images/003.png%20valign=

202.139.216.245

404 Not Found

229 B

URL GET HTTP/1.1
202.139.216.245/myoffice/images/003.png%20valign=
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
HTML document, ASCII text
Size
229 B (229 bytes)
Hash
798cdbf9d5767141c56f60090e5d0baf
5c8d3f919ebbfc16d3f1b360f17f5be1d59f8892
78451e8abb0d6f464f9cb48217659cd9dcb97db462b73f209cd6bf5060e359c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/003.png%20valign= HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Content-Length: 229
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

202.139.216.245/myoffice/fonts/thaisansneue-light-webfont.woff2

202.139.216.245

200 OK

24 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/fonts/thaisansneue-light-webfont.woff2
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
Web Open Font Format (Version 2), TrueType, length 24132, version 1.0
Size
24 kB (24132 bytes)
Hash
fb6e9a66d0d6626b6a07843a08c4ff34
8b9dd59c8b1f057d6e0aa39b065af49906233115
0a4866b65f8c4bca3fab4f5022794c8df6697f99e4985d770fd013f3308291ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/fonts/thaisansneue-light-webfont.woff2 HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/fonts/thsarabunnew.css
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Tue, 18 Nov 2014 09:04:20 GMT
ETag: "5e44-5081e616b0d00"
Accept-Ranges: bytes
Content-Length: 24132
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive

202.139.216.245/myoffice/images/125.jpg

202.139.216.245

200 OK

5.9 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/images/125.jpg
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1004x65, components 3
Size
5.9 kB (5923 bytes)
Hash
da949ab95764109d9eeaf0258efd6eae
747d1a4fde834fa430e65d50c7e52f75d025b2c9
613aa20a74b77cd8e9658f088a27f520c3b566e6d11023cec1b9c319ead2152e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/images/125.jpg HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Thu, 21 Aug 2014 11:22:32 GMT
ETag: "1723-50121efc88e00"
Accept-Ranges: bytes
Content-Length: 5923
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg

202.139.216.245/myoffice/fonts/thsarabunnew_bold-webfont.woff

202.139.216.245

200 OK

52 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/fonts/thsarabunnew_bold-webfont.woff
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
Web Open Font Format, TrueType, length 51744, version 1.0
Size
52 kB (51744 bytes)
Hash
8d8146f04b5d6c7acd967c6bbc512cfe
8e567388f800dc1552ab488f6441572d42b80d3a
7792dfc28a9bc9559d391e8109a338a7546b04eab9f1896c7ed021b4563bc75c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/fonts/thsarabunnew_bold-webfont.woff HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/fonts/thsarabunnew.css
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Sat, 05 Nov 2011 05:40:34 GMT
ETag: "ca20-4b0f642ae3880"
Accept-Ranges: bytes
Content-Length: 51744
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/x-font-woff

202.139.216.245/myoffice/font/th_fahkwang-webfont.woff

202.139.216.245

200 OK

54 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/font/th_fahkwang-webfont.woff
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
Web Open Font Format, TrueType, length 53476, version 1.0
Size
54 kB (53476 bytes)
Hash
694a51efb6884b867bf4a08817491af1
b0caaa9e7f4dc046d44abed13c80f44b7d8194f8
0de12005cf2fa051ea169db77193216b942a33e6f5cfe4f42515a8a0190f801f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/font/th_fahkwang-webfont.woff HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/font/th_fahkwang.css
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:08 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Wed, 02 Nov 2011 20:24:36 GMT
ETag: "d0e4-4b0c642b4c900"
Accept-Ranges: bytes
Content-Length: 53476
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/x-font-woff

202.139.216.245/myoffice/favicon.ico

202.139.216.245

200 OK

1.2 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/favicon.ico
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
49f45dd07728a7cebf10f74e7adcce06
52826f32af7c1838a80a64faef48b21559876049
19d4178b9417564c6c598a03661453948a5df2fc09fa403e9711c7ae85eec3e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/favicon.ico HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:09 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Mon, 11 May 2015 09:49:22 GMT
ETag: "47e-515cb4adb8c80"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/x-icon

202.139.216.245/myoffice/highslide/graphics/outlines/rounded-white.png

202.139.216.245

200 OK

2.1 kB

URL GET HTTP/1.1
202.139.216.245/myoffice/highslide/graphics/outlines/rounded-white.png
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
PNG image data, 40 x 3000, 8-bit gray+alpha, non-interlaced
Size
2.1 kB (2050 bytes)
Hash
ff904e99a0ecb32a27642d389adb91ba
c4ef235dcc34844e4050f845ff4ce22ce35fe0b8
e82d0547f662dc02f6d55c082758f5aac71937fee44bc0cb0f106f85b5fe2f81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/highslide/graphics/outlines/rounded-white.png HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:09 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Mon, 06 Apr 2009 20:20:42 GMT
ETag: "802-466e8a1edba80"
Accept-Ranges: bytes
Content-Length: 2050
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

202.139.216.245/myoffice/highslide/graphics/zoomout.cur

202.139.216.245

200 OK

326 B

URL GET HTTP/1.1
202.139.216.245/myoffice/highslide/graphics/zoomout.cur
IP
202.139.216.245:80
ASN
#135566 Thailand Government Data Center and Cloud service TGDCC

Requested by
http://202.139.216.245/myoffice/index.php

File type
MS Windows cursor resource - 1 icon, 32x32, 2 colors, hotspot @7x7
Size
326 B (326 bytes)
Hash
e5f236bf2b60f8c8fc1867d70636a046
2d1695a011edd32a1abc5329dcf4b8ee196d5e7f
110a21ee3616bfa86b492bb237eeb946ee4a643d7bb77a7fd2b131311f5ccf72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /myoffice/highslide/graphics/zoomout.cur HTTP/1.1
Host: 202.139.216.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://202.139.216.245/myoffice/index.php
Cookie: PHPSESSID=rbjeqo2nng2stkh9ncb3rf85r4
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 10:55:09 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Last-Modified: Mon, 06 Apr 2009 20:19:12 GMT
ETag: "146-466e89c907000"
Accept-Ranges: bytes
Content-Length: 326
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by