139.150.83.228/bbs/login.php
139.150.83.228200 OK 244 B URL User Request GET HTTP/1.1 139.150.83.228/bbs/login.php
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type HTML document, ASCII text
Hash 3b8edfdebb243ef0936c2e73c6ed13f3
9bca459801a49c0b5254184e2749fc73f1ed28c8
bc2da4c974c9f233fb4dbb31118e6f9125212afb9e7e1fcbf76e9a7ff784ae16
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bbs/login.php HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 24 Apr 2024 10:02:23 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Location: https://139.150.83.228/bbs/login.php
Content-Length: 244
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
139.150.83.228/bbs/login.php
139.150.83.228200 OK 17 kB URL User Request GET HTTP/1.1 139.150.83.228/bbs/login.php
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash a08c7bb4f781d9f0e63f4eb99a5fc171
2dac324447018b97931b40c885abed651977e0a6
d75378fe8e1fcce53f2793376beedab3d59d0cbdf232b994fffce0c7405181ea
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bbs/login.php HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:27 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
X-Powered-By: PHP/5.6.37
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; path=/
2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0; expires=Thu, 25-Apr-2024 10:02:27 GMT; Max-Age=86400; path=/
Expires: 0
Last-Modified: Wed, 24 Apr 2024 10:02:27 GMT
Cache-Control: pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.25.14200 OK 5.6 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.25.14:443
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (30837)
Hash 269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 10:02:27 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 746432
expires: Mon, 14 Apr 2025 10:02:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsA2L1Ioj%2BnqcnT1QIw54xeSvCYptnluu0Kzn%2FcGsKze9WKSRNGRkw9PJ9bvv5z5QfELPsX5R8zH0l1zcrzIuprO0k%2Fa%2BcuW5ImVmled61g2MZ%2FA%2FMvwCn1Mqn0sP9IJ6dU5r%2BPf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 879542036e31b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-F6HYNMJDGV
142.250.74.72200 OK 102 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-F6HYNMJDGV
IP 142.250.74.72:443
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File type JavaScript source, ASCII text, with very long lines (5945)
Size 102 kB (101704 bytes)
Hash 79099c2d7ceb1af1c08aa7848a93975b
4b88499722e8ca6cdbcaaf8d4b3ab99e8dc99ea1
37a68a22062637762849a4b3b6896208f8caba493d742ee742f44090eb1caff0
GET /gtag/js?id=G-F6HYNMJDGV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 10:02:27 GMT
expires: Wed, 24 Apr 2024 10:02:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101704
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
139.150.83.228/theme/basic/skin/member/basic/style.css?ver=240119
139.150.83.228200 OK 13 kB URL GET HTTP/1.1 139.150.83.228/theme/basic/skin/member/basic/style.css?ver=240119
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash 9b3510ed93d03596bf59ce46b4795259
04d7ee54881f69e5edfcda0a2fb0da3009f6e0f4
1c561c52dcd6927a174b2a8189b711f8b3d8cbcab288fd9026948ada2315c544
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/basic/skin/member/basic/style.css?ver=240119 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:27 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:13 GMT
ETag: "33b5-60f1e7a28c1bd"
Accept-Ranges: bytes
Content-Length: 13237
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/theme/basic/css/default.css?ver=240119
139.150.83.228200 OK 26 kB URL GET HTTP/1.1 139.150.83.228/theme/basic/css/default.css?ver=240119
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash 4c9c58e5aaed31a2af3bcf5249f1b1cd
c3626ed0aba313a6d1bf833620e8fdfb4f7071e8
b0165b89eab6461ada3aad4c31b970973d59d8577aff814ac52ae893c91113bb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /theme/basic/css/default.css?ver=240119 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:27 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:13 GMT
ETag: "6464-60f1e7a285c2d"
Accept-Ranges: bytes
Content-Length: 25700
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.googletagmanager.com/gtag/js?id=UA-300593674-1&l=dataLayer&cx=c
142.250.74.72200 OK 69 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=UA-300593674-1&l=dataLayer&cx=c
IP 142.250.74.72:443
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File type JavaScript source, ASCII text, with very long lines (2165)
Hash 0a33b7994ea5c82b174de63841a3e211
17af8f38b47e52ae2fd81506192b658422d7ffaf
32fe0639c8705a0da9f378b67bba3d244b70c66b7b5f242d59924fa24f668b58
GET /gtag/js?id=UA-300593674-1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 Apr 2024 10:02:28 GMT
expires: Wed, 24 Apr 2024 10:02:28 GMT
cache-control: private, max-age=900
last-modified: Wed, 24 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69182
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
139.150.83.228/main_property/css/lib/font-lotusicon.css
139.150.83.228200 OK 2.3 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/font-lotusicon.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash f038b319f865532a4959863fb3e523db
d64c1174aad8ec8474bf42a14c779f35d7e857ab
c614484582dd92a8c2b6370c5410baeae9ab3ec069ab1b340c9aff0573e84a53
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/font-lotusicon.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:28 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "8cf-60f1e7a1e59a8"
Accept-Ranges: bytes
Content-Length: 2255
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/css/lib/bootstrap-nanugo.css
139.150.83.228200 OK 130 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/bootstrap-nanugo.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type ASCII text, with very long lines (364)
Size 130 kB (129658 bytes)
Hash 0892da8f90e1707102e1bb66c570a460
58341a67853b256a716dd9f3e1dd6010aa3ba80a
65f184e35b44695a32c3b2144699c6d68bd94409469c775678dbb9166987f52e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/bootstrap-nanugo.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:28 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "1fa7a-60f1e7a1e55c0"
Accept-Ranges: bytes
Content-Length: 129658
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/css/lib/bootstrap-select-nanugo.css
139.150.83.228200 OK 6.3 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/bootstrap-select-nanugo.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash ca50686672e7688991d927dc548cb558
733d763eba362ba5783d1e8e25cf4f7972bfb78c
c629178478c02adc62e0ebfbd90160537262c1f39697fe8ce176788c081eacd0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/bootstrap-select-nanugo.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:28 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "1883-60f1e7a1e55c0"
Accept-Ranges: bytes
Content-Length: 6275
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/css/lib/magnific-popup.css
139.150.83.228200 OK 8.3 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/magnific-popup.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash 861495e90ab66a521a913408281c2364
e695e940acaa7de9e312d86251e7d5f55f81d103
d1200315e086ade561036ffc51c2a77a2475ddb5eb9033885018805be7326c40
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/magnific-popup.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:28 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "2086-60f1e7a1e59a8"
Accept-Ranges: bytes
Content-Length: 8326
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/css/lib/slick.css
139.150.83.228200 OK 2.0 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/slick.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash 8b6356e88222f36c98ce816a0bad4a36
2a77bc341547c1cb12a28639f7a264b37bc70a45
e29d3dfa50bc09af94dc49efa8b3af90ecd610843fc33d3bdeb27e2e791cf246
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/slick.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:28 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Thu, 18 Jan 2024 06:50:20 GMT
ETag: "7ee-60f32c6ee4edd"
Accept-Ranges: bytes
Content-Length: 2030
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/css/lib/select2.min.css
139.150.83.228200 OK 18 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/select2.min.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type ASCII text, with very long lines (615)
Hash 618e9f420c3b41431c18011652f3deb8
513a88db952728c33a2950c70704880397b33f45
c5193ee21b53e8453f917299e6ea80b151f08bc5a79f308891db16caf3285d7a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/select2.min.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "45b3-60f1e7a1e59a8"
Accept-Ranges: bytes
Content-Length: 17843
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/css/lib/jquery-ui.min.css
139.150.83.228200 OK 33 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/lib/jquery-ui.min.css
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type ASCII text, with very long lines (2363)
Hash 020ac0543b505b13f92a28a1b57b773d
2103b0722417845da51fbeed132e194ba6866084
22a47765861a64e7d0b4e420084eb868ff1c539dcccf1243c173183331c9d248
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/lib/jquery-ui.min.css HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:28 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "8283-60f1e7a1e59a8"
Accept-Ranges: bytes
Content-Length: 33411
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/js/wrest.js?ver=240119
139.150.83.228200 OK 11 kB URL GET HTTP/1.1 139.150.83.228/js/wrest.js?ver=240119
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash 2311ba719829adb363d3436deaa6e6f6
71588cf5112818a86cc1afa025b04da937ad6f28
c995f012d1a9994e1edfe4534e6249a2f7445ffea04a31a0ea400a475ca5e8ec
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/wrest.js?ver=240119 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "2b58-60f1e7a1dffd0"
Accept-Ranges: bytes
Content-Length: 11096
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/js/placeholders.min.js
139.150.83.228200 OK 5.1 kB URL GET HTTP/1.1 139.150.83.228/js/placeholders.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (3907)
Hash d07c9c7babb33305b664508a3fb1aea8
514764d085278cd8549812ddb5da316e8524d83e
4c141f368da1152af24808794c501b65be66f1550e1b0b2f6c10578fb945eaf2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/placeholders.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "13d7-60f1e7a1dffd0"
Accept-Ranges: bytes
Content-Length: 5079
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/js/common.js?ver=240119
139.150.83.228200 OK 21 kB URL GET HTTP/1.1 139.150.83.228/js/common.js?ver=240119
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (494)
Hash 82b2ab33b51897fafccac5b93168d8a3
cec47f0e335775492bc74dfa9e7c7c6171c80d60
94c9694d9597d99e91a145c94b5b1759241ea2495c24e3c80a714520ca7ca592
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/common.js?ver=240119 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "52de-60f1e7a1df800"
Accept-Ranges: bytes
Content-Length: 21214
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/js/function.js
139.150.83.228200 OK 777 B URL GET HTTP/1.1 139.150.83.228/js/function.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash 0cc814bc3c1ba08cee6ab036e77832f7
6472a3674e1efb4e4870b1735471847c38c6ced2
d87fc0b2659dfaa3069642f8c6a1eeb72a1037bc1cacc5194e2ad5ee1aad481b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/function.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "309-60f1e7a1df800"
Accept-Ranges: bytes
Content-Length: 777
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/css/responsive.css?ver=240119
139.150.83.228200 OK 68 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/responsive.css?ver=240119
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type assembler source, Unicode text, UTF-8 text
Hash f8585d4283e0f64a4d783562820b96a6
aa5c27cbe3710b51d29fcc521711c94cfb41c9bf
d4416cabdba8ef24880cc3fc9315787f66f0a01410a30b758980aaf3e4660f7a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/responsive.css?ver=240119 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 24 Jan 2024 02:43:28 GMT
ETag: "10b30-60fa80723a5cf"
Accept-Ranges: bytes
Content-Length: 68400
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/js/jquery-2.2.4.min.js
139.150.83.228200 OK 86 kB URL GET HTTP/1.1 139.150.83.228/js/jquery-2.2.4.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (32065)
Hash 852efe67141a5f29ac7377a2bfd480cb
d255e88c3319f0beacdbbbbbc3b1c286048ddb1a
2467aca79e4872b20ec882593cb8419414558a9f56a4d02e32cd486a7e18f2f3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/jquery-2.2.4.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Mon, 22 Jan 2024 05:00:21 GMT
ETag: "14e4c-60f81b4fd620f"
Accept-Ranges: bytes
Content-Length: 85580
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/bootstrap-select.js
139.150.83.228200 OK 59 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/bootstrap-select.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text
Hash 54317e44febfcf8fab6679ad7a94983f
7a08e384c2eeaede46a801c7ad6fe7a0672a8702
ffdbebda824976a8b1eeb34c6bad1d28a582d8ea139b6ea0d8e9a58677a9d897
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/bootstrap-select.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "e55c-60f1e7a1fa5b1"
Accept-Ranges: bytes
Content-Length: 58716
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.themepunch.tools.min.js
139.150.83.228200 OK 98 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.themepunch.tools.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (25522)
Hash ff2be50fbaaf60e26cd022218f639822
dc9889af0e3d11dc79521a8d7c231d7c39ffbfd6
bf47bc03c1c1ff93c041eb5a34e4c9471e4e64e0e0c672599f996fc7a972b119
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.themepunch.tools.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "180cf-60f1e7a1fbd21"
Accept-Ranges: bytes
Content-Length: 98511
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/bootstrap.min.js
139.150.83.228200 OK 36 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/bootstrap.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (32025)
Hash 8c237312864d2e4c4f03544cd4f9b195
253711c6d825de55a8360552573be950da180614
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/bootstrap.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "8c6f-60f1e7a1fa999"
Accept-Ranges: bytes
Content-Length: 35951
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/css/style.css?ver=240119
139.150.83.228200 OK 232 kB URL GET HTTP/1.1 139.150.83.228/main_property/css/style.css?ver=240119
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Size 232 kB (231458 bytes)
Hash de212382ce3a1fec0df3a0ae52aefe84
7c0f0d5dd9beb6706d747cef0ac63e666119727f
d3630f8472f997f39e1bcee1f2461a525872d8ddfc6d6a8062b67bfcea0f96d0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/css/style.css?ver=240119 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Fri, 26 Jan 2024 06:07:09 GMT
ETag: "38822-60fd31b359ada"
Accept-Ranges: bytes
Content-Length: 231458
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
139.150.83.228/main_property/js/lib/jquery.appear.min.js
139.150.83.228200 OK 4.2 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.appear.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text
Hash ad1f16b6a13daf29169bf73cf29206d0
990aaf5e09871660d3cda1f13367e2ae3425782f
6eff971a28cb7a683daa4437b7b29832d3c78b8a35e3a4f42dbf5181e0942f05
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.appear.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "1083-60f1e7a1fb939"
Accept-Ranges: bytes
Content-Length: 4227
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.themepunch.revolution.min.js
139.150.83.228200 OK 113 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.themepunch.revolution.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (65205)
Size 113 kB (113138 bytes)
Hash 0801758f13b2e6ddcf5cb4d099da8c21
b5590446180084aae78c71f40fca4824a81a0aac
770f981d80f084f2d2271a8c751756449a11b5ccae8525459f6cb1d37ab89453
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.themepunch.revolution.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "1b9f2-60f1e7a1fbd21"
Accept-Ranges: bytes
Content-Length: 113138
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.countTo.js
139.150.83.228200 OK 1.3 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.countTo.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (419)
Hash a84663a287a63209606a706824fa5ebd
f2240bd072b818781f012c12d0e347d1dfce0836
08e573ed80b97148a7884b0becda73274d8ff8b60ccb66eaca948211d3c07ac6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.countTo.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "52e-60f1e7a1fb939"
Accept-Ranges: bytes
Content-Length: 1326
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.countdown.min.js
139.150.83.228200 OK 4.7 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.countdown.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (3484)
Hash d916245beae3b86e92de0405fc875406
5f5bcaf994674d1490f9c933dde1da77ba75cbb7
3292cba82bd419f2cecb843cfd6083d679c73e9242e231935f8609703d7744f5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.countdown.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "124f-60f1e7a1fb939"
Accept-Ranges: bytes
Content-Length: 4687
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.parallax-1.1.3.js
139.150.83.228200 OK 1.8 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.parallax-1.1.3.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text
Hash 754fcebbf1082f189f19b68192e02fe1
673006df05a58a4b8936e437f540550cfd120b52
2f503129318acedac215ac588bc183f30fa4fe4fda3731681634313776f0f4ef
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.parallax-1.1.3.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "6ea-60f1e7a1fb939"
Accept-Ranges: bytes
Content-Length: 1770
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.magnific-popup.min.js
139.150.83.228200 OK 21 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.magnific-popup.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (21014)
Hash be3333626c57af03599abcb59b325e09
3824067348f6485d6b07d3a43660804e3731b21a
ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.magnific-popup.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "5297-60f1e7a1fb939"
Accept-Ranges: bytes
Content-Length: 21143
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/koreaexim.php
139.150.83.228200 OK 0 B URL GET HTTP/1.1 139.150.83.228/koreaexim.php
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /koreaexim.php HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0; _ga_F6HYNMJDGV=GS1.1.1713952948.1.0.1713952948.0.0.0; _ga=GA1.1.1782471390.1713952948
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
X-Powered-By: PHP/5.6.37
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Expires: 0
Last-Modified: Wed, 24 Apr 2024 10:02:30 GMT
Cache-Control: pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
139.150.83.228/main_property/js/lib/SmoothScroll.js
139.150.83.228200 OK 15 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/SmoothScroll.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash d53f6676528a31b8482559e4c49f034c
278f751d7e42c974d12154d21c8ac5f9b23a1629
7ea9ad7f53678ddaa8580e10c4f9a53b6511a3dd62c6e2abb350b0e92f9a6b3a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/SmoothScroll.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "3b8e-60f1e7a1fa1c9"
Accept-Ranges: bytes
Content-Length: 15246
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery-ui.min.js
139.150.83.228200 OK 343 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery-ui.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (749)
Size 343 kB (342876 bytes)
Hash ff5e066e300555be49e0ebdcc8a778f5
efce8d4c8d1d0dd4aeae0618aeb06c6f8b09d8d6
d636cad45d27d54245657fc4c1965d5f584fe14ff4aaeb7d91a43bef6b77552a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery-ui.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:29 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "53b5c-60f1e7a1fb551"
Accept-Ranges: bytes
Content-Length: 342876
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/slick.min.js
139.150.83.228200 OK 43 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/slick.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (42862)
Hash d5a61c749e44e47159af8a6579dda121
3b41b3bc956685015a347a2238e71db29dfa0dbb
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/slick.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "a76f-60f1e7a1fc109"
Accept-Ranges: bytes
Content-Length: 42863
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
use.fontawesome.com/releases/v5.0.0/webfonts/fa-solid-900.woff2
104.21.27.152200 OK 37 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.0.0/webfonts/fa-solid-900.woff2
IP 104.21.27.152:443
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 36588, version 1.0
Hash af25b808f44b7ba222c55a1ad21c6610
daeebea0ebc88f184fee3a201d583e65f6102e11
ece33ef25242231378aefe6a8f2418ec835c0db284bdffe85cb96d9f391cc144
GET /releases/v5.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://139.150.83.228
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 10:02:30 GMT
content-type: font/woff2
content-length: 36588
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "af25b808f44b7ba222c55a1ad21c6610"
last-modified: Fri, 22 Sep 2023 01:44:04 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CRosItqRcaxk4lUgUaDFaMjJCWuDquXHwytdLEzfCuT4y7jM8lrSkX44IZN2cQMklsbOp0nLJMVpnaJ8tCukM2mOtYLrGebuqq1z3rrFdNWtK1gn%2BFd2Cs9Aio8Qk%2Bd6Tajw2CBx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87954215e962569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
139.150.83.228/main_property/js/lib/select2.full.min.js
139.150.83.228200 OK 75 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/select2.full.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (32091)
Hash da607360bcc65284a197ada3d68d5439
a3cf7f0ff2baef254ce214b9bb042f01a7140a35
149b8bc61889897fb9420b347362582c8c89e62d28e1c720e8343ace08ad0986
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/select2.full.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "124fd-60f1e7a1fc109"
Accept-Ranges: bytes
Content-Length: 75005
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/ScrollTrigger.min.js
139.150.83.228200 OK 9.1 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/ScrollTrigger.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (488)
Hash 5f5119f6ee22c8a00fc6824108c1b46c
e77f5f6c890e40f48e91420cc7368cd3820b9185
d3c9271db90c796ba440dde9fa830c1fa4bbdef07206ba17f2a57a5bd2814227
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/ScrollTrigger.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "2398-60f1e7a1fa1c9"
Accept-Ranges: bytes
Content-Length: 9112
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.form.min.js
139.150.83.228200 OK 12 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.form.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (12329), with no line terminators
Hash 2133bf9e6d52368ead3cf94da3a68735
4112455d3b2c9a4d50bcd9d2b3f24fe6c2ba5321
14967a8ab7e290cbed9a486a47d6dcfe97ce744671eef76f9395b5eb04bfc13e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.form.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "3029-60f1e7a1fb939"
Accept-Ranges: bytes
Content-Length: 12329
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/lib/jquery.validate.min.js
139.150.83.228200 OK 22 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/lib/jquery.validate.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (1290)
Hash c593e70ef041ab387fefad5fe38a724c
3fd459c1468e1bb456d4ae04c6d0bd6e875e91e0
a931d758e10b5f646f42e4b1100ee31b7ce4cdf5a86d59133424b65c8802788b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/lib/jquery.validate.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "5461-60f1e7a1fbd21"
Accept-Ranges: bytes
Content-Length: 21601
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/script_modified.js
139.150.83.228200 OK 5.5 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/script_modified.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash a224cc264829cfc3e9c17a4e29f3b9e2
9c3a9fbbf6f1210f2b6d07aecc7110fe2cf0b454
e862c8aa84b401e94691a996889b120a69065c21d8924d3633cccf36420c36af
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/script_modified.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Fri, 26 Jan 2024 06:07:09 GMT
ETag: "154d-60fd31b35c9ba"
Accept-Ranges: bytes
Content-Length: 5453
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/js/scripts.js?ver=20240422
139.150.83.228200 OK 55 kB URL GET HTTP/1.1 139.150.83.228/main_property/js/scripts.js?ver=20240422
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash 38ef0545fbfaf19a6a8a02b0e3e3678f
1fabeb9464cbe25a87d74a144109c3ee7e59f21b
4366960a6557cd7284fb56b70aa8a0ccf0fd3dceccf1659a4b8c0d7a7ecc541f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/js/scripts.js?ver=20240422 HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:31 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Mon, 22 Apr 2024 02:03:56 GMT
ETag: "d5a9-616a5d99ff20e"
Accept-Ranges: bytes
Content-Length: 54697
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/main_property/images/login_logo.png
139.150.83.228200 OK 4.4 kB URL GET HTTP/1.1 139.150.83.228/main_property/images/login_logo.png
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type PNG image data, 130 x 82, 8-bit/color RGBA, non-interlaced
Hash 7f87f49886bff0ada7fc147cd6a427ff
ce868f576968660930208de595fd39bf82adcfe7
5f88e5700e4d8f7d7625585666fb2d601a6ec1675e291318e67a5cc86a6d93ba
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/images/login_logo.png HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:31 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "1125-60f1e7a1f0d58"
Accept-Ranges: bytes
Content-Length: 4389
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
139.150.83.228/main_property/images/logo-footer.svg
139.150.83.228200 OK 9.7 kB URL GET HTTP/1.1 139.150.83.228/main_property/images/logo-footer.svg
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type SVG Scalable Vector Graphics image
Hash dd575ab2a1e148a26c5dc38569a0523d
5d3d38ae321d79ca0ff627d351ee336ea372a523
800efa84601e335d75a271be9793c21d31e005787d868b06e4b5cfc8f77dccda
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/images/logo-footer.svg HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:31 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "25c6-60f1e7a1f0d58"
Accept-Ranges: bytes
Content-Length: 9670
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
139.150.83.228/js/jquery-2.2.4.min.js
139.150.83.228200 OK 86 kB URL GET HTTP/1.1 139.150.83.228/js/jquery-2.2.4.min.js
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type JavaScript source, ASCII text, with very long lines (32065)
Hash 852efe67141a5f29ac7377a2bfd480cb
d255e88c3319f0beacdbbbbbc3b1c286048ddb1a
2467aca79e4872b20ec882593cb8419414558a9f56a4d02e32cd486a7e18f2f3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/jquery-2.2.4.min.js HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0; _ga_F6HYNMJDGV=GS1.1.1713952948.1.0.1713952948.0.0.0; _ga=GA1.1.1782471390.1713952948
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:30 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Mon, 22 Jan 2024 05:00:21 GMT
ETag: "14e4c-60f81b4fd620f"
Accept-Ranges: bytes
Content-Length: 85580
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
139.150.83.228/img/favicon.ico
139.150.83.228200 OK 1.2 kB URL GET HTTP/1.1 139.150.83.228/img/favicon.ico
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash 63f3bdd2ce703247306351a9c6ff4077
120af46f423558978f4a2b1db0071ef36134f73e
bd5eebc480d06f654a536d60f7d7f9d05e8dcf63ce762f051e4052f17ad317f7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon.ico HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0; _ga_F6HYNMJDGV=GS1.1.1713952948.1.0.1713952948.0.0.0; _ga=GA1.1.1782471390.1713952948
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:31 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Thu, 25 Jan 2024 05:25:07 GMT
ETag: "47e-60fbe6707749c"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/x-icon
139.150.83.228/img/favicon.ico
139.150.83.228200 OK 1.2 kB URL GET HTTP/1.1 139.150.83.228/img/favicon.ico
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash 63f3bdd2ce703247306351a9c6ff4077
120af46f423558978f4a2b1db0071ef36134f73e
bd5eebc480d06f654a536d60f7d7f9d05e8dcf63ce762f051e4052f17ad317f7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon.ico HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/bbs/login.php
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0; _ga_F6HYNMJDGV=GS1.1.1713952948.1.0.1713952948.0.0.0; _ga=GA1.1.1782471390.1713952948
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:31 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Thu, 25 Jan 2024 05:25:07 GMT
ETag: "47e-60fbe6707749c"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/x-icon
139.150.83.228/main_property/fonts/lotus/icomoon.woff?-kpo47j
139.150.83.228200 OK 17 kB URL GET HTTP/1.1 139.150.83.228/main_property/fonts/lotus/icomoon.woff?-kpo47j
IP 139.150.83.228:443
ASN #3786 LG DACOM Corporation
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerGlobalSign nv-sa
Subjectwww.tomonoyahotel.kr
Fingerprint54:C3:D6:6C:4C:E7:AF:6C:E7:F1:AB:DC:95:A2:C7:0D:31:E4:75:D1
ValidityThu, 25 Jan 2024 06:27:14 GMT - Tue, 25 Feb 2025 06:27:13 GMT
File type Web Open Font Format, TrueType, length 16896, version 1.0
Hash a33d9f9499a30aa685e6a1a81973b509
ce40db66e8e29b967160629bca320b550f1f0d06
576639c617b714049113e9d45544fcb59fdf5e534dfb0e3f6f14f66ba550d6f9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main_property/fonts/lotus/icomoon.woff?-kpo47j HTTP/1.1
Host: 139.150.83.228
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/main_property/css/lib/font-lotusicon.css
Cookie: PHPSESSID=obrb7js0dv54i6kvilq87noqb5; 2a0d2363701f23f8a75028924a3af643=OTEuOTAuNDIuMTU0; _ga_F6HYNMJDGV=GS1.1.1713952948.1.0.1713952948.0.0.0; _ga=GA1.1.1782471390.1713952948
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 10:02:31 GMT
Server: Apache/2.4.34 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.37
Last-Modified: Wed, 17 Jan 2024 06:37:12 GMT
ETag: "4200-60f1e7a1ebb50"
Accept-Ranges: bytes
Content-Length: 16896
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: font/woff
use.fontawesome.com/releases/v5.0.0/css/all.css
104.21.27.152200 OK 33 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.0.0/css/all.css
IP 104.21.27.152:443
Requested by https://139.150.83.228/bbs/login.php
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (33229)
Hash e35d9c4ebaea0573df8e4a9505b72eea
5fbb384cd8cd7a64483e6487d8d8179a633f9954
9f29f2bbb25602f4bdbd3122c317244f8fd9741106ffd5a412574b02ee794993
GET /releases/v5.0.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://139.150.83.228/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 10:02:27 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"e35d9c4ebaea0573df8e4a9505b72eea"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1090704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oaOCkQFOuE8B9nKgIy9b19hvJV%2BPsPYCmS8nx0QJXi%2Fom0U0hezJSyapeU0Kh%2FnH36nzkLeeLNp5XXA2S8d3uD6p7IiPj73xKSMeOYOzq7EClAicW69T2xQ7bYsQoHiRi7gWFcDR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879542037b59b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2