Report - 110.16.192.42:8888/login

Report Overview

Submitted URL
110.16.192.42:8888/login
IP
110.16.192.42
ASN
#4837 CHINA UNICOM China169 Backbone
Submitted
2024-03-29 09:34:54
Access
public
Website Title
管理平台
Final URL
110.16.192.42:8888/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
110.16.192.42:8888	unknown	unknown	No data	No data	6.3 kB	1.4 MB	110.16.192.42
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22	2024-03-28	366 B	326 B	54.230.111.70

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed
2024-03-29	medium	110.16.192.42	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	110.16.192.42:8888/static/js/jquery-3.5.1.js	288 kB	2023-03-07	2024-04-28
Pretty URL 110.16.192.42:8888/static/js/jquery-3.5.1.js IP 110.16.192.42 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-04-28 18:48:18 Times Seen3666 Hash 23c7c5d2d1317508e807a6c7f777d6ed ad16c4a132ad2a03b4951185fed46d55397b5e88 416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37 Loading...

	110.16.192.42:8888/static/js/crypto-js.js	192 kB	2023-03-07	2024-04-28
Pretty URL 110.16.192.42:8888/static/js/crypto-js.js IP 110.16.192.42 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:06:05 Last Seen2024-04-28 18:35:45 Times Seen600 Hash 60ab5dbd46dfa34dfef3c1548a22a978 3dd73b6f13dc818a3a9c5c7424c1c4a9649b00a2 c6826494432163d74fd27e78ad011a13d55e4670441cd49fc9f1e52a4afd28d9 Loading...

	110.16.192.42:8888/static/js/ase.js	456 B	2023-03-08	2024-03-29
Pretty URL 110.16.192.42:8888/static/js/ase.js IP 110.16.192.42 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:06:59 Last Seen2024-03-29 10:35:01 Times Seen398 Hash 0fef088c562099ce6ab48b148d89eda3 f6bf7d93de93b32cdb1b5637d4124e9b8f14baff b1851a6f99105b4ce29c87b3bc6c4fb0e700036c407c489961d619dd2a7e0a7d Loading...

	110.16.192.42:8888/login	8.0 kB	2024-03-29	2024-03-29
Pretty URL 110.16.192.42:8888/login IP 110.16.192.42 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 10:35:01 Last Seen2024-03-29 10:35:01 Times Seen1 Hash 916c7c1f68b6319f6d358463942b7ddd 99abd83be9cd10bf525b942ac15d58b9bf2d5f4d 502e208a205610563c2e222bb6d8219a26290a720edb1a6d883a8696c58c8e85 Loading...

	110.16.192.42:8888/static/js/jsencrypt.js	178 kB	2024-03-29	2024-03-29
Pretty URL 110.16.192.42:8888/static/js/jsencrypt.js IP 110.16.192.42 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:35:01 Last Seen2024-03-29 10:35:01 Times Seen2 Hash 5eb0b9040a89b3aaae0e1002fc1248ac 5ee4f52d9359a5722034bd186cb422e085ae28b1 6b4baa96849c24b4626d412a3127b85ed6f44d8b613ad91ef708246216e97924 Loading...

	110.16.192.42:8888/static/js/verify.js	32 kB	2024-03-29	2024-03-29
Pretty URL 110.16.192.42:8888/static/js/verify.js IP 110.16.192.42 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 10:35:01 Last Seen2024-03-29 10:35:01 Times Seen1 Hash bcff9ceff1ab14167ff97385c6263614 6e98b4bd54b2973d89217d6f760c4b3f95f3731b 7c2dc9a517cf2b1167a0a6904c6857b56e2ac83c4c6dda73ee0a6a6bd9bfa461 Loading...

HTTP Transactions (14)

URL IP Response Size

110.16.192.42:8888/login

110.16.192.42

200

145 B

URL User Request GET HTTP/1.1
110.16.192.42:8888/login
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
145 B (145 bytes)
Hash
dca33d79e50624118086e38d6f06474d
f77dbf575df9d76c5c06e861651654c090e7df96
05b793fb24af6aad057ea4eaebfa26c14ced0e694e7bb243ef80ed6f2931f541

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:32 GMT
Content-Type: text/html
Content-Length: 145
Connection: close
Location: https://110.16.192.42:8888/login

mitmdetection.services.mozilla.com/

54.230.111.70

0 B

URL
mitmdetection.services.mozilla.com/
IP
54.230.111.70:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
date: Fri, 29 Mar 2024 09:34:29 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SerWdvqLYIDSsluIwJR4JbYk__m9I54POBwD5RNlypw6KsqzxcBBPw==
X-Firefox-Spdy: h2

110.16.192.42:8888/login

110.16.192.42

200

4.5 kB

URL User Request GET HTTP/1.1
110.16.192.42:8888/login
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (305)
Size
4.5 kB (4534 bytes)
Hash
9cff8d4f639ab916dee55dd6c0f04af0
80deef2e94bd35cba1081254ab456d357f469832
fc371be7e61e0884a0f84011f52642e3c0a40c03c6dbcb57857ea5395b19e272

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC; Path=/; HttpOnly
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Language: en-US
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/static/css/verify.css

110.16.192.42

200

3.4 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/css/verify.css
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
Unicode text, UTF-8 text, with very long lines (2295)
Size
3.4 kB (3358 bytes)
Hash
5a32562d775f24fd956412145427fd74
6a9cf9c09aea6055eeebd9f990584ed520182940
a02ae5e45a96c61b4dd3daddf0bc4f158b43c8c945c3f3b5654d5b2115a89e9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/verify.css HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/static/img/logo.svg

110.16.192.42

200

8.9 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/img/logo.svg
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
SVG Scalable Vector Graphics image
Size
8.9 kB (8919 bytes)
Hash
6f52658e506b15636856c0f683a5d826
be89bdfe446a4ae56a6c702891bee10b44c7c0ca
8cd85f8c0cabad524c8f32f58accbb522c7d14522fc3442deb676cfeadc498f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/img/logo.svg HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:36 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/static/js/jquery-3.5.1.js

110.16.192.42

200

84 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/js/jquery-3.5.1.js
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JavaScript source, ASCII text
Size
84 kB (84374 bytes)
Hash
23c7c5d2d1317508e807a6c7f777d6ed
ad16c4a132ad2a03b4951185fed46d55397b5e88
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/jquery-3.5.1.js HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/static/js/ase.js

110.16.192.42

200

456 B

URL GET HTTP/1.1
110.16.192.42:8888/static/js/ase.js
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
Unicode text, UTF-8 text
Size
456 B (456 bytes)
Hash
0fef088c562099ce6ab48b148d89eda3
f6bf7d93de93b32cdb1b5637d4124e9b8f14baff
b1851a6f99105b4ce29c87b3bc6c4fb0e700036c407c489961d619dd2a7e0a7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/ase.js HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:36 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 456
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL

110.16.192.42:8888/static/js/verify.js

110.16.192.42

200

5.9 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/js/verify.js
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
5.9 kB (5946 bytes)
Hash
9dcdc9aeee4b651dd88fb6affc3caf28
5b0df370fc87aa8f5f383037142754ef32ceda40
ec73ad7542838d3eb107c5cb96f6eb8e5a3afd9b4d2cf1d808e25c71c2df4a7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/verify.js HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:37 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/static/js/jsencrypt.js

110.16.192.42

200

35 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/js/jsencrypt.js
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JavaScript source, ASCII text, with very long lines (828)
Size
35 kB (35146 bytes)
Hash
5eb0b9040a89b3aaae0e1002fc1248ac
5ee4f52d9359a5722034bd186cb422e085ae28b1
6b4baa96849c24b4626d412a3127b85ed6f44d8b613ad91ef708246216e97924

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/jsencrypt.js HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/static/js/crypto-js.js

110.16.192.42

200

31 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/js/crypto-js.js
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (756)
Size
31 kB (31390 bytes)
Hash
60ab5dbd46dfa34dfef3c1548a22a978
3dd73b6f13dc818a3a9c5c7424c1c4a9649b00a2
c6826494432163d74fd27e78ad011a13d55e4670441cd49fc9f1e52a4afd28d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/crypto-js.js HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

110.16.192.42:8888/rsa/key

110.16.192.42

200

216 B

URL GET HTTP/1.1
110.16.192.42:8888/rsa/key
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
ASCII text, with no line terminators
Size
216 B (216 bytes)
Hash
31ae15a15abbedcd2c84f063faa86b6c
4e3b61ad6270b0e20464122c5311640ce850d1bb
055e866ee7d199c12c504071db34a0075581a3a2d2dfb4d4e27c144f3ca173a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rsa/key HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:37 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 216
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL

110.16.192.42:8888/static/img/favicon.ico

110.16.192.42

200

7.1 kB

URL GET HTTP/1.1
110.16.192.42:8888/static/img/favicon.ico
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 64x63, components 3
Size
7.1 kB (7149 bytes)
Hash
59ff62c34095140da4781646f6aa2115
3dea238f3324029cbf1511e95b2c7a31b5759819
d119b48a764c83f23d8fb28c17b93eb3ec63191dbd31e7de6364c8c365a17e7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/img/favicon.ico HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:38 GMT
Content-Type: image/x-icon
Content-Length: 7149
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL

110.16.192.42:8888/mycaptcha/captcha/get

110.16.192.42

200

178 kB

URL POST HTTP/1.1
110.16.192.42:8888/mycaptcha/captcha/get
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JSON text data
Size
178 kB (178088 bytes)
Hash
7b2bdda2bcfb9b446e9b6eab0427db3f
f2b99b1ef3f0c56a3294c5df8b878e039783f701
0ca4e1df7fdb98fe95f3c42fa5ab5243826b81ac2ace4c7f833c90d640b143ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /mycaptcha/captcha/get HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 106
Origin: https://110.16.192.42:8888
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL

110.16.192.42:8888/static/img/login-bg.jpg

110.16.192.42

200

1.0 MB

URL GET HTTP/1.1
110.16.192.42:8888/static/img/login-bg.jpg
IP
110.16.192.42:8888
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://110.16.192.42:8888/login
Certificate
Issuerspe
Subject110.16.192.42
Fingerprint5F:0C:5E:AD:5D:AE:26:12:1B:97:B8:90:89:B9:B0:DE:56:7D:A8:9E
ValidityTue, 11 Jul 2023 01:02:49 GMT - Wed, 10 Jul 2024 01:02:49 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x600, components 3
Size
1.0 MB (1013906 bytes)
Hash
aed8f477f3236c25cba5acf557c0e341
85cb756e930796917d229d8aadb2df7e98dc3a2f
1c9fa62bb86e1d0e79b25f2b2cdfecdc4825d198f3d76deb7d636d3f87ac67e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/img/login-bg.jpg HTTP/1.1
Host: 110.16.192.42:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://110.16.192.42:8888/login
Cookie: JSESSIONID=DA6AC0B9CD4F930F697B44FDBFD631DC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.21.6
Date: Fri, 29 Mar 2024 09:34:37 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age: 3600
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 26 Mar 2024 01:27:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: ALLOWALL
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP