Report - ghhy.tongji.edu.cn/tjhyxt/admin/

Report Overview

Visited public
2023-09-23 11:05:33
Tags
URL
ghhy.tongji.edu.cn/tjhyxt/admin/
Finishing URL
ghhy.tongji.edu.cn/tjhyxt/admin/
IP / ASN
202.120.188.98
#4538 China Education and Research Network Center
Title
工会会员管理系统

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.cn	37572	2006-01-24	2020-03-20 18:45:56	2023-09-23 05:33:57	330 B	964 B	47.246.44.205
ghhy.tongji.edu.cn	unknown	unknown	No data	No data	3.3 kB	356 kB	202.120.188.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	tongji.edu.cn	Sinkholed
2023-09-23	medium	tongji.edu.cn	Sinkholed
2023-09-23	medium	tongji.edu.cn	Sinkholed
2023-09-23	medium	tongji.edu.cn	Sinkholed
2023-09-23	medium	tongji.edu.cn	Sinkholed
2023-09-23	medium	tongji.edu.cn	Sinkholed
2023-09-23	medium	tongji.edu.cn	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	ghhy.tongji.edu.cn/tjhyxt/admin/tinymce4.7.5/tinymce.min.js	ScriptElement	406 kB	2023-09-23	2023-09-23
Pretty URL ghhy.tongji.edu.cn/tjhyxt/admin/tinymce4.7.5/tinymce.min.js IP 202.120.188.98 ASN #4538 China Education and Research Network Center Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 13:05 Last Seen2023-09-23 13:05 Times Seen1 Hash cc1f2cb431fd18f0b9393b6346c9759c 0a9bac1c771c536ef87a3d9c5219be0674948d70 bcee2c7fa94936811be99ae25b1ca8091894b987cbab976f9b72d3e7b319646c Loading...

	ghhy.tongji.edu.cn/tjhyxt/admin/	ScriptElement	481 B	2024-08-21	2024-08-21
Pretty URL ghhy.tongji.edu.cn/tjhyxt/admin/ IP 202.120.188.98 ASN #4538 China Education and Research Network Center Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:57 Last Seen2024-08-21 05:57 Times Seen1 Hash f2b2c7acca317dc5f2d9e7323fd81695 2b014ff69a553ecc31ea2bea02606d6be833b93a 236c8af9e861bd7f21face972f44d9f02d54c88ac9f47f79019d2bd24651a4f0 Loading...

HTTP Transactions (8)

URL IP Response Size

ocsp.digicert.cn/

47.246.44.205

471 B

URL
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
1bcef5cc142bf7587df9798c7142f4e3
6beee91f4c22c434df81b708ccebb300b87f9f2d
272d1df725fd6fd54bb4e6bce975d41e39add2fcad61f040400697cd28bac9cb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sat, 23 Sep 2023 11:05:16 GMT
Ali-Swift-Global-Savetime: 1695467116
Via: cache14.l2de2[49,49,200-0,M], cache14.l2de2[50,0], cache2.se1[72,71,200-0,M], cache2.se1[74,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 23 Sep 2023 11:05:16 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616954671162782054e

ghhy.tongji.edu.cn/tjhyxt/admin/

202.120.188.98

200 OK

2.6 kB

URL User Request GET HTTP/1.1
ghhy.tongji.edu.cn/tjhyxt/admin/
IP
202.120.188.98:443
ASN
#4538 China Education and Research Network Center

Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7584)
Size
2.6 kB (2624 bytes)
Hash
1aef7ff4a5bf0998ef5bf6661d66663a
d53f0813acd8b9261443bc55a532401fbed00679
5e0629ef8d9b972fa7ab84312050faafceee2ceb92dbd949222bfcb2db850ab1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/ HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ghhy.tongji.edu.cn/tjhyxt/admin/static/js/app.c2eb2b41.js

222.66.109.32

200 OK

50 kB

URL GET HTTP/1.1
ghhy.tongji.edu.cn/tjhyxt/admin/static/js/app.c2eb2b41.js
IP
222.66.109.32:443
ASN
#4812 China Telecom Group

Requested by
https://ghhy.tongji.edu.cn/tjhyxt/admin/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (64466), with no line terminators
Size
50 kB (50431 bytes)
Hash
8589f974d9f057f20949420d8e7bd682
c681766f7a43f46176f15c9703799c6646f0e2ff
e8811a47dcaf5c723a1e9d15dffc44b4b7e9c535c1ca36bc4e8416e571323e3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/static/js/app.c2eb2b41.js HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghhy.tongji.edu.cn/tjhyxt/admin/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ghhy.tongji.edu.cn/tjhyxt/admin/tinymce4.7.5/tinymce.min.js

202.120.188.98

200 OK

156 kB

URL GET HTTP/1.1
ghhy.tongji.edu.cn/tjhyxt/admin/tinymce4.7.5/tinymce.min.js
IP
202.120.188.98:443
ASN
#4538 China Education and Research Network Center

Requested by
https://ghhy.tongji.edu.cn/tjhyxt/admin/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65252)
Size
156 kB (155460 bytes)
Hash
cc1f2cb431fd18f0b9393b6346c9759c
0a9bac1c771c536ef87a3d9c5219be0674948d70
bcee2c7fa94936811be99ae25b1ca8091894b987cbab976f9b72d3e7b319646c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/tinymce4.7.5/tinymce.min.js HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghhy.tongji.edu.cn/tjhyxt/admin/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ghhy.tongji.edu.cn/tjhyxt/admin/static/css/chunk-vendors.cde3554e.css

222.66.109.32

200 OK

50 kB

URL GET HTTP/1.1
ghhy.tongji.edu.cn/tjhyxt/admin/static/css/chunk-vendors.cde3554e.css
IP
222.66.109.32:443
ASN
#4812 China Telecom Group

Requested by
https://ghhy.tongji.edu.cn/tjhyxt/admin/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
50 kB (50085 bytes)
Hash
898cd2cdf212cd6212f9c841c0c37867
33b0346b307864f1e4d3861b1e7a33d569d5f11c
d825de22006f2368b79bd234d3dc89cf3dc5e6f86561afb8e9473e8679dab810

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/static/css/chunk-vendors.cde3554e.css HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghhy.tongji.edu.cn/tjhyxt/admin/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:17 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 01 Aug 2023 10:10:45 GMT
ETag: W/"64c8da25-3bb18"
Content-Encoding: gzip

ghhy.tongji.edu.cn/tjhyxt/admin/static/css/app.9b5bc040.css

222.66.109.32

200 OK

91 kB

URL GET HTTP/1.1
ghhy.tongji.edu.cn/tjhyxt/admin/static/css/app.9b5bc040.css
IP
222.66.109.32:443
ASN
#4812 China Telecom Group

Requested by
https://ghhy.tongji.edu.cn/tjhyxt/admin/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (91155 bytes)
Hash
5a1850e5bf771f9159d18f438b9a29c3
bf230be4e04d4e6ee77974c4e4b91c40b93cf51c
583246430874d8365dd6299b723179f36bbe76ca5c460cf7b81bd748dfda5fce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/static/css/app.9b5bc040.css HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghhy.tongji.edu.cn/tjhyxt/admin/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:18 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 01 Aug 2023 10:10:43 GMT
ETag: W/"64c8da23-91e69"
Content-Encoding: gzip

ghhy.tongji.edu.cn/tjhyxt/admin/favicon.ico

202.120.188.98

200 OK

4.3 kB

URL GET HTTP/1.1
ghhy.tongji.edu.cn/tjhyxt/admin/favicon.ico
IP
202.120.188.98:443
ASN
#4538 China Education and Research Network Center

Requested by
https://ghhy.tongji.edu.cn/tjhyxt/admin/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
2b476d66ae92b1fe5b207c841ebf9440
6f55d942bf7e2a459fa31c4fa386bb161b489597
e609b9f949eb796bde2f54e502473a0a2b4dc03d66bbd417cd5db896122e32a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/favicon.ico HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghhy.tongji.edu.cn/tjhyxt/admin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:25 GMT
Content-Type: image/x-icon
Content-Length: 4286
Connection: keep-alive
Last-Modified: Tue, 01 Aug 2023 10:10:38 GMT
ETag: "64c8da1e-10be"
Accept-Ranges: bytes

ghhy.tongji.edu.cn/tjhyxt/admin/static/js/chunk-vendors.ceb6acf8.js

0.0.0.0

0 B

URL GET
ghhy.tongji.edu.cn/tjhyxt/admin/static/js/chunk-vendors.ceb6acf8.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://ghhy.tongji.edu.cn/tjhyxt/admin/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.tongji.edu.cn
Fingerprint76:A7:68:AF:C6:96:B9:2F:14:06:78:9A:5F:55:40:68:02:3C:54:8E
ValidityThu, 13 Apr 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tjhyxt/admin/static/js/chunk-vendors.ceb6acf8.js HTTP/1.1
Host: ghhy.tongji.edu.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghhy.tongji.edu.cn/tjhyxt/admin/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: none
Date: Sat, 23 Sep 2023 11:05:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type