Report - 139.224.71.20/update/Riot

Report Overview

Visited public
2024-12-04 02:21:02
Tags
URL
139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Finishing URL
139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
IP / ASN
139.224.71.20
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Title
值得拥有的永恒

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

106

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
139.224.71.20	unknown	unknown	No data	No data	25 kB	1.9 MB	139.224.71.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-04 02:20:35	medium	Client IP	139.224.71.20	ET INFO Executable Download from dotted-quad Host

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-12-04	medium	139.224.71.20/resource/assets/winery01/view/v3/js/common.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed
2024-12-04	medium	139.224.71.20	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	From	Size	First Seen	Last Seen
	139.224.71.20/resource/assets/winery01/view/v3/js/QRcode.js	ScriptElement	32 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/QRcode.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash c3764027f9231750808f652efa6a8db3 3ac81ef7e71ab3fc91f7dd43bae7e48350327530 cc3c7e3a189306dc6362fa70aa8112d7975dc00c9bc73fd8d484c4032652bfe3 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/common.js	ScriptElement	601 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/common.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 5d794ce45dfd61461e3273bf8ab5dac0 afb85fa94e805835cce1f717d490135adc1155b4 d5ebe8b82c70ca6e7b86aa09e53b73e54ecb971441294cb670ec1d1fb1eda897 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/AsyncPage-Abnormal404.js	ScriptElement	2.7 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/AsyncPage-Abnormal404.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash fba3c7dffac2841e94a4d87ea6e1e15f 3aae427f24b1f2ec3480f5bb720d5de1e5fcf258 5cc84e0e9ed4a0a6c469f352013a11bd9aad172db9f01bec313280c7f24a7536 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/app.js	ScriptElement	563 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/app.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash f55a3c6ecbe307b10878b5a8d5804f4e 0d557b9bd77c31347dcca20285564cd9b1868fb7 7be46ccdf21d54722b220bfd5a8b7be8a5f9da0cab2a269e5869a08ab2d135dd Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/Common-clientMyOrderPayFailed.js	ScriptElement	5.0 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/Common-clientMyOrderPayFailed.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 85befd5a75aebdaa4283314ad614f1f5 049f2bcee6bd95634a9e1e6c257ea20a48444af8 717827205046fc06591936c2f1e0d6f49f141c731bf57c342291fe1fa949cc06 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImageAndVideo.js	ScriptElement	2.2 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImageAndVideo.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 34cf0df02bdacd69131adb0497114752 46febb6aefb2838448f7e17fa5fcbf5638ae5e7f a62eb1423fb36de8a264e746da71471a0786036ea81c2ee0c869e9e858e56673 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/polyfill.min.js	ScriptElement	105 kB	2023-03-07	2025-05-12
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/polyfill.min.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07 Last Seen2025-05-12 02:00 Times Seen934 Hash 45b9836beb16da615f0a74ead7c4b40c fb7a461636866804fc4e0f55642384a9b522b917 59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/vue.router.min.js	ScriptElement	29 kB	2024-05-18	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/vue.router.min.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-18 08:24 Last Seen2025-01-16 17:33 Times Seen19 Hash da0f70a9594012e25fe1d45fe114b797 95d3d395c16f90bd98edfa0c8acbf0446e46786f 0ecdeb17aed1657e9a867314334ecde140e6f90a04ec87fd9a736c1608abf5f1 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/VueManifest.js	ScriptElement	12 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/VueManifest.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 3a4c02008bd820026ec3cd367815d3df 6622101365ff42b9c1dc7a43c53fb0337225eb09 03856ea36aaea57ff885de3bd979157e50eaa8ee5efe7fcaca29cbf1de634e7d Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/uiwidget.js	ScriptElement	1.5 MB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/uiwidget.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash ac1bdc29d4af533927ddbba7bc75e72b d3f7c6f9ddc4cf54fc56485c103c0d072db48f8d 1f3055f7992a7e3a5c6178047f37f9063751a7f6c1fb6642c57962e7b8be78dc Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/FormCreate.js	ScriptElement	1.5 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/FormCreate.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 15cc52e3e2842e2551f5609212801197 d1fa47fd3ab174a68e699786222f8238ee37d23f 8cd69acddf0e43e7032db47582dcca9d3d7f3576a14c0add98f6a0e498e75362 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditText.js	ScriptElement	6.5 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditText.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 5e8ac887a5c698d8bc45a7e089e4365a 13c93cb67b1caefdbd546701228c32aa90e7cd63 24a126a4f22e3d1bd1b2302f322f75c52716bbcfb6a5a31ba5784dae4c7349da Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImage.js	ScriptElement	7.0 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImage.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash a31edbed35713f5879ac38a2d8258d30 74983013d78f1e748bd715a1cf9a18a63ea378e2 43495a2349e153f93ddb958205c1167271951c905224dc2d42b9787a92b3ba9e Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/CustomRouterLink.js	ScriptElement	4.6 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/CustomRouterLink.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash a86a3a720f371e7b6f8b9131b2ac84d5 db73537764f1b1e36c27ce733bb2ca76263fee7a 4eafefcf72a9fa33995cc9232c7390fbae1f0b6158602885efc743868f0351fd Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/vuex.min.js	ScriptElement	12 kB	2023-03-11	2025-02-12
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/vuex.min.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:25 Last Seen2025-02-12 02:36 Times Seen37 Hash 88c7e1893e1d6de8543e4cacc90f12eb ee4a39d021e8663c79da3f158f2c7a86559ddc9f ddbc8396f8881c01e141534fde04bc67fddb7062f9f8ea31d903e8c236c5bfaf Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/vendor.js	ScriptElement	312 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/vendor.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash 13f0efa24aa7d1b311cd92c595ceb8cc 3a67221bf3fe9682f35dd34cd44a32a120263ded d6162bd3fdea207db9868ae775669cf4b4d0b26c9a128599aaad95de83f56a05 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/Common-Popup.js	ScriptElement	13 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/Common-Popup.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash a51f4b63046c39a9f9f6e7ef33f8e295 0f38f58442af32eb58aeda127c0064d3997a19ba a8b8da58d2f1d33e1a576c98e4cd51cca6eb8ce0741377d685e759c98adb4622 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/ImageLayout.js	ScriptElement	6.5 kB	2024-09-02	2025-01-16
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/ImageLayout.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-02 03:06 Last Seen2025-01-16 17:33 Times Seen11 Hash cb1faaaad925414b56f73d006e5e4a29 3a766c05b3595bbe29e100deb70516d12f761f20 00ee878afbdd3a1ab41c083fced179829dfadb9464b045b21c1170b410759467 Loading...

	139.224.71.20/resource/assets/winery01/view/v3/js/vue.min.js	ScriptElement	94 kB	2023-03-07	2025-05-10
Pretty URL 139.224.71.20/resource/assets/winery01/view/v3/js/vue.min.js IP 139.224.71.20 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:58 Last Seen2025-05-10 00:14 Times Seen1458 Hash fb192338844efe86ec759a40152fcb8e e55df1f7d6c288ee73d439bab26dd006ffee7af3 29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2 Loading...

HTTP Transactions (52)

URL IP Response Size

139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

139.224.71.20

200

737 B

URL User Request GET HTTP/1.1
139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
HTML document, Unicode text, UTF-8 text
Size
737 B (737 bytes)
Hash
5df24d38e841d4430cb987a3139d43cb
c1e1aa8771f130d6947bdd2369e341e18fbb9f3f
d7dd90ed64f33430ff1486cb16c8c747b2d95926e864efcde3da1a80edeb4f9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Executable Download from dotted-quad Host

HTTP Headers

GET /update/Riot_R3nzSkin13.14.1.exe HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PROJECT_CODE=winery01; Max-Age=2592000; Expires=Fri, 03-Jan-2025 02:20:35 GMT; Path=/; HttpOnly
PROJECT_ENV=pro; Max-Age=2592000; Expires=Fri, 03-Jan-2025 02:20:35 GMT; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Language: en-US
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/css/uiwidget.css

139.224.71.20

200 OK

37 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/uiwidget.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37268 bytes)
Hash
b4b0efd4a776c85a67262eff069bf09e
36770e164d010326d1af28c8f5253297f0c4f4e5
c288a4eb622ae715c5922c9ec664281450eec9b5045798c0b4f8ae78da5cec08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/uiwidget.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:35 GMT
Content-Type: text/css
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-3b15a"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/vue.router.min.js

139.224.71.20

200 OK

10 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/vue.router.min.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (29066)
Size
10 kB (10052 bytes)
Hash
da0f70a9594012e25fe1d45fe114b797
95d3d395c16f90bd98edfa0c8acbf0446e46786f
0ecdeb17aed1657e9a867314334ecde140e6f90a04ec87fd9a736c1608abf5f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/vue.router.min.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-71d0"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/VueManifest.js

139.224.71.20

200 OK

4.0 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/VueManifest.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (12317), with no line terminators
Size
4.0 kB (4015 bytes)
Hash
3a4c02008bd820026ec3cd367815d3df
6622101365ff42b9c1dc7a43c53fb0337225eb09
03856ea36aaea57ff885de3bd979157e50eaa8ee5efe7fcaca29cbf1de634e7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/VueManifest.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-301d"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/css/app.css

139.224.71.20

200 OK

22 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/app.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
22 kB (22191 bytes)
Hash
01c5933a853d78b3bbe78f358debb184
8b4c5279e5ce938808b3327405273098effaa694
855a0e4e0a86ccd8af186aba3c92976dae74c111efc050e17b1cce29d5b7a609

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/app.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:35 GMT
Content-Type: text/css
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-2d277"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/polyfill.min.js

139.224.71.20

200 OK

35 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/polyfill.min.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31999), with LF, NEL line terminators
Size
35 kB (35035 bytes)
Hash
45b9836beb16da615f0a74ead7c4b40c
fb7a461636866804fc4e0f55642384a9b522b917
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/polyfill.min.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:35 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-19873"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/vuex.min.js

139.224.71.20

200 OK

3.9 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/vuex.min.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12421)
Size
3.9 kB (3872 bytes)
Hash
88c7e1893e1d6de8543e4cacc90f12eb
ee4a39d021e8663c79da3f158f2c7a86559ddc9f
ddbc8396f8881c01e141534fde04bc67fddb7062f9f8ea31d903e8c236c5bfaf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/vuex.min.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:35 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-30ca"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/vue.min.js

139.224.71.20

200 OK

34 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/vue.min.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (65449)
Size
34 kB (34315 bytes)
Hash
fb192338844efe86ec759a40152fcb8e
e55df1f7d6c288ee73d439bab26dd006ffee7af3
29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/vue.min.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-16de6"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/app.js

139.224.71.20

200 OK

135 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/app.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61855), with no line terminators
Size
135 kB (135307 bytes)
Hash
948bdef42c04cda902051449940fb943
10e2c75a6ea62cb95547ebe26bb3079bf6895952
698b77fb013a7455876d7579309ff6aeee140afdf94d443b135b105e6b463167

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/app.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-898e3"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/vendor.js

139.224.71.20

200 OK

94 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/vendor.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
94 kB (94409 bytes)
Hash
13f0efa24aa7d1b311cd92c595ceb8cc
3a67221bf3fe9682f35dd34cd44a32a120263ded
d6162bd3fdea207db9868ae775669cf4b4d0b26c9a128599aaad95de83f56a05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/vendor.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-4c316"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/uiwidget.js

139.224.71.20

200 OK

413 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/uiwidget.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
Unicode text, UTF-8 text, with very long lines (65286), with no line terminators
Size
413 kB (412754 bytes)
Hash
ac1bdc29d4af533927ddbba7bc75e72b
d3f7c6f9ddc4cf54fc56485c103c0d072db48f8d
1f3055f7992a7e3a5c6178047f37f9063751a7f6c1fb6642c57962e7b8be78dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/uiwidget.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-171cf1"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/Common-clientMyOrderPayFailed.js

139.224.71.20

200 OK

5.0 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/Common-clientMyOrderPayFailed.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4983), with no line terminators
Size
5.0 kB (4996 bytes)
Hash
85befd5a75aebdaa4283314ad614f1f5
049f2bcee6bd95634a9e1e6c257ea20a48444af8
717827205046fc06591936c2f1e0d6f49f141c731bf57c342291fe1fa949cc06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/Common-clientMyOrderPayFailed.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/javascript
Content-Length: 4996
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-1384"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/css/common.css

139.224.71.20

200 OK

17 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/common.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (56994), with no line terminators
Size
17 kB (17008 bytes)
Hash
a7d249f2ee3066ec959b6384b20c2656
8e9ead15a56d3a7734aa72c161c0471b97dee700
4bb4cc33101dadc4e4380a5e723686b999114304bed9372b1586e93780741f8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/common.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: text/css
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-dea2"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/QRcode.js

139.224.71.20

200 OK

8.6 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/QRcode.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (32366), with no line terminators
Size
8.6 kB (8641 bytes)
Hash
c3764027f9231750808f652efa6a8db3
3ac81ef7e71ab3fc91f7dd43bae7e48350327530
cc3c7e3a189306dc6362fa70aa8112d7975dc00c9bc73fd8d484c4032652bfe3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/QRcode.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-7e6e"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/css/Common-clientMyOrderPayFailed.css

139.224.71.20

200 OK

3.4 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/Common-clientMyOrderPayFailed.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (3377), with no line terminators
Size
3.4 kB (3377 bytes)
Hash
3645092848abdb9ea2f4d427dffc69c3
38fc98fd4d2eefc4d96ca133b5f651a4bed5d388
fefb2d7991ff472d9bd9a3fd08a9302a1963cc845245bdf25ccfd12eb23ddd9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/Common-clientMyOrderPayFailed.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: text/css
Content-Length: 3377
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-d31"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/js/FormCreate.js

139.224.71.20

200 OK

1.5 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/FormCreate.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (1498), with no line terminators
Size
1.5 kB (1498 bytes)
Hash
15cc52e3e2842e2551f5609212801197
d1fa47fd3ab174a68e699786222f8238ee37d23f
8cd69acddf0e43e7032db47582dcca9d3d7f3576a14c0add98f6a0e498e75362

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/FormCreate.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/javascript
Content-Length: 1498
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-5da"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/css/Common-Popup.css

139.224.71.20

200 OK

2.7 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/Common-Popup.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (6653)
Size
2.7 kB (2696 bytes)
Hash
04a47a013dbebf9f57e32ea7d583023c
861d0f6217bfa581144146b930f22dab64303dc6
4d599ade23a86e58ebc801667af40100b8fafb13e80c74d047d9624c73dc7b3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/Common-Popup.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: text/css
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-1a77"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/Common-Popup.js

139.224.71.20

200 OK

4.6 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/Common-Popup.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12293), with no line terminators
Size
4.6 kB (4641 bytes)
Hash
a51f4b63046c39a9f9f6e7ef33f8e295
0f38f58442af32eb58aeda127c0064d3997a19ba
a8b8da58d2f1d33e1a576c98e4cd51cca6eb8ce0741377d685e759c98adb4622

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/Common-Popup.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-3191"
Content-Encoding: gzip

139.224.71.20/website/api/systemSetting/setProjectCode?projectCode=winery01

139.224.71.20

200

109 B

URL GET HTTP/1.1
139.224.71.20/website/api/systemSetting/setProjectCode?projectCode=winery01
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
109 B (109 bytes)
Hash
e2532a2d509e1c9feaceb3fed38e2743
e406f52cbb98aff0e6ba2345dd9fc49d5a8baaad
70b6e798cda25aceb92c035af846349d2bbd2e11afed1c2f9e719dfda4d6c475

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/systemSetting/setProjectCode?projectCode=winery01 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 109
Connection: keep-alive
Set-Cookie: PROJECT_CODE=winery01; Max-Age=2592000; Expires=Fri, 03-Jan-2025 02:20:39 GMT; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/website/api/content/getByChannelCode?channelCode=WebSiteCommon

139.224.71.20

200

2.0 kB

URL GET HTTP/1.1
139.224.71.20/website/api/content/getByChannelCode?channelCode=WebSiteCommon
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
2.0 kB (2032 bytes)
Hash
782265e9d2589c1e99e620eeb2ec0c5d
92c0bc512d2ab181ea167da39bdc1e968c409425
0fa0a7f2d65ad9c6f89325ea57883961bbb2dbdf30af0794264654dfe7fdb798

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/content/getByChannelCode?channelCode=WebSiteCommon HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

139.224.71.20/website/api/content/getByChannelCode?channelCode=NavigationCommon

139.224.71.20

200

5.0 kB

URL GET HTTP/1.1
139.224.71.20/website/api/content/getByChannelCode?channelCode=NavigationCommon
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
5.0 kB (4981 bytes)
Hash
582141dd4ec38b450eb6715127a2fa12
91236a757f075e609adcb1e437f646a7457f4b9c
be0f6639e3ce03a75ba750d8458f64788afbba1cde8f4f69b5c02bb309d0e2e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/content/getByChannelCode?channelCode=NavigationCommon HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 4981
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/website/api/systemSetting/getProwerBySwitch

139.224.71.20

200

212 B

URL GET HTTP/1.1
139.224.71.20/website/api/systemSetting/getProwerBySwitch
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
212 B (212 bytes)
Hash
2a53718ff8b04c1bfa33abbdc726aa47
2cfd757200eb3c862bd3fd3838375acae5bf8f46
d7c0ea7a58377a8c17504ac23835302806b8c395ca03be3191d38a545d112ab8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/systemSetting/getProwerBySwitch HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 212
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/resource/assets/winery01/view/v3/js/common.js

139.224.71.20

200 OK

165 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/common.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65488), with no line terminators
Size
165 kB (164641 bytes)
Hash
5d794ce45dfd61461e3273bf8ab5dac0
afb85fa94e805835cce1f717d490135adc1155b4
d5ebe8b82c70ca6e7b86aa09e53b73e54ecb971441294cb670ec1d1fb1eda897

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/common.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-92b7c"
Content-Encoding: gzip

139.224.71.20/website/api/memberInfo/getVerifiCode?timeStamp=17332788400261

139.224.71.20

200

2.1 kB

URL GET HTTP/1.1
139.224.71.20/website/api/memberInfo/getVerifiCode?timeStamp=17332788400261
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x40, components 3
Size
2.1 kB (2095 bytes)
Hash
87499dc3578d441d8e091af1f9106dfa
20d7190e420eab4dc963e26bf86a2f33d19ffa8a
66d92fd855515fc4094f8d3a9b38af54d241e266a5e1fa7b91d435c539889b52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/memberInfo/getVerifiCode?timeStamp=17332788400261 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/website/api/code/image?deviceId=1733278840024

139.224.71.20

200

1.2 kB

URL GET HTTP/1.1
139.224.71.20/website/api/code/image?deviceId=1733278840024
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 67x23, components 3
Size
1.2 kB (1247 bytes)
Hash
7c31f14cc85c128635c17b1baa8eff1b
ba9e5cf2f2d38b34f23e3c975678f05dd7f9e147
c9257155d8d881e11c0d77463a1077820d00479f8a26f865a759c88206feafe8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/code/image?deviceId=1733278840024 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/website/api/memberInfo/getVerifiCode?timeStamp=17332788400262

139.224.71.20

200

2.2 kB

URL GET HTTP/1.1
139.224.71.20/website/api/memberInfo/getVerifiCode?timeStamp=17332788400262
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x40, components 3
Size
2.2 kB (2220 bytes)
Hash
4b1ece69f88a6ff273ec18c251256484
fddebdbb2d9fad5af53b5420eb0c0f68d55d126e
0b455d6e0099a6f3ff3d4190f26cf2842ae74c2204222b8c8819b909c7b08598

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/memberInfo/getVerifiCode?timeStamp=17332788400262 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/website/api/memberInfo/getVerifiCode?timeStamp=1733278840020

139.224.71.20

200

2.4 kB

URL GET HTTP/1.1
139.224.71.20/website/api/memberInfo/getVerifiCode?timeStamp=1733278840020
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x40, components 3
Size
2.4 kB (2352 bytes)
Hash
e3741ab1e135af9027e0221516331bb5
8a9e6d7876ff29001b7acd13a2d447875d5eb2a2
5962d6d20e48c958685a9430a1f200bf5e3daff2f24d9c9247608a6b6423eaa8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/memberInfo/getVerifiCode?timeStamp=1733278840020 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/resource/pro/photo/gtx95xmzs9m83gswozb9r3x7imvialqg.png

139.224.71.20

200 OK

4.3 kB

URL GET HTTP/1.1
139.224.71.20/resource/pro/photo/gtx95xmzs9m83gswozb9r3x7imvialqg.png
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
PNG image data, 120 x 88, 8-bit/color RGBA, non-interlaced
Size
4.3 kB (4266 bytes)
Hash
bb04f7c57a621ebd4bfb23b295d2874d
c083b7661c3db9a505e2058288126f3ec40d1b69
70ea720e7ee32942f05685fcd3651f6c072e8732bc784d2c9140e39fa4a302c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/pro/photo/gtx95xmzs9m83gswozb9r3x7imvialqg.png HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:40 GMT
Content-Type: image/png
Content-Length: 4266
Last-Modified: Thu, 19 Oct 2023 06:05:35 GMT
Connection: keep-alive
ETag: "6530c72f-10aa"
Accept-Ranges: bytes

139.224.71.20/website/api/dict/valmap

139.224.71.20

200

59 kB

URL GET HTTP/1.1
139.224.71.20/website/api/dict/valmap
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
59 kB (58974 bytes)
Hash
b4007ce0a852fdb20ad788a520849119
5d8d68cbe5287165f4a0ef95159b3643b7889ba1
2f8ebe931605f0df0dbde71c2fd60d19ef57fa1da5ef03fd26fbf41337426119

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/dict/valmap HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:39 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

139.224.71.20/website/api/channel/getAll?channelName=winery01

139.224.71.20

200

882 B

URL GET HTTP/1.1
139.224.71.20/website/api/channel/getAll?channelName=winery01
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
882 B (882 bytes)
Hash
a5a94feba2e72431255f909d37813127
5d2f95c427dd1bcb99ca72baa2b46f081d2ae5b7
65cad621684de451cf7d94c3c3c0f6da5acd402bc7b84dc3a24040bb6212a3d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/channel/getAll?channelName=winery01 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

139.224.71.20/website/api/systemSetting/setLanguage

139.224.71.20

200

109 B

URL POST HTTP/1.1
139.224.71.20/website/api/systemSetting/setLanguage
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
109 B (109 bytes)
Hash
7f7d7303ca5d9fafa5f242155c171a4a
47c3b88fb3e2f176d55f4ee0291d7db402ef302c
85eea6956037ea7fa2810c624bdbe741c1cfdb4d8d26646d5584b2e2c631b0f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /website/api/systemSetting/setLanguage HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 20
Origin: http://139.224.71.20
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 109
Connection: keep-alive
Set-Cookie: LANGUAGE=zh-CN; Max-Age=2592000; Expires=Fri, 03-Jan-2025 02:20:41 GMT; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/resource/assets/winery01/view/v3/js/AsyncPage-Abnormal404.js

139.224.71.20

200 OK

2.7 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/AsyncPage-Abnormal404.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (2700), with no line terminators
Size
2.7 kB (2700 bytes)
Hash
fba3c7dffac2841e94a4d87ea6e1e15f
3aae427f24b1f2ec3480f5bb720d5de1e5fcf258
5cc84e0e9ed4a0a6c469f352013a11bd9aad172db9f01bec313280c7f24a7536

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/AsyncPage-Abnormal404.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: application/javascript
Content-Length: 2700
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-a8c"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditText.js

139.224.71.20

200 OK

2.4 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditText.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6520), with no line terminators
Size
2.4 kB (2373 bytes)
Hash
5e8ac887a5c698d8bc45a7e089e4365a
13c93cb67b1caefdbd546701228c32aa90e7cd63
24a126a4f22e3d1bd1b2302f322f75c52716bbcfb6a5a31ba5784dae4c7349da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/ContentEditText.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-198a"
Content-Encoding: gzip

139.224.71.20/website/api/websiteStats/add

139.224.71.20

200

109 B

URL POST HTTP/1.1
139.224.71.20/website/api/websiteStats/add
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
109 B (109 bytes)
Hash
d325e3c034e8b4ca999f3680cf8b46ae
16f2faaa76843115757a730b8192a5842a525342
ce6b8962af57124f9badeb14cf4552155a0a9f17862a02715829e63231566487

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /website/api/websiteStats/add HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 45
Origin: http://139.224.71.20
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 109
Connection: keep-alive
Set-Cookie: cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP; Max-Age=946080000; Expires=Fri, 27-Nov-2054 02:20:41 GMT; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/resource/assets/winery01/view/v3/css/AsyncPage-Abnormal404.css

139.224.71.20

200 OK

161 B

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/AsyncPage-Abnormal404.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with no line terminators
Size
161 B (161 bytes)
Hash
319f9cda80662f067462866e2035cb20
d748b04de07fc916a69773f81ca6720c5ca02002
7423f7c93e1dcfe691334feca6be829d287fe082dd233ac64b8b80f5eb8f56e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/AsyncPage-Abnormal404.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: text/css
Content-Length: 161
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-a1"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/css/ContentEditText.css

139.224.71.20

200 OK

1.2 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/ContentEditText.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (1151), with no line terminators
Size
1.2 kB (1151 bytes)
Hash
1729025bbdc82c8479c120123b2d197f
4417e406316539633a8706e77548ce5d7d14f866
20823ab99ebad6c9116ed46c71fa6ff9e4fff84cdd3458371468fcbd04fa196c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/ContentEditText.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: text/css
Content-Length: 1151
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-47f"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/css/ContentEditImage.css

139.224.71.20

200 OK

1.2 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/ContentEditImage.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (1178), with no line terminators
Size
1.2 kB (1178 bytes)
Hash
a256674e4e3bd28e99a7075a3da95331
1cd6d1fa34be94f7277b002997ee602b6c37774c
14c361d48ee02bbc31dc692477f0a877a5865737c33f5c4b285938012bfe5a2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/ContentEditImage.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:41 GMT
Content-Type: text/css
Content-Length: 1178
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-49a"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/css/CustomRouterLink.css

139.224.71.20

200 OK

403 B

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/CustomRouterLink.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (403), with no line terminators
Size
403 B (403 bytes)
Hash
6b3e863d388fad31bee492248211615e
5e7718e52d4f98fe5284ba539c6dcaa086d7cffe
898534491f493898e2cb4a7b9bc9ae55f42e234d2d232b0ea6558a7eef22b467

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/CustomRouterLink.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: text/css
Content-Length: 403
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-193"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImage.js

139.224.71.20

200 OK

2.6 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImage.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7007), with no line terminators
Size
2.6 kB (2580 bytes)
Hash
a31edbed35713f5879ac38a2d8258d30
74983013d78f1e748bd715a1cf9a18a63ea378e2
43495a2349e153f93ddb958205c1167271951c905224dc2d42b9787a92b3ba9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/ContentEditImage.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-1b77"
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/js/CustomRouterLink.js

139.224.71.20

200 OK

4.6 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/CustomRouterLink.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (4596), with no line terminators
Size
4.6 kB (4596 bytes)
Hash
a86a3a720f371e7b6f8b9131b2ac84d5
db73537764f1b1e36c27ce733bb2ca76263fee7a
4eafefcf72a9fa33995cc9232c7390fbae1f0b6158602885efc743868f0351fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/CustomRouterLink.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: application/javascript
Content-Length: 4596
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-11f4"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImageAndVideo.js

139.224.71.20

200 OK

2.2 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/ContentEditImageAndVideo.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (2195), with no line terminators
Size
2.2 kB (2195 bytes)
Hash
34cf0df02bdacd69131adb0497114752
46febb6aefb2838448f7e17fa5fcbf5638ae5e7f
a62eb1423fb36de8a264e746da71471a0786036ea81c2ee0c869e9e858e56673

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/ContentEditImageAndVideo.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: application/javascript
Content-Length: 2195
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-893"
Accept-Ranges: bytes

139.224.71.20/website/api/content/getByChannelCode?channelCode=Abnormal404

139.224.71.20

200

3.9 kB

URL GET HTTP/1.1
139.224.71.20/website/api/content/getByChannelCode?channelCode=Abnormal404
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JSON text data
Size
3.9 kB (3867 bytes)
Hash
3181b463aa7577cf56d5cabb5230d520
617ad5a4492910cfaded0278295e2050929f7fb0
d2bcc0adb476a20f05f116bb42722399d4eba7ad6040ec543a4cbbc208947489

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /website/api/content/getByChannelCode?channelCode=Abnormal404 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 3867
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

139.224.71.20/resource/assets/winery01/view/v3/css/ContentEditImageAndVideo.css

139.224.71.20

200 OK

117 B

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/ContentEditImageAndVideo.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with no line terminators
Size
117 B (117 bytes)
Hash
436923a9779af00bb49768de9310f2ee
09b4e1edb3959308774f07731ffe5134b3c49d7d
18f7cfa3559b6bd3be761197bca3bf8459634ff9085f42cad1a6cbfdd978e444

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/ContentEditImageAndVideo.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: text/css
Content-Length: 117
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-75"
Accept-Ranges: bytes

139.224.71.20/resource/pro/photo/gtx95xmzs9m83gswozb9r3x7imvialqg.png

139.224.71.20

200 OK

4.3 kB

URL GET HTTP/1.1
139.224.71.20/resource/pro/photo/gtx95xmzs9m83gswozb9r3x7imvialqg.png
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
PNG image data, 120 x 88, 8-bit/color RGBA, non-interlaced
Size
4.3 kB (4266 bytes)
Hash
bb04f7c57a621ebd4bfb23b295d2874d
c083b7661c3db9a505e2058288126f3ec40d1b69
70ea720e7ee32942f05685fcd3651f6c072e8732bc784d2c9140e39fa4a302c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/pro/photo/gtx95xmzs9m83gswozb9r3x7imvialqg.png HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: image/png
Content-Length: 4266
Last-Modified: Thu, 19 Oct 2023 06:05:35 GMT
Connection: keep-alive
ETag: "6530c72f-10aa"
Accept-Ranges: bytes

139.224.71.20/resource/pro/photo/r0goe4kafyllpv0gfh83axnzxu8ejcja.png

139.224.71.20

200 OK

634 B

URL GET HTTP/1.1
139.224.71.20/resource/pro/photo/r0goe4kafyllpv0gfh83axnzxu8ejcja.png
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
634 B (634 bytes)
Hash
b88a2254f471d42df9307891e7e163ff
3cc219e18088c2c0b3aabf8e22bebcb8a32d8c4c
31ed0ad2ae28399fc0e2aa305af99d850804b2198e4b2930ffdf00edecc67ea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/pro/photo/r0goe4kafyllpv0gfh83axnzxu8ejcja.png HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: image/png
Content-Length: 634
Last-Modified: Thu, 19 Oct 2023 06:05:35 GMT
Connection: keep-alive
ETag: "6530c72f-27a"
Accept-Ranges: bytes

139.224.71.20/update/undefined

139.224.71.20

200

737 B

URL GET HTTP/1.1
139.224.71.20/update/undefined
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
HTML document, Unicode text, UTF-8 text
Size
737 B (737 bytes)
Hash
5df24d38e841d4430cb987a3139d43cb
c1e1aa8771f130d6947bdd2369e341e18fbb9f3f
d7dd90ed64f33430ff1486cb16c8c747b2d95926e864efcde3da1a80edeb4f9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /update/undefined HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Language: en-US
Content-Encoding: gzip

139.224.71.20/resource/assets/winery01/view/v3/css/ImageLayout.css

139.224.71.20

200 OK

1.2 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/css/ImageLayout.css
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
ASCII text, with very long lines (1186), with no line terminators
Size
1.2 kB (1186 bytes)
Hash
f3b23014705f583c0507ca0a80085bf6
a216d2d2783cc87f8f97139e7e95c0a959989c6c
9f835756388cdf3e86e54d60e936ace12da298adbe09fba965d423f24845d3ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/css/ImageLayout.css HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: text/css
Content-Length: 1186
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-4a2"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/js/ImageLayout.js

139.224.71.20

200 OK

2.4 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/js/ImageLayout.js
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JavaScript source, ASCII text, with very long lines (6526), with no line terminators
Size
2.4 kB (2375 bytes)
Hash
cb1faaaad925414b56f73d006e5e4a29
3a766c05b3595bbe29e100deb70516d12f761f20
00ee878afbdd3a1ab41c083fced179829dfadb9464b045b21c1170b410759467

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/js/ImageLayout.js HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: application/javascript
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6530be7d-197e"
Content-Encoding: gzip

139.224.71.20/resource/pro/photo/5vdvq02spo7mu09xfhp7boqv7a3zsw8w.png

139.224.71.20

200 OK

14 kB

URL GET HTTP/1.1
139.224.71.20/resource/pro/photo/5vdvq02spo7mu09xfhp7boqv7a3zsw8w.png
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
PNG image data, 110 x 110, 8-bit/color RGBA, non-interlaced
Size
14 kB (14256 bytes)
Hash
fcee632d6ef5f47073ddb07004f9be6d
fa6ce31fd40769368136b0b97dcf761d443b167f
927bdf8c382976943cb3b9f32e8fb51b65b23ef2bc5b82f4dedb684ad274fc3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/pro/photo/5vdvq02spo7mu09xfhp7boqv7a3zsw8w.png HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: image/png
Content-Length: 14256
Last-Modified: Thu, 19 Oct 2023 06:05:35 GMT
Connection: keep-alive
ETag: "6530c72f-37b0"
Accept-Ranges: bytes

139.224.71.20/resource/assets/winery01/view/v3/fonts/iconfont.woff2

139.224.71.20

200 OK

15 kB

URL GET HTTP/1.1
139.224.71.20/resource/assets/winery01/view/v3/fonts/iconfont.woff2
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
Web Open Font Format (Version 2), TrueType, length 14732, version 1.0
Size
15 kB (14732 bytes)
Hash
9823ca8ea96bf09ce942fb0628a7015e
d22ff618d372ce19fb62f4e2632f5f4de080096a
f036c470c999a171ed9b070b27f97e371e4ac19b549836fc2bf1684df0b6eea7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/assets/winery01/view/v3/fonts/iconfont.woff2 HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/resource/assets/winery01/view/v3/css/app.css
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: font/woff2
Content-Length: 14732
Last-Modified: Thu, 19 Oct 2023 05:28:29 GMT
Connection: keep-alive
ETag: "6530be7d-398c"
Accept-Ranges: bytes

139.224.71.20/resource/pro/photo/h0n455xaryu3fvffr4iqnifchvgqr37s.png

139.224.71.20

200 OK

156 kB

URL GET HTTP/1.1
139.224.71.20/resource/pro/photo/h0n455xaryu3fvffr4iqnifchvgqr37s.png
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
PNG image data, 733 x 694, 8-bit/color RGBA, non-interlaced
Size
156 kB (156069 bytes)
Hash
fca881f2b941440e24d55af9774792e3
6390971a5ae5f0248ff29142c0d2992a752f3460
e5b81b047f7f7a344374200e52a148454ce51b43e8347c8e6940d54c008a7a03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/pro/photo/h0n455xaryu3fvffr4iqnifchvgqr37s.png HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: image/png
Content-Length: 156069
Last-Modified: Thu, 19 Oct 2023 06:05:35 GMT
Connection: keep-alive
ETag: "6530c72f-261a5"
Accept-Ranges: bytes

139.224.71.20/resource/pro/photo/qj76walvvyw2nnbllcbd1s1rausmioho.jpg

139.224.71.20

200 OK

574 kB

URL GET HTTP/1.1
139.224.71.20/resource/pro/photo/qj76walvvyw2nnbllcbd1s1rausmioho.jpg
IP
139.224.71.20:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2500x521, components 3
Size
574 kB (573940 bytes)
Hash
735dd53ec7b359cca647b1898f168bab
693f60176fd49f6a5de6d1c2f310b578651d8eb9
1cc252d2e1a889804434beb31b50cfb31668feb835b745f5ad3bffc1cf5816fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resource/pro/photo/qj76walvvyw2nnbllcbd1s1rausmioho.jpg HTTP/1.1
Host: 139.224.71.20
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.224.71.20/update/Riot_R3nzSkin13.14.1.exe
Cookie: PROJECT_CODE=winery01; PROJECT_ENV=pro; LANGUAGE=zh-CN; cookieId=7Q4QAUBH3XR3R27Q4S4FF9KVIHQQZ2QP
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Wed, 04 Dec 2024 02:20:42 GMT
Content-Type: image/jpeg
Content-Length: 573940
Last-Modified: Thu, 19 Oct 2023 06:05:35 GMT
Connection: keep-alive
ETag: "6530c72f-8c1f4"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML