Report - 211.24.72.22

Report Overview

Visited public
2024-03-01 20:15:28
Tags
URL
211.24.72.22
Finishing URL
211.24.72.22/sslvpn_logon.shtml
IP / ASN
211.24.72.22
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al
Title
User Authentication

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
211.24.72.22	unknown	unknown	No data	No data	4.6 kB	68 kB	211.24.72.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed
2024-03-01	medium	211.24.72.22	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	211.24.72.22/sslvpn_logon.shtml	ScriptElement	1.4 kB	2023-06-08	2025-01-31
Pretty URL 211.24.72.22/sslvpn_logon.shtml IP 211.24.72.22 ASN #9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-08 10:32 Last Seen2025-01-31 11:15 Times Seen8 Hash 88f7e2c59a4da7196d640446fb475c49 825f411ff145173c7f0587828da36eeff445edd9 49b4dc11fe3c8bdb56f03dbb4e191d9c1f32320b3ab3f0f915771779efc09b72 Loading...

	unknown	EventHandler	31 B	2023-06-08	2025-01-31
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-06-08 10:32 Last Seen2025-01-31 11:15 Times Seen8 Hash 0629a2d82713d318cf36ff7148926d2e 9a053a4e8a4713fb7ddcdb851c75063d4c031476 7bf009a481c26a54f40999ff39a6d9804d3213f7bc1a4fe61260f6d3e4ad9f85 Loading...

	211.24.72.22/sslvpn_logon.shtml	ScriptElement	336 B	2023-06-08	2025-01-31
Pretty URL 211.24.72.22/sslvpn_logon.shtml IP 211.24.72.22 ASN #9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-08 10:32 Last Seen2025-01-31 11:15 Times Seen8 Hash c69d25238876c6a2a7b6e0cb6685b243 f2ea681679832c226cdf04fa4d713a933b6c6622 445414f179df1dd92dca04e72c9157469d7d1e0a0255b24e163c6729721905a8 Loading...

	211.24.72.22/sslvpn_logon.shtml	ScriptElement	56 B	2023-06-08	2025-01-31
Pretty URL 211.24.72.22/sslvpn_logon.shtml IP 211.24.72.22 ASN #9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-08 10:32 Last Seen2025-01-31 11:15 Times Seen8 Hash a896467540c0b47b1c645933ecc80dd2 8881d4fb68dd97374c4c774935e40c6266079a15 3a3a3d75897143df3794637c8f687e6ec8b9ac5a57e5d2398383619b974cf97b Loading...

	211.24.72.22/scripts/general.js	ScriptElement	24 kB	2023-06-08	2025-01-31
Pretty URL 211.24.72.22/scripts/general.js IP 211.24.72.22 ASN #9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-08 10:32 Last Seen2025-01-31 11:15 Times Seen8 Hash 60b2ed7ab18b5d404b6e79b6d68b8183 03653f5fcb1c95b68693749ad0d96836a089e1a7 0ef39f3e25b279f2329766f39ff96d41545a3ca178ac2aa67ae6e9f72d9013fa Loading...

HTTP Transactions (10)

URL IP Response Size

211.24.72.22/

211.24.72.22

727 B

URL
211.24.72.22/
IP
211.24.72.22:0
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

File type
HTML document, ASCII text
Size
727 B (727 bytes)
Hash
b24d2790652e876e8e81d00a49e7762a
0c6874e24dd8de16f9bd219ee1fc71059b55c260
727f5c7ab6f84e7a7c9f857ac25fae2daa1fb30aa45bba5964221085f77df6b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:40 GMT
Content-Type: text/html
Content-Length: 727
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-2d7"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/wgcgi.cgi?action=sslvpn_web_logon&fw_logon_type=status

211.24.72.22

302 Moved Temporarily

0 B

URL User Request GET HTTP/1.1
211.24.72.22/wgcgi.cgi?action=sslvpn_web_logon&fw_logon_type=status
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wgcgi.cgi?action=sslvpn_web_logon&fw_logon_type=status HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Fri, 01 Mar 2024 18:37:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: /./sslvpn_logon.shtml
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'

211.24.72.22/favicon.ico

211.24.72.22

200 OK

727 B

URL GET HTTP/1.1
211.24.72.22/favicon.ico
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
HTML document, ASCII text
Size
727 B (727 bytes)
Hash
b24d2790652e876e8e81d00a49e7762a
0c6874e24dd8de16f9bd219ee1fc71059b55c260
727f5c7ab6f84e7a7c9f857ac25fae2daa1fb30aa45bba5964221085f77df6b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:41 GMT
Content-Type: text/html
Content-Length: 727
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-2d7"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/sslvpn_logon.shtml

211.24.72.22

200 OK

13 kB

URL User Request GET HTTP/1.1
211.24.72.22/sslvpn_logon.shtml
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
HTML document, ASCII text
Size
13 kB (13084 bytes)
Hash
aae14dde7b5ac325003f61ea8019cda3
beb78edf10df9f4628fd765ca40def9c9686af9a
a47bbe9c0a055ba31507d36a478cff9bc11a3e54b7d2677da350c4a9aa2a5f31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sslvpn_logon.shtml HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://211.24.72.22/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'

211.24.72.22/style/styles.css

211.24.72.22

200 OK

12 kB

URL GET HTTP/1.1
211.24.72.22/style/styles.css
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
assembler source, ASCII text
Size
12 kB (11664 bytes)
Hash
64bb7ba330d65deea6f47066e001c62f
947c46350d21f6e7ce74b6ce69bb30d839e73eb7
7642c4f49d46df697fcfca96142dc5a061d51c7340f5b128e3f1a6b1a72a4846

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style/styles.css HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/sslvpn_logon.shtml
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:42 GMT
Content-Type: text/css
Content-Length: 11664
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-2d90"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/style/fonts.css

211.24.72.22

200 OK

672 B

URL GET HTTP/1.1
211.24.72.22/style/fonts.css
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
ASCII text
Size
672 B (672 bytes)
Hash
c3b25b0e81d52072f067a3da2b4a9b08
a5b7e2cb24912a9b611ae368ed16d6089be74b1e
7f165e3fb12e718dc4a5ed9723b3d47e13b5538614e1c557b37bb831b56bd938

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style/fonts.css HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/sslvpn_logon.shtml
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:42 GMT
Content-Type: text/css
Content-Length: 672
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-2a0"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/scripts/general.js

211.24.72.22

200 OK

24 kB

URL GET HTTP/1.1
211.24.72.22/scripts/general.js
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
C source, Unicode text, UTF-8 text
Size
24 kB (24545 bytes)
Hash
60b2ed7ab18b5d404b6e79b6d68b8183
03653f5fcb1c95b68693749ad0d96836a089e1a7
0ef39f3e25b279f2329766f39ff96d41545a3ca178ac2aa67ae6e9f72d9013fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/general.js HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/sslvpn_logon.shtml
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:42 GMT
Content-Type: application/javascript
Content-Length: 24545
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-5fe1"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/auth_portal/Default/logo.gif

211.24.72.22

200 OK

5.5 kB

URL GET HTTP/1.1
211.24.72.22/auth_portal/Default/logo.gif
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
GIF image data, version 89a, 200 x 65
Size
5.5 kB (5467 bytes)
Hash
94161f161dcfc7123963f711b8389b1f
7b7a76a355af443be97e71d8ec42c8ec94b51a15
81712fe94f010ab2b0e78b9e71ddfad9cec0d524f73303f3498d60178afece0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /auth_portal/Default/logo.gif HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/sslvpn_logon.shtml
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:43 GMT
Content-Type: image/gif
Content-Length: 5467
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-155b"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/images/pixel.gif

211.24.72.22

200 OK

43 B

URL GET HTTP/1.1
211.24.72.22/images/pixel.gif
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/pixel.gif HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/sslvpn_logon.shtml
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:43 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-2b"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

211.24.72.22/favicon.ico

211.24.72.22

200 OK

727 B

URL GET HTTP/1.1
211.24.72.22/favicon.ico
IP
211.24.72.22:443
ASN
#9930 TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al

Requested by
https://211.24.72.22/sslvpn_logon.shtml
Certificate
IssuerWatchGuard
SubjectFireware web CA
Fingerprint38:A4:B2:C2:43:6C:DE:B3:C5:48:98:DD:74:43:84:18:64:BB:8D:96
ValidityMon, 18 Dec 2023 04:31:33 GMT - Sat, 14 Jan 2034 04:31:33 GMT

File type
HTML document, ASCII text
Size
727 B (727 bytes)
Hash
b24d2790652e876e8e81d00a49e7762a
0c6874e24dd8de16f9bd219ee1fc71059b55c260
727f5c7ab6f84e7a7c9f857ac25fae2daa1fb30aa45bba5964221085f77df6b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 211.24.72.22
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://211.24.72.22/sslvpn_logon.shtml
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Mar 2024 18:37:43 GMT
Content-Type: text/html
Content-Length: 727
Last-Modified: Wed, 11 Jan 2023 04:33:38 GMT
Connection: keep-alive
ETag: "63be3c22-2d7"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash