Report - 139.196.176.63:8090/login

Report Overview

Visited public
2024-09-10 11:11:30
Tags
URL
139.196.176.63:8090/login
Finishing URL
139.196.176.63:8090/login
IP / ASN
139.196.176.63
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Title
JZ

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
139.196.176.63:8090	unknown	unknown	No data	No data	749 B	2.0 kB	139.196.176.63
apps.bdimg.com	91687	2010-03-22	2012-08-06 15:34:46	2024-08-22 21:30:27	347 B	55 kB	125.74.1.49
cdn.staticfile.org	46426	2013-03-29	2013-08-23 10:51:19	2024-09-02 12:01:32	423 B	529 B	156.225.111.20
cdn.staticfile.net	unknown	2015-06-19	2024-01-10 02:29:12	2024-08-29 15:29:50	425 B	94 kB	154.85.69.11
cdn.bootcdn.net	87757	2014-08-02	2019-03-12 17:59:36	2024-09-09 11:17:12	456 B	195 kB	154.85.69.11
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-09 18:12:09	327 B	887 B	2.21.240.216

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-10	medium	139.196.176.63	Sinkholed
2024-09-10	medium	staticfile.org	Sinkholed
2024-09-10	medium	139.196.176.63	Sinkholed
2024-09-10	medium	staticfile.net	Sinkholed
2024-09-10	medium	bootcdn.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	466 B	2023-06-03	2025-04-03
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-06-03 11:09 Last Seen2025-04-03 11:35 Times Seen4 Hash 564b9b99d4b0c0a814ff4a29b67ab268 4ff6adfb1fb9e5eb98c995a36604c2946f27cdbc b6bbcb73017319a4c16c8e53b65bde3981cb18b0e90d02eb5975bec5c02d5fd3 Loading...

	apps.bdimg.com/libs/angular.js/1.4.6/angular.min.js	ScriptElement	147 kB	2023-11-01	2025-04-01
Pretty URL apps.bdimg.com/libs/angular.js/1.4.6/angular.min.js IP 125.74.1.49 ASN #141998 China Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 08:51 Last Seen2025-04-01 01:00 Times Seen6 Hash d0054b3bcbf6cb4a29b4ae3dec935b67 d2e5e39be85f51c828be35b20d877f6b4c101add 6ef82bfa3ccf5eddbcf08a4117d6af932aac88b3b2c93b2afcc43f4b11deb967 Loading...

	unknown	Function	26 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:13 Last Seen2025-05-09 02:58 Times Seen127359 Hash 1c862db5f2555377c2dc1e62ed7b3981 c29e6dc25c08a70995127ec13ded6f80d9a36174 27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac Loading...

	cdn.staticfile.org/jquery/1.10.2/jquery.min.js	ScriptElement	93 kB	2023-03-07	2025-05-08
Pretty URL cdn.staticfile.org/jquery/1.10.2/jquery.min.js IP 156.225.111.20 ASN #35916 MULTA-ASN1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 17:31 Times Seen10306 Hash e0e0559014b222245deb26b6ae8bd940 e2f3603e23711f6446f278a411d905623d65201e 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e Loading...

	139.196.176.63:8090/login	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL 139.196.176.63:8090/login IP 139.196.176.63 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 04:03 Times Seen4633789 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	Function	385 B	2023-06-03	2025-04-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-06-03 11:09 Last Seen2025-04-16 07:20 Times Seen14 Hash 4cc0003161f5da7c63d6b232d77f6207 65bcf3ae6f17fb7a7e025654febbbaf5ccce039b 6200bae4817ebed10eba35d90c0d83f246cdaeb1af88bf9ea1ae181df68f2a86 Loading...

	unknown	Function	458 B	2023-06-03	2025-04-01
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-06-03 11:09 Last Seen2025-04-01 01:00 Times Seen3 Hash 61424d6ef6a0da8f1602e7ff80d480a8 bb76506d1dd3566079284061a813ce7dfb2caa01 ea44d298f073384cf5b41143d9bd657fe64198bc3b90d29192a36ba7fc9ee5b5 Loading...

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

2.21.240.216

504 B

URL
r10.o.lencr.org/
IP
2.21.240.216:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1c3c41e281d3e8bb44af37305931c141
edce6dc7a98423c1590cb07c2e97c61d0e6f396a
31a5b430ff645a4e9dbc799159c6f2154bab3cfcabed690d1074b3b1726db99f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "31A5B430FF645A4E9DBC799159C6F2154BAB3CFCABED690D1074B3B1726DB99F"
Last-Modified: Tue, 10 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5669
Expires: Tue, 10 Sep 2024 12:45:34 GMT
Date: Tue, 10 Sep 2024 11:11:05 GMT
Connection: keep-alive

139.196.176.63:8090/login

139.196.176.63

200

1.5 kB

URL User Request GET HTTP/1.1
139.196.176.63:8090/login
IP
139.196.176.63:8090
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.5 kB (1474 bytes)
Hash
8648415797d22f72c6a4763802ae997d
a8c221666ef2033a8b23ff5b9cf9f70b1672b4c8
cd86d28f61eca59438b517a3ae4b64d359f40e421913687ad513fb3272c7590c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 139.196.176.63:8090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
vary: accept-encoding
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Tue, 10 Sep 2024 11:11:05 GMT
Keep-Alive: timeout=60
Connection: keep-alive

apps.bdimg.com/libs/angular.js/1.4.6/angular.min.js

125.74.1.49

200 OK

54 kB

URL GET HTTP/1.1
apps.bdimg.com/libs/angular.js/1.4.6/angular.min.js
IP
125.74.1.49:80
ASN
#141998 China Telecom

Requested by
http://139.196.176.63:8090/login

File type
JavaScript source, ASCII text, with very long lines (540), with CRLF line terminators
Size
54 kB (54275 bytes)
Hash
d0054b3bcbf6cb4a29b4ae3dec935b67
d2e5e39be85f51c828be35b20d877f6b4c101add
6ef82bfa3ccf5eddbcf08a4117d6af932aac88b3b2c93b2afcc43f4b11deb967

HTTP Headers

GET /libs/angular.js/1.4.6/angular.min.js HTTP/1.1
Host: apps.bdimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.196.176.63:8090/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Tue, 10 Sep 2024 11:11:06 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 24 Sep 2024 07:07:09 GMT
Last-Modified: Thu, 08 Oct 2015 04:12:15 GMT
ETag: "5615ed1f-23f5b"
Cache-Control: max-age=2592000
Content-Encoding: gzip
Age: 797329
Accept-Ranges: bytes
Vary: Accept-Encoding
Ohc-Global-Saved-Time: Sun, 25 Aug 2024 07:07:09 GMT
Ohc-Cache-HIT: lz4ct62 [2], jnctcache62 [4]
Ohc-Response-Time: 1 0 0 0 0 0

cdn.staticfile.org/jquery/1.10.2/jquery.min.js

156.225.111.20

301 Moved Permanently

178 B

URL GET HTTP/2
cdn.staticfile.org/jquery/1.10.2/jquery.min.js
IP
156.225.111.20:443
ASN
#35916 MULTA-ASN1

Requested by
http://139.196.176.63:8090/login
Certificate
IssuerDigiCert Inc
Subject*.staticfile.org
Fingerprint04:4F:B9:B3:68:BF:B4:16:B7:18:CF:24:77:47:51:08:AE:EC:4B:B2
ValidityFri, 08 Sep 2023 00:00:00 GMT - Fri, 04 Oct 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery/1.10.2/jquery.min.js HTTP/1.1
Host: cdn.staticfile.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.196.176.63:8090/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 10 Sep 2024 11:11:07 GMT
content-type: text/html
content-length: 178
server: nginx/1.18.0 (Ubuntu)
location: https://cdn.staticfile.net/jquery/1.10.2/jquery.min.js
x-ser: BC16_US-California-Losangeles-17-cache-1, BC23_US-Virginia-Ashburn-1-cache-1, BC20_US-Virginia-Ashburn-1-cache-1
X-Firefox-Spdy: h2

139.196.176.63:8090/favicon.ico

139.196.176.63

404

118 B

URL GET HTTP/1.1
139.196.176.63:8090/favicon.ico
IP
139.196.176.63:8090
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://139.196.176.63:8090/login

File type
JSON text data
Size
118 B (118 bytes)
Hash
b9f1568eca77d7e348b6d9a7b76a1462
50b769f87aaba14fa709b6d1ddca76572b0196f9
5d565aa1b6d74ce31fbe09e8b33ad3dcb980ca3b9f26f122d0639b819c0bf443

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 139.196.176.63:8090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.196.176.63:8090/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/json
Transfer-Encoding: chunked
Date: Tue, 10 Sep 2024 11:11:08 GMT
Keep-Alive: timeout=60
Connection: keep-alive

cdn.staticfile.net/jquery/1.10.2/jquery.min.js

154.85.69.11

200 OK

93 kB

URL GET HTTP/2
cdn.staticfile.net/jquery/1.10.2/jquery.min.js
IP
154.85.69.11:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
http://139.196.176.63:8090/login
Certificate
IssuerSectigo Limited
Subject*.staticfile.net
Fingerprint69:36:7D:7F:EB:02:A1:B9:07:20:46:C4:E2:E9:19:E9:2F:F3:DC:E9
ValidityThu, 04 Jan 2024 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32072)
Size
93 kB (93100 bytes)
Hash
e0e0559014b222245deb26b6ae8bd940
e2f3603e23711f6446f278a411d905623d65201e
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery/1.10.2/jquery.min.js HTTP/1.1
Host: cdn.staticfile.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://139.196.176.63:8090/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 10 Sep 2024 11:11:08 GMT
content-type: text/javascript; charset=utf-8
server: nginx
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With,token
x-cloud-cdn: true
content-encoding: gzip
x-ser: BC68_lt-shandong-jining-8-cache-1, BC32_US-Michigan-chieago-1-cache-1, BC8_DE-Frankfurt-Frankfurt-11-cache-1
X-Firefox-Spdy: h2

cdn.bootcdn.net/ajax/libs/bootstrap/5.2.3/css/bootstrap.min.css

154.85.69.11

200 OK

195 kB

URL GET HTTP/2
cdn.bootcdn.net/ajax/libs/bootstrap/5.2.3/css/bootstrap.min.css
IP
154.85.69.11:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
http://139.196.176.63:8090/login
Certificate
IssuerSectigo Limited
Subject*.bootcss.com
FingerprintB5:66:89:E1:2E:94:11:B0:1A:CA:F8:23:1A:E1:62:94:A5:02:2E:65
ValidityWed, 03 Jan 2024 00:00:00 GMT - Sun, 02 Feb 2025 23:59:59 GMT

File type

Size
195 kB (194901 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/bootstrap/5.2.3/css/bootstrap.min.css HTTP/1.1
Host: cdn.bootcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.196.176.63:8090/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 10 Sep 2024 11:11:07 GMT
content-type: text/css; charset=utf-8
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=15780000
etag: W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
x-read-remote: true
content-encoding: gzip
x-ser: BC57_lt-neimenggu-huhehaote-55-cache-3, BC32_US-Michigan-chieago-1-cache-1, BC19_US-California-Losangeles-17-cache-1, BC5_DE-Frankfurt-Frankfurt-11-cache-1
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type