Report - jirui-edu.cn/robots.txt

Report Overview

Visited public
2025-02-22 01:17:39
Tags
URL
jirui-edu.cn/robots.txt
Finishing URL
jirui-edu.cn/robots.txt
IP / ASN
160.121.187.97
#137951 ASLINE LIMITED
Title
jirui-edu.cn/robots.txt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jirui-edu.cn	unknown	2021-08-03	2024-12-07	2025-01-19	1.1 kB	1.6 kB	160.121.187.97
155.159.182.93	unknown	unknown	No data	No data	4.1 kB	850 kB	155.159.182.93
hm.baidu.com	8254	1999-10-11	2012-05-26	2025-02-19	1.1 kB	12 kB	14.215.183.79
collect-v6.51.la	91421	2005-01-17	2021-03-08	2025-02-21	396 B	517 B	212.247.59.123

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-22 01:17:10	medium	155.159.182.93	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 25

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed
2025-02-22	medium	155.159.182.93	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	hm.baidu.com/hm.js?4b81b1ffb374d3ca8e68cb567b7ec91b	ScriptElement	30 kB	2025-02-22	2025-02-22
Pretty URL hm.baidu.com/hm.js?4b81b1ffb374d3ca8e68cb567b7ec91b IP 14.215.183.79 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-22 01:17 Last Seen2025-02-22 01:17 Times Seen1 Hash 3fa0fa34ae312a7a48598d5c867a71ed 2a419a58783cd446e770127895bccc36797b739e bead841a5660161368738e44e92591c1d0ef3f65a4cc8097658e542d4a769fbc Loading...

	jirui-edu.cn/qifei.js	ScriptElement	1.2 kB	2025-02-22	2025-02-22
Pretty URL jirui-edu.cn/qifei.js IP 160.121.187.97 ASN #137951 ASLINE LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-22 01:17 Last Seen2025-02-22 01:17 Times Seen1 Hash 71bc1b3066e9321e17cc505e5b8f0233 0aa394948bc1b4eb3bb72c11d7f515bc32b589ec dd23eb9e0510892d2256e350a752c2fe16d3771d8a3ccbbaeb96d882776563ea Loading...

	155.159.182.93:456/static/js/js-sdk-pro.min.js	ScriptElement	34 kB	2023-04-05	2025-05-23
Pretty URL 155.159.182.93:456/static/js/js-sdk-pro.min.js IP 155.159.182.93 ASN #137951 ASLINE LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:31 Last Seen2025-05-23 23:04 Times Seen8548 Hash 8fc0b01d35300e8398d6e957987c01e7 f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4 Loading...

	155.159.182.93:456/	ScriptElement	58 B	2023-10-13	2025-03-02
Pretty URL 155.159.182.93:456/ IP 155.159.182.93 ASN #137951 ASLINE LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:11 Last Seen2025-03-02 05:24 Times Seen22 Hash cb8dbf05dc40254acd7243b1c55dbdaa 55fc72ea9bc669d3e9513ac8061afbeb2c469e03 c0973f6a677d4c16b8555459f8c6bbfefc60b6d006220764ff34fb12f9a28b8c Loading...

	unknown	Function	37 B	2023-04-11	2025-05-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49 Last Seen2025-05-25 04:19 Times Seen35303 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	Function	269 B	2025-02-22	2025-02-22
Pretty Introduced by Function Embedded in HTML false Observations First Seen2025-02-22 01:17 Last Seen2025-02-22 01:17 Times Seen1 Hash 0a34025debdd2a41c9d18ca12e43b693 63d8785f1b2052f7f35435fefa5af0636d4f2222 4eb7a8831eb25736afa7f15f7d94fb6073f91d31dcac28dafd963b70fba2778a Loading...

	155.159.182.93:456/link1.js	ScriptElement	2.0 kB	2025-02-22	2025-02-22
Pretty URL 155.159.182.93:456/link1.js IP 155.159.182.93 ASN #137951 ASLINE LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-22 01:17 Last Seen2025-02-22 01:17 Times Seen1 Hash bc9a95400eb295548c5afed42b7313e5 08c0f6d62720eda262808c2e0e529aa6c6f3ce39 1bb8e480db635e8e8f2acd2b25fa1c7ece013f902f95d94377ac9494a12b972d Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07 12:43	2025-05-25 02:13
Pretty Observations First Seen2023-03-07 12:43 Last Seen2025-05-25 02:13 Times Seen1043 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 12024e6edf7c9913233b3a992d364f6d	281 B	2025-02-22 01:17	2025-02-22 01:17
Pretty Observations First Seen2025-02-22 01:17 Last Seen2025-02-22 01:17 Times Seen1 Hash 12024e6edf7c9913233b3a992d364f6d e171caedbedc26ab6a6637bf6ca0d6c677c176cc 29e1a2661e84565c677d0aa34047200e0a8254093316ef13be5fa10ab61893a7 Loading...

HTTP Transactions (17)

URL IP Response Size

jirui-edu.cn/robots.txt

160.121.187.97

200 OK

67 B

URL User Request GET HTTP/1.1
jirui-edu.cn/robots.txt
IP
160.121.187.97:80
ASN
#137951 ASLINE LIMITED

File type
HTML document, ASCII text, with no line terminators
Size
67 B (67 bytes)
Hash
ad34d386f57329207e6b25c37e3b85b7
5781343abb70668bbd225bef51135ce6999a93da
9b648c0b6ac028f89ca576da86a53b42bad78fa5329d3b6fdb4d0578fa169952

HTTP Headers

GET /robots.txt HTTP/1.1
Host: jirui-edu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

jirui-edu.cn/qifei.js

160.121.187.97

200 OK

751 B

URL
jirui-edu.cn/qifei.js
IP
160.121.187.97:0
ASN
#137951 ASLINE LIMITED

File type
JavaScript source, Unicode text, UTF-8 text
Size
751 B (751 bytes)
Hash
71bc1b3066e9321e17cc505e5b8f0233
0aa394948bc1b4eb3bb72c11d7f515bc32b589ec
dd23eb9e0510892d2256e350a752c2fe16d3771d8a3ccbbaeb96d882776563ea

HTTP Headers

GET /qifei.js HTTP/1.1
Host: jirui-edu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://jirui-edu.cn/robots.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:10 GMT
Content-Type: application/javascript
Last-Modified: Thu, 20 Feb 2025 08:30:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67b6e826-4da"
Expires: Sat, 22 Feb 2025 13:17:10 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

155.159.182.93:456/

155.159.182.93

200 OK

1.7 kB

URL GET HTTP/1.1
155.159.182.93:456/
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://jirui-edu.cn/robots.txt

File type
HTML document, Unicode text, UTF-8 text
Size
1.7 kB (1717 bytes)
Hash
243291f6b4e7749f35d59a9fa1d992f7
99f87a2c4f99695c0f2095f31c3b058507926641
ecddd4e789f27708b531ea8bc01e1c9c85dd6ed670423b6cc6a44270b1b3ee7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://jirui-edu.cn/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:10 GMT
Content-Type: text/html
Last-Modified: Tue, 06 Aug 2024 06:27:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"66b1c257-19d0"
Content-Encoding: gzip

jirui-edu.cn/favicon.ico

160.121.187.97

200 OK

0 B

URL GET HTTP/1.1
jirui-edu.cn/favicon.ico
IP
160.121.187.97:80
ASN
#137951 ASLINE LIMITED

Requested by
http://jirui-edu.cn/robots.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: jirui-edu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://jirui-edu.cn/robots.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:10 GMT
Content-Type: image/x-icon
Last-Modified: Wed, 29 May 2024 07:20:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: "6656d74e-0"

155.159.182.93:456/link1.js

155.159.182.93

200 OK

584 B

URL GET HTTP/1.1
155.159.182.93:456/link1.js
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
ASCII text
Size
584 B (584 bytes)
Hash
bc9a95400eb295548c5afed42b7313e5
08c0f6d62720eda262808c2e0e529aa6c6f3ce39
1bb8e480db635e8e8f2acd2b25fa1c7ece013f902f95d94377ac9494a12b972d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /link1.js HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:10 GMT
Content-Type: application/javascript
Last-Modified: Fri, 21 Feb 2025 18:26:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67b8c560-7a3"
Expires: Sat, 22 Feb 2025 13:17:10 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

155.159.182.93:456/static/js/js-sdk-pro.min.js

155.159.182.93

200 OK

14 kB

URL GET HTTP/1.1
155.159.182.93:456/static/js/js-sdk-pro.min.js
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34110)
Size
14 kB (13928 bytes)
Hash
24bb520e9517f2ed3ed987b46aeaf723
846723563d7dd2bff3954f93633b11af0103adc8
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/js-sdk-pro.min.js HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: application/javascript
Last-Modified: Tue, 03 Oct 2023 08:36:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"651bd2a1-861a"
Expires: Sat, 22 Feb 2025 13:17:11 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

155.159.182.93:456/static/picture/register.png

155.159.182.93

200 OK

3.8 kB

URL GET HTTP/1.1
155.159.182.93:456/static/picture/register.png
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
PNG image data, 412 x 100, 8-bit/color RGBA, non-interlaced
Size
3.8 kB (3769 bytes)
Hash
b486bf2221cd00fe849219d975670487
61926edaecf1d6d8be20a097ee0742da798777a7
df8c4f63ad8f374e92fdc356027f638a99e621c857d69e51bb01e75a7da86f9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/register.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 12 Mar 2024 08:32:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f01327-eb9"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/download.png

155.159.182.93

200 OK

3.6 kB

URL GET HTTP/1.1
155.159.182.93:456/static/picture/download.png
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
PNG image data, 416 x 100, 8-bit/color RGBA, non-interlaced
Size
3.6 kB (3561 bytes)
Hash
2ecdedf9ed6cfe667d8f0093f0f5d947
72d08c2362562f57dff5d26d129c6322382b1753
4cd827b8dd283a12d1cad398f8b21166f6bb0399cff4584583d8c7f108e498fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/download.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 12 Mar 2024 08:32:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f01327-deb"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/sectionky.png

155.159.182.93

200 OK

45 kB

URL GET HTTP/1.1
155.159.182.93:456/static/picture/sectionky.png
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
PNG image data, 960 x 654, 8-bit colormap, non-interlaced
Size
45 kB (44735 bytes)
Hash
e8b4e9a0dcf02c0733803225a69bd6e6
6f40f8da7eed607780f375fe6aea94cac3a4fce9
eaf2477b666cfcd1c16cc3eb13c96fa95802806d875317a7e3b07f78211bfee5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/sectionky.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 12 Mar 2024 08:32:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f01328-b1e1"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/activity.png

155.159.182.93

200 OK

26 kB

URL GET HTTP/1.1
155.159.182.93:456/static/picture/activity.png
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
PNG image data, 960 x 1123, 4-bit colormap, non-interlaced
Size
26 kB (26402 bytes)
Hash
ade1152803c52799a6f5dda258467325
36f8410f7ea6e759b1e46239d4c81c2c5f4dc597
bf59f1bbc00714057970821bf96256ab182d0ea075bb6bd0b01963ea57cd62e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/activity.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 03 Oct 2023 08:36:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"651bd2a3-6a40"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/bg1.jpg

155.159.182.93

200 OK

143 kB

URL GET HTTP/1.1
155.159.182.93:456/static/picture/bg1.jpg
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x2960, components 3
Size
143 kB (143242 bytes)
Hash
b248edfd4ea5774327a4b2e40bebfda3
57bb5c1328544234e43598c04ec249f2d26b0684
25a9e874d5192b9522af94aaa1b12d090dedea945ff3c4e37777abd1074e2396

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/bg1.jpg HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/jpeg
Last-Modified: Tue, 03 Oct 2023 08:36:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"651bd2a6-261b3"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/jy-section.png

155.159.182.93

200 OK

166 kB

URL GET HTTP/1.1
155.159.182.93:456/static/picture/jy-section.png
IP
155.159.182.93:456
ASN
#137951 ASLINE LIMITED

Requested by
http://155.159.182.93:456/

File type
PNG image data, 960 x 654, 8-bit/color RGBA, non-interlaced
Size
166 kB (165993 bytes)
Hash
a7ad6d6bf6361246a9a376567d9a4f3d
a6a856d41be95642c6d982a8794479d21c13b706
c9178b2b5a26ee7ffcd29f0fd4a31a4a0591eec84addc2c92b27398693b94bc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/jy-section.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 06 Aug 2024 06:13:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"66b1bf1a-2a424"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/sectionayx.png

155.159.182.93

200 OK

44 kB

URL
155.159.182.93:456/static/picture/sectionayx.png
IP
155.159.182.93:0
ASN
#137951 ASLINE LIMITED

File type
PNG image data, 960 x 654, 8-bit colormap, non-interlaced
Size
44 kB (43695 bytes)
Hash
320b674353f4b7c7145d36e3b9cd391d
19637b4ff3ea44198be6d8f08d536d309ec24bcb
26a985d12e7a2a06c70128c999e9bea11257ab35ec99d20fbfde6cf9eec5bc8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/sectionayx.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 12 Mar 2024 08:32:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f01328-acf1"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

155.159.182.93:456/static/picture/event1.png

155.159.182.93

200 OK

399 kB

URL
155.159.182.93:456/static/picture/event1.png
IP
155.159.182.93:0
ASN
#137951 ASLINE LIMITED

File type
PNG image data, 926 x 574, 8-bit/color RGBA, non-interlaced
Size
399 kB (399264 bytes)
Hash
db9fef1ed735159f3b8d8fd207488a34
1d83b4c48fd95d48fce27ffc60f00e1a1f7f82b2
fc268a70ec262e62b18ae7a3e36991860016b35198d53ed53c805ec7e0c504cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/picture/event1.png HTTP/1.1
Host: 155.159.182.93:456
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Feb 2025 01:17:11 GMT
Content-Type: image/png
Last-Modified: Tue, 06 Aug 2024 06:26:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"66b1c228-61bee"
Expires: Mon, 24 Mar 2025 01:17:11 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

hm.baidu.com/hm.js?4b81b1ffb374d3ca8e68cb567b7ec91b

14.215.183.79

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?4b81b1ffb374d3ca8e68cb567b7ec91b
IP
14.215.183.79:443
ASN
#4134 Chinanet

Requested by
http://jirui-edu.cn/robots.txt
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT

File type
JavaScript source, ASCII text, with very long lines (618)
Size
11 kB (11288 bytes)
Hash
3fa0fa34ae312a7a48598d5c867a71ed
2a419a58783cd446e770127895bccc36797b739e
bead841a5660161368738e44e92591c1d0ef3f65a4cc8097658e542d4a769fbc

HTTP Headers

GET /hm.js?4b81b1ffb374d3ca8e68cb567b7ec91b HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://jirui-edu.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11288
Content-Type: application/javascript
Date: Sat, 22 Feb 2025 01:17:11 GMT
Etag: 8c5e28ce5f65a4f0c09343e35a35676c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8455928DA2832818; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?hca=8455928DA2832818&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=846737779&si=4b81b1ffb374d3ca8e68cb567b7ec91b&v=1.3.2&lv=1&sn=36177&r=0&ww=1280&u=http%3A%2F%2Fjirui-edu.cn%2Frobots.txt

14.215.183.79

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?hca=8455928DA2832818&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=846737779&si=4b81b1ffb374d3ca8e68cb567b7ec91b&v=1.3.2&lv=1&sn=36177&r=0&ww=1280&u=http%3A%2F%2Fjirui-edu.cn%2Frobots.txt
IP
14.215.183.79:443
ASN
#4134 Chinanet

Requested by
http://jirui-edu.cn/robots.txt
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?hca=8455928DA2832818&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=846737779&si=4b81b1ffb374d3ca8e68cb567b7ec91b&v=1.3.2&lv=1&sn=36177&r=0&ww=1280&u=http%3A%2F%2Fjirui-edu.cn%2Frobots.txt HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://jirui-edu.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 22 Feb 2025 01:17:12 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=B025599CA5CACED3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

collect-v6.51.la/v6/collect?dt=4

212.247.59.123

200

0 B

URL POST HTTP/1.1
collect-v6.51.la/v6/collect?dt=4
IP
212.247.59.123:80
ASN
#1257 Tele2 SWIPnet

Requested by
http://155.159.182.93:456/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 306
Origin: http://155.159.182.93:456
DNT: 1
Connection: keep-alive
Referer: http://155.159.182.93:456/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sat, 22 Feb 2025 01:17:12 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://155.159.182.93:456
Access-Control-Allow-Credentials: true
via: EU-SWE-stockholm-EDGE1-CACHE2[211],EU-SWE-stockholm-EDGE1-CACHE2[ovl,206],EU-RUS-mosco-EDGE2-CACHE10[ovl,188],CA-MNG-ulaanbaatar-EDGE1-CACHE3[ovl,76],CHN-GDdongguan-GLOBAL1-CACHE41[ovl,18]
X-CCDN-REQ-ID-46B1: 42fa5355d2fd9615fd94f522749cfe8a

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (17)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size