Report - 122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995

Report Overview

Submitted URL
122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
IP
122.155.137.214
ASN
#9931 The Communication Authoity of Thailand, CAT
Submitted
2024-05-08 10:26:01
Access
public
Website Title
Access is denied
Final URL
122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
122.155.137.214	unknown	unknown	2016-11-16	2024-01-26	8.3 kB	212 kB	122.155.137.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed
2024-05-08	medium	122.155.137.214	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	122.155.137.214/sm/cwc/js/9.34.0032/cwc-api.js	16 kB	2024-03-07	2024-05-08
Pretty URL 122.155.137.214/sm/cwc/js/9.34.0032/cwc-api.js IP 122.155.137.214 ASN #9931 The Communication Authoity of Thailand, CAT Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-07 15:56:42 Last Seen2024-05-08 12:26:01 Times Seen4 Hash 0bbf5316fd0fa279c1f6cb76b9b9c5d6 a281f8cc22ad35c375bf419a08e6827e82b7ec54 bdfebf4b4b10b0773d179a7734ed20d817625bc207629533c77534f884c6fb47 Loading...

	122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995	0 B	2023-03-07	2024-05-19
Pretty URL 122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995 IP 122.155.137.214 ASN #9931 The Communication Authoity of Thailand, CAT Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 21:35:06 Times Seen37844087 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	16 B	2024-03-07	2024-05-08
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-03-07 15:56:42 Last Seen2024-05-08 12:26:01 Times Seen2 Hash 9cedc88bceab560e31c01f62361a106e 798e285d52e9283a965f1632bc09f23fb8cd0168 4efd43ede845059faa6bee356103b67a89802002b27d5c78764d30ea9620d82d Loading...

HTTP Transactions (14)

URL IP Response Size

122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995

122.155.137.214

403 Forbidden

0 B

URL User Request GET HTTP/1.1
122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995 HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 302 Moved Temporarily
Location: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995

122.155.137.214

403 Forbidden

1.6 kB

URL User Request GET HTTP/1.1
122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.6 kB (1565 bytes)
Hash
f9c4c6f666ade49f2884a70742ba57c0
a75560465cec7245faf842f157a6503cb00b0dda
0439ade51c5310238f4de66c4e367ae74d204062bba2bc9f7a6b0724a8070c50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995 HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
pragma: no-cache
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 08 May 2024 10:25:39 GMT
Set-Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; Path=/sm/; HttpOnly
BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000; path=/; Httponly; Secure

122.155.137.214/sm/cwc/css/9.34.0032/cwc_defaults.css

122.155.137.214

200 OK

6.0 kB

URL GET HTTP/1.1
122.155.137.214/sm/cwc/css/9.34.0032/cwc_defaults.css
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
ASCII text, with very long lines (31020), with no line terminators
Size
6.0 kB (5999 bytes)
Hash
805874e931cfc4c9148e62b8c86df5b5
95604e61366ea8f7fd9f4de1f7c2f1762fd0c942
14f50a842a2074f9bfe9561ac36d61aeeb152424e61a48cc3b69737f9adcd6e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/css/9.34.0032/cwc_defaults.css HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Accept-Ranges: bytes
ETag: W/"31020-1405152926000"
Last-Modified: Sat, 12 Jul 2014 08:15:26 GMT
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 5999
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/cwc/js/9.34.0032/inits.js

122.155.137.214

404 Not Found

1.4 kB

URL GET HTTP/1.1
122.155.137.214/sm/cwc/js/9.34.0032/inits.js
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1431 bytes)
Hash
08286c5e2c0a87faa5431279f9cab438
8679939eeb4b24d221d5b50fba111b9d06511621
13f9639d6cabf25c039bdfaf0b0a84127cf4503c5f5379355cdd371a073bc40d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/js/9.34.0032/inits.js HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/css/typography.css

122.155.137.214

200 OK

663 B

URL GET HTTP/1.1
122.155.137.214/sm/css/typography.css
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
ASCII text, with CRLF line terminators
Size
663 B (663 bytes)
Hash
3e32eb7241c9d4cbd57c06af77ea00ca
dfaad695476a29362c4cfd5a77bac35cc174a09f
a7a766925e51a7c562e876061e803543a244e5b6727e38a3b07fa76df0daa7ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/css/typography.css HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Accept-Ranges: bytes
ETag: W/"3624-1405152836000"
Last-Modified: Sat, 12 Jul 2014 08:13:56 GMT
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 663
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/cwc/js/9.34.0032/cwc.js

122.155.137.214

404 Not Found

1.4 kB

URL GET HTTP/1.1
122.155.137.214/sm/cwc/js/9.34.0032/cwc.js
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1431 bytes)
Hash
08286c5e2c0a87faa5431279f9cab438
8679939eeb4b24d221d5b50fba111b9d06511621
13f9639d6cabf25c039bdfaf0b0a84127cf4503c5f5379355cdd371a073bc40d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/js/9.34.0032/cwc.js HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/cwc/js/9.34.0032/cwc-api.js

122.155.137.214

200 OK

3.9 kB

URL GET HTTP/1.1
122.155.137.214/sm/cwc/js/9.34.0032/cwc-api.js
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
JavaScript source, ASCII text, with very long lines (15479)
Size
3.9 kB (3887 bytes)
Hash
0bbf5316fd0fa279c1f6cb76b9b9c5d6
a281f8cc22ad35c375bf419a08e6827e82b7ec54
bdfebf4b4b10b0773d179a7734ed20d817625bc207629533c77534f884c6fb47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/js/9.34.0032/cwc-api.js HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Accept-Ranges: bytes
ETag: W/"15502-1405152924000"
Last-Modified: Sat, 12 Jul 2014 08:15:24 GMT
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 3887
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/css/9.34.0032/jsp.css

122.155.137.214

200 OK

24 kB

URL GET HTTP/1.1
122.155.137.214/sm/css/9.34.0032/jsp.css
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
ASCII text, with very long lines (65413)
Size
24 kB (24339 bytes)
Hash
98b4f7ff76da3fd73d311e93f84b64b3
de9f8cb98888cde2734357252ed3c8f167f5f3f0
7c287afc563001132aec17708f7be26c3c850d67e6bd211c23074695f6744327

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/css/9.34.0032/jsp.css HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Accept-Ranges: bytes
ETag: W/"208335-1405152314000"
Last-Modified: Sat, 12 Jul 2014 08:05:14 GMT
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 24339
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/cwc/images/msg_warning.gif

122.155.137.214

200 OK

374 B

URL GET HTTP/1.1
122.155.137.214/sm/cwc/images/msg_warning.gif
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
GIF image data, version 89a, 16 x 16
Size
374 B (374 bytes)
Hash
06626b5059ae6017bbd09ec0be1b16a8
86dc837fad8581c8297640ff256648220c63ad5f
feb683104ae43cde4901c9d6cbb920d0d5299683ba7b830f603e23db8475d9c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/images/msg_warning.gif HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Accept-Ranges: bytes
ETag: W/"374-1402910098000"
Last-Modified: Mon, 16 Jun 2014 09:14:58 GMT
Content-Type: image/gif
Content-Length: 374
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/cwc/js/9.34.0032/inits.js

122.155.137.214

404 Not Found

1.4 kB

URL GET HTTP/1.1
122.155.137.214/sm/cwc/js/9.34.0032/inits.js
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1431 bytes)
Hash
08286c5e2c0a87faa5431279f9cab438
8679939eeb4b24d221d5b50fba111b9d06511621
13f9639d6cabf25c039bdfaf0b0a84127cf4503c5f5379355cdd371a073bc40d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/js/9.34.0032/inits.js HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 08 May 2024 10:25:40 GMT

122.155.137.214/sm/cwc/js/9.34.0032/cwc.js

122.155.137.214

404 Not Found

1.4 kB

URL GET HTTP/1.1
122.155.137.214/sm/cwc/js/9.34.0032/cwc.js
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1431 bytes)
Hash
08286c5e2c0a87faa5431279f9cab438
8679939eeb4b24d221d5b50fba111b9d06511621
13f9639d6cabf25c039bdfaf0b0a84127cf4503c5f5379355cdd371a073bc40d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/cwc/js/9.34.0032/cwc.js HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Expires: Sat, 6 May 2017 12:00:00 GMT
Cache-Control: public, max-age=15552000
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 08 May 2024 10:25:41 GMT

122.155.137.214/favicon.ico

122.155.137.214

200 OK

22 kB

URL GET HTTP/1.1
122.155.137.214/favicon.ico
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
MS Windows icon resource - 9 icons, 16x16, 16 colors, 16x16
Size
22 kB (21630 bytes)
Hash
4644f2d45601037b8423d45e13194c93
dcfdc7b05cb629f3b91a7267c7f304306f461724
64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Cookie: BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"21630-1387481426000"
Last-Modified: Thu, 19 Dec 2013 19:30:26 GMT
Content-Type: image/x-icon
Content-Length: 21630
Date: Wed, 08 May 2024 10:25:41 GMT

122.155.137.214/sm/fonts/hps/latin-e-regular-ttf.ttf

122.155.137.214

200 OK

74 kB

URL GET HTTP/1.1
122.155.137.214/sm/fonts/hps/latin-e-regular-ttf.ttf
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 29 names, Macintosh, � Copyright 2012 Hewlett-Packard Development Company, L.P.HP Simplified W02 RegularRegularwebfon
Size
74 kB (74376 bytes)
Hash
5506e086156f501f785fbdfb4ec95ac8
7fc724fd9779ca500831325b4e9f07e66df31fc4
ed4afefd29a57a4b3f2cdafbd8bfbb0833b6abf5aca10ba3c9687979c194867f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/fonts/hps/latin-e-regular-ttf.ttf HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/css/typography.css
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"74376-1402910128000"
Last-Modified: Mon, 16 Jun 2014 09:15:28 GMT
Content-Type: application/x-font-ttf
Content-Length: 74376
Date: Wed, 08 May 2024 10:25:41 GMT

122.155.137.214/sm/fonts/hps/latin-e-bold-ttf.ttf

122.155.137.214

200 OK

70 kB

URL GET HTTP/1.1
122.155.137.214/sm/fonts/hps/latin-e-bold-ttf.ttf
IP
122.155.137.214:443
ASN
#9931 The Communication Authoity of Thailand, CAT

Requested by
https://122.155.137.214/sm/attachments/ad33ad3ba1619a27901d6794e786eb4e/Attachments.zip?aftk-1432=-1501203995
Certificate
IssuerGlobalSign nv-sa
Subject*.nc.ntplc.co.th
FingerprintD4:DE:0C:F1:DD:B9:4F:B8:BD:3D:21:16:F8:10:F0:3F:B2:36:DB:C6
ValidityTue, 27 Feb 2024 05:48:31 GMT - Tue, 11 Mar 2025 09:05:38 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 29 names, Macintosh, � Copyright 2012 Hewlett-Packard Development Company, L.P.HP Simplified W02 BoldRegularwebfonts.
Size
70 kB (69960 bytes)
Hash
e0f5db3b71795fa61a3ac35e336eb2d5
6823b856adafbc3cf654775f1dac9a44501c0121
920f7ef9c37a3780214523722ea60f57399e46ee5c5d680c94770f2c781f3224

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sm/fonts/hps/latin-e-bold-ttf.ttf HTTP/1.1
Host: 122.155.137.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://122.155.137.214/sm/css/typography.css
Cookie: JSESSIONID=CDEF9109F884E305767659ED14A7B294; BIGipServerHP_SM_WEB01_POOL=1476634816.36895.0000
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"69960-1402910126000"
Last-Modified: Mon, 16 Jun 2014 09:15:26 GMT
Content-Type: application/x-font-ttf
Content-Length: 69960
Date: Wed, 08 May 2024 10:25:41 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size