Report - 120.79.25.109:9005/login

Report Overview

Submitted URL
120.79.25.109:9005/login
IP
120.79.25.109
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-03-28 09:15:38
Access
public
Website Title
登录心悦系统
Final URL
120.79.25.109:9005/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
120.79.25.109:9005	unknown	unknown	No data	No data	6.9 kB	781 kB	120.79.25.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed
2024-03-28	medium	120.79.25.109	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	120.79.25.109:9005/ajax/libs/layer/layer.min.js	24 kB	2023-06-01	2024-04-26
Pretty URL 120.79.25.109:9005/ajax/libs/layer/layer.min.js IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 00:10:52 Last Seen2024-04-26 05:36:40 Times Seen61 Hash 076f3e9732208825c52ef16f04d1ed29 2637750086f0ab725f0a6aac790843613e610f66 97906a9e2b331eb0019411a782d4ad5e58c742dfac5ca7aec08530edaaa2840c Loading...

	120.79.25.109:9005/ajax/libs/blockUI/jquery.blockUI.js	21 kB	2023-03-07	2024-04-26
Pretty URL 120.79.25.109:9005/ajax/libs/blockUI/jquery.blockUI.js IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:33:48 Last Seen2024-04-26 12:35:03 Times Seen176 Hash d2527dc37bd691ee37c0769a85d4e678 7f6ae26a61a7d5dfa1fed93de574d736e80e3476 5fccc001b2b5cadcb733169e116de392bb571b456e2bef0d5cbeaa51c85f7ea5 Loading...

	120.79.25.109:9005/ruoyi/js/ry-ui.js?v=4.7.1	88 kB	2024-03-28	2024-03-28
Pretty URL 120.79.25.109:9005/ruoyi/js/ry-ui.js?v=4.7.1 IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 10:15:44 Last Seen2024-03-28 10:15:44 Times Seen1 Hash acf376d54b7f584336fe2fdf1f243b98 94e90ae1eb150931f785130be71ceab0b2802fc3 41326d774b79bc43c43114c19a538a2c56074c994354d0cc717f35ec4b47d7f1 Loading...

	120.79.25.109:9005/ruoyi/login.js	2.8 kB	2023-06-01	2024-03-28
Pretty URL 120.79.25.109:9005/ruoyi/login.js IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 00:10:52 Last Seen2024-03-28 10:15:45 Times Seen18 Hash f3de7ed240c484620ebcf020cbeb2559 121093ce5288bb1e5d593fa7056e738b2793c106 289819d979e23a8e8b40958dab72755dae686918cba22cf842d2869fb395023d Loading...

	120.79.25.109:9005/login	0 B	2023-03-07	2024-04-27
Pretty URL 120.79.25.109:9005/login IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 08:28:06 Times Seen37114809 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	120.79.25.109:9005/login	48 B	2023-06-01	2024-04-26
Pretty URL 120.79.25.109:9005/login IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:10:52 Last Seen2024-04-26 12:35:03 Times Seen136 Hash fb5a8c94e360a6a4b6d2cc8755007bba da4356bfe27a14d941383bfba020db240c3bd94f 3aeecc9fb20b249d22a7eebc7d89fbd13783ee0dcad3dd59311e5b17321671d4 Loading...

	120.79.25.109:9005/js/jquery.min.js	91 kB	2023-03-07	2024-04-25
Pretty URL 120.79.25.109:9005/js/jquery.min.js IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:14:03 Last Seen2024-04-25 00:38:40 Times Seen77 Hash d9a859ce7df2025316c2e3b57e110c36 8b240f3d2789d565e07e2f839fb466d97d178230 55ae605b6fd21800d2e527972c7ba66ecd1a11ac7ceac48a7fd004a7f4948634 Loading...

	120.79.25.109:9005/ajax/libs/validate/jquery.validate.min.js	24 kB	2023-06-01	2024-04-25
Pretty URL 120.79.25.109:9005/ajax/libs/validate/jquery.validate.min.js IP 120.79.25.109 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 00:10:52 Last Seen2024-04-25 00:38:40 Times Seen33 Hash ac9d47efe177743010ba984d48548923 901f1a04bab8483cf54eb82b707e11ec3acb6689 1694b58b032a689cc99c144bf1303b32126b9b04316ea064357ae5ac91eac25b Loading...

HTTP Transactions (19)

URL IP Response Size

120.79.25.109:9005/login

120.79.25.109

4.0 kB

URL
120.79.25.109:9005/login
IP
120.79.25.109:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
4.0 kB (4040 bytes)
Hash
513f308a0f30de8b3e7af506673a9961
1f200e98ac4272a666c33213b0bd8a280767a1e1
0948e0b4fe68d8a7bac17be0f4577e558a45a238c56b2c8cc971af78ee26989d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Content-Type: text/html;charset=UTF-8
Content-Language: zh-CN
Transfer-Encoding: chunked
Date: Thu, 28 Mar 2024 09:15:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/css/login.min.css

120.79.25.109

200

2.8 kB

URL GET HTTP/1.1
120.79.25.109:9005/css/login.min.css
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
ASCII text, with very long lines (2821), with no line terminators
Size
2.8 kB (2821 bytes)
Hash
7054d62397015c7d234dc4a987dcaa64
09a5ab402e2e06388ebc3a6edfcb43f8f81de5d3
33b5cdc4d46834ad37c53b1bbd75d6d998cdf774715c50a242b753ffced13762

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.min.css HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 2821
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/css/font-awesome.min.css

120.79.25.109

200

31 kB

URL GET HTTP/1.1
120.79.25.109:9005/css/font-awesome.min.css
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
ASCII text, with very long lines (30837), with CRLF line terminators
Size
31 kB (31004 bytes)
Hash
a0e784c4ca94c271b0338dfb02055be6
88af80502c44cd52ca81ffe7dc7276b7eccb06cf
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/font-awesome.min.css HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 31004
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ruoyi/css/ry-ui.css?v=4.7.1

120.79.25.109

200

25 kB

URL GET HTTP/1.1
120.79.25.109:9005/ruoyi/css/ry-ui.css?v=4.7.1
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
25 kB (25019 bytes)
Hash
d4f0375efbd4073b15727388ef343019
603bc5827d6a1d3856cdb5d8ce00fc2f6d9f635c
9ce6264089cde888e5004ea98537905d86e416b74a82ea2b2a4aa4331e069776

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ruoyi/css/ry-ui.css?v=4.7.1 HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 25019
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ajax/libs/layer/layer.min.js

120.79.25.109

200

24 kB

URL GET HTTP/1.1
120.79.25.109:9005/ajax/libs/layer/layer.min.js
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (23510), with CRLF line terminators
Size
24 kB (23569 bytes)
Hash
87ca7933fd22c1718087c092204cae96
21425b82df58b49be030e8a4d9a0a12e7cf7698e
a81b4ba662303e819d8ef69c888d907334c22c47af6764819976b83b4ec28ef7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/layer.min.js HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 23569
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/css/bootstrap.min.css

120.79.25.109

200

121 kB

URL GET HTTP/1.1
120.79.25.109:9005/css/bootstrap.min.css
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
ASCII text, with very long lines (65367), with CRLF line terminators
Size
121 kB (121160 bytes)
Hash
a1124333721a9bc6b8865a68472a7dbc
e9ff89169da4e8c93414492a2121f4aa257d8614
131274e2a9c6ccab840dfc9c0b875dea0e2a6c47a4fdc5e24fc97d9d91ef8238

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 121160
Date: Thu, 28 Mar 2024 09:15:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/js/jquery.min.js

120.79.25.109

200

91 kB

URL GET HTTP/1.1
120.79.25.109:9005/js/jquery.min.js
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65444), with CRLF line terminators
Size
91 kB (90952 bytes)
Hash
d9a859ce7df2025316c2e3b57e110c36
8b240f3d2789d565e07e2f839fb466d97d178230
55ae605b6fd21800d2e527972c7ba66ecd1a11ac7ceac48a7fd004a7f4948634

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 90952
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ajax/libs/validate/jquery.validate.min.js

120.79.25.109

200

24 kB

URL GET HTTP/1.1
120.79.25.109:9005/ajax/libs/validate/jquery.validate.min.js
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (24311), with CRLF line terminators
Size
24 kB (24452 bytes)
Hash
d8d22231c43d9eb60613e8b89dd913d5
924f392a33410dbff6ea5e67b926f9cc08f50a31
2a1a27d9a401466dfbd09162d059d7c05b4d6adb9da32de35dd4215e66e5995c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/jquery.validate.min.js HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 24452
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ajax/libs/blockUI/jquery.blockUI.js

120.79.25.109

200

21 kB

URL GET HTTP/1.1
120.79.25.109:9005/ajax/libs/blockUI/jquery.blockUI.js
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
21 kB (20641 bytes)
Hash
d1b570f6154466b04656d6bf82f83334
ff13abea09fce7cac97c9a8799edcdef7b33b998
fe71ac0177ef82f38e030cca3ad8074377479ec82701d38ac6db1e476ea83c8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/blockUI/jquery.blockUI.js HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 20641
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ruoyi/login.js

120.79.25.109

200

2.8 kB

URL GET HTTP/1.1
120.79.25.109:9005/ruoyi/login.js
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.8 kB (2767 bytes)
Hash
f3de7ed240c484620ebcf020cbeb2559
121093ce5288bb1e5d593fa7056e738b2793c106
289819d979e23a8e8b40958dab72755dae686918cba22cf842d2869fb395023d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ruoyi/login.js HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 2767
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/css/style.min.css

120.79.25.109

200

132 kB

URL GET HTTP/1.1
120.79.25.109:9005/css/style.min.css
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
ASCII text, with very long lines (478), with CRLF line terminators
Size
132 kB (131943 bytes)
Hash
be6f6f78fd319d1478e20397ba3c4f7f
7c508d7dbd897898c5ce1d2f29c519a9913d9f48
5dc7317a5959ff02c171eb66e6deb827c44d950558c18c3fdabeb39361c6f7ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.min.css HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 131943
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ruoyi/js/ry-ui.js?v=4.7.1

120.79.25.109

200

89 kB

URL GET HTTP/1.1
120.79.25.109:9005/ruoyi/js/ry-ui.js?v=4.7.1
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
89 kB (88661 bytes)
Hash
717614a24c3d3de9b20d744b1a10b167
5fe08babc5b63ec5b68d311edfc27c7b3a938a26
10f39d20908dae9bdac2b4858c628b7f41d71a9e149a0f0563864623a87310bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ruoyi/js/ry-ui.js?v=4.7.1 HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 88661
Date: Thu, 28 Mar 2024 09:15:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/captcha/captchaImage?type=math

120.79.25.109

200

2.8 kB

URL GET HTTP/1.1
120.79.25.109:9005/captcha/captchaImage?type=math
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x60, components 3
Size
2.8 kB (2819 bytes)
Hash
489da4b6af210494222c9434c82f9086
2ee8af4e80d53eac984fd59ba496ff0938f1de46
e3bcd8c146a7e2e07ea895fc23ea45581994e515d32d95bd92019f3fca892415

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/captchaImage?type=math HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Set-Cookie: JSESSIONID=33070dcc-845f-4b8e-aab5-f5f2832c408a; Path=/; HttpOnly; SameSite=lax
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/jpeg
Transfer-Encoding: chunked
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/img/login-background1.jpg

120.79.25.109

200

92 kB

URL GET HTTP/1.1
120.79.25.109:9005/img/login-background1.jpg
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 960x600, components 3
Size
92 kB (92340 bytes)
Hash
4772dc6a806368725e8823e79bf9b883
9cb1231fd72179fb9cc1837275880cc489c31aeb
8a2994248f1706f62022ea00031ca3636b9d6767e3332d4ce3171254ec15d48c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/login-background1.jpg HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/css/login.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 92340
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/ajax/libs/layer/theme/default/layer.css?v=3.5.1

120.79.25.109

200

16 kB

URL GET HTTP/1.1
120.79.25.109:9005/ajax/libs/layer/theme/default/layer.css?v=3.5.1
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
Unicode text, UTF-8 text, with very long lines (966), with CRLF line terminators
Size
16 kB (16531 bytes)
Hash
ee72afc27efea1f8666117a566a01ad7
4beb4716bc365f96849d5b4b7f1c778220529009
0387f33a167042d50307f667fd50c2520953e0c079c2779ab8cebbbed4c61b8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/theme/default/layer.css?v=3.5.1 HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 16531
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/img/locked.png

120.79.25.109

200

1.1 kB

URL GET HTTP/1.1
120.79.25.109:9005/img/locked.png
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1132 bytes)
Hash
f6f30beb72f584e218bfec975eb1109d
bf2df8c47190b0643683569dbe42e619186135e3
5d49f096f9957f3b969cdf922469092b26550ec5cfe9c78a86515460c4230cd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/locked.png HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/css/login.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1132
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/fonts/fontawesome-webfont.woff2?v=4.7.0

120.79.25.109

200

77 kB

URL GET HTTP/1.1
120.79.25.109:9005/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/css/font-awesome.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: application/font-woff2
Content-Length: 77160
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/img/user.png

120.79.25.109

200

1.1 kB

URL GET HTTP/1.1
120.79.25.109:9005/img/user.png
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1106 bytes)
Hash
681dfebf3a20ec9c580d8dc248eb6a6e
46a81ebddfdb1e2e647b711cf896aea3c4557f74
09bbf9c144222134ee6d4f28b25d4b846f8c099d72c4360c7998bfd89715eb45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/user.png HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/css/login.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1106
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

120.79.25.109:9005/favicon.ico

120.79.25.109

200

17 kB

URL GET HTTP/1.1
120.79.25.109:9005/favicon.ico
IP
120.79.25.109:9005
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.79.25.109:9005/login

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Size
17 kB (16958 bytes)
Hash
e49fd30ea870c7a820464ca56a113e6e
38ccc3603a8bc74ed3f7491222c9d50e73aa421a
148ce319907e947199c93f77c9317c0b166bc17d77d6cf6378f8374e8d2fb1a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 120.79.25.109:9005
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.79.25.109:9005/login
Cookie: JSESSIONID=33070dcc-845f-4b8e-aab5-f5f2832c408a
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 27 Mar 2024 10:31:45 GMT
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Length: 16958
Date: Thu, 28 Mar 2024 09:15:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML