Report - 124.221.138.94:8881/login

Report Overview

Submitted URL
124.221.138.94:8881/login
IP
124.221.138.94
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited
Submitted
2024-05-07 10:57:14
Access
public
Website Title
登录众智成汽车系统
Final URL
124.221.138.94:8881/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
124.221.138.94:8881	unknown	unknown	No data	No data	8.3 kB	851 kB	124.221.138.94

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed
2024-05-07	medium	124.221.138.94	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	124.221.138.94:8881/js/bootstrap.min.js	37 kB	2023-03-08	2024-05-26
Pretty URL 124.221.138.94:8881/js/bootstrap.min.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:29:31 Last Seen2024-05-26 20:13:35 Times Seen195 Hash d6c8c6d7b996538e355355c443f49b13 238e0f56d67ad64c75a16f4a624a7a92dd221b7c 214c9901e85e6b004c8dc82dfb8af5c399d14a04649f3ca815eee1c65c9b34ba Loading...

	124.221.138.94:8881/ajax/libs/blockUI/jquery.blockUI.js	21 kB	2023-03-07	2024-05-28
Pretty URL 124.221.138.94:8881/ajax/libs/blockUI/jquery.blockUI.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:33:48 Last Seen2024-05-28 10:43:29 Times Seen213 Hash d2527dc37bd691ee37c0769a85d4e678 7f6ae26a61a7d5dfa1fed93de574d736e80e3476 5fccc001b2b5cadcb733169e116de392bb571b456e2bef0d5cbeaa51c85f7ea5 Loading...

	124.221.138.94:8881/starsink/login.js	2.7 kB	2023-03-09	2024-05-13
Pretty URL 124.221.138.94:8881/starsink/login.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:33:45 Last Seen2024-05-13 11:39:24 Times Seen45 Hash 046d1e3c139f45efea2eb7c727575a80 abed31cf76890d94c7fd973ca317f5c59ab60354 cf7909067013b072cd982f94c1f65da85382f22e966f44c3ef3402a3bb7ee246 Loading...

	124.221.138.94:8881/ajax/libs/validate/jquery.validate.min.js	22 kB	2023-05-08	2024-05-26
Pretty URL 124.221.138.94:8881/ajax/libs/validate/jquery.validate.min.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 08:52:31 Last Seen2024-05-26 20:13:34 Times Seen148 Hash 7798b82361d00430029282940e40c353 f09358ac4f6f4c3863e94c044c8dda7c5f926adf e51f6692c221e90f372a17cf0a2436d023018f5c9341f72bd2c2858022d44577 Loading...

	124.221.138.94:8881/ajax/libs/validate/messages_zh.min.js	1.4 kB	2023-03-09	2024-05-23
Pretty URL 124.221.138.94:8881/ajax/libs/validate/messages_zh.min.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:33:45 Last Seen2024-05-23 12:36:24 Times Seen297 Hash 2e53acbf6518a85fcad23b41db2c7425 2d5e7474ba6509a478d6600acab1103db5f07c4b 569a2be4832b1ebf6244b6e2b219daf8705782a2c94d23dd932ceef4d69148c3 Loading...

	124.221.138.94:8881/ajax/libs/layer/layer.min.js	22 kB	2023-04-07	2024-05-27
Pretty URL 124.221.138.94:8881/ajax/libs/layer/layer.min.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 19:23:28 Last Seen2024-05-27 14:27:19 Times Seen209 Hash 47db0e57d73194c6a41bab5b4d55e860 9db378fa8d56979e86519f483993486dc476902b 69025fc1818313fb94c9ca4975c6a45e8385a6fd0ab9d0c60c0ac93cd997566e Loading...

	124.221.138.94:8881/starsink/js/ry-ui.js?v=4.2.0	67 kB	2024-05-07	2024-05-07
Pretty URL 124.221.138.94:8881/starsink/js/ry-ui.js?v=4.2.0 IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 12:57:21 Last Seen2024-05-07 12:57:21 Times Seen1 Hash c4d0e66ff48fc5d5232c76e1c4287b4e f77384bf5685e56cbae55348a4554bf1e8c08f32 caca12041f622875588e14fe0a5484927c888a5b42d3210e40b87fed5774a063 Loading...

	124.221.138.94:8881/login	0 B	2023-03-07	2024-05-28
Pretty URL 124.221.138.94:8881/login IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-28 19:24:41 Times Seen38409297 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	124.221.138.94:8881/login	48 B	2023-06-01	2024-05-28
Pretty URL 124.221.138.94:8881/login IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:10:52 Last Seen2024-05-28 10:43:29 Times Seen165 Hash fb5a8c94e360a6a4b6d2cc8755007bba da4356bfe27a14d941383bfba020db240c3bd94f 3aeecc9fb20b249d22a7eebc7d89fbd13783ee0dcad3dd59311e5b17321671d4 Loading...

	124.221.138.94:8881/js/jquery.min.js	84 kB	2023-03-07	2024-05-27
Pretty URL 124.221.138.94:8881/js/jquery.min.js IP 124.221.138.94 ASN #45090 Shenzhen Tencent Computer Systems Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:08 Last Seen2024-05-27 03:47:22 Times Seen1981 Hash b0dc11d0a434aafe88908c7f33d71095 1327f754ff87d26bced46568543207e9df190aaa de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f Loading...

HTTP Transactions (20)

URL IP Response Size

124.221.138.94:8881/login

124.221.138.94

200

3.6 kB

URL User Request GET HTTP/1.1
124.221.138.94:8881/login
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.6 kB (3573 bytes)
Hash
5e2d20bad02f00e432e9bd8ef4cf5868
1b11d22bc40d87981750e5c3d9b8ef1fab1f55ba
e733ffe8b6a2ea47598f905f013cb54c61fcbcfeab9edb931098c8cc33297e21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Set-Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3; Path=/; HttpOnly
Content-Type: text/html;charset=UTF-8
Content-Language: zh-CN
Transfer-Encoding: chunked
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/css/login.min.css

124.221.138.94

200

2.4 kB

URL GET HTTP/1.1
124.221.138.94:8881/css/login.min.css
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
ASCII text, with very long lines (2354), with no line terminators
Size
2.4 kB (2354 bytes)
Hash
56388c270cb23c2962ce487c57e119ca
3b4ec363e9116d06e35b5b4b22696b9f492860d9
9e39f9d8335ff6384c7bc7cbf0a8f251b799aeb5f7fbfe9acc293203aaadd5f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.min.css HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 2354
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/css/font-awesome.min.css

124.221.138.94

200

31 kB

URL GET HTTP/1.1
124.221.138.94:8881/css/font-awesome.min.css
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
ASCII text, with very long lines (30837), with CRLF line terminators
Size
31 kB (31004 bytes)
Hash
a0e784c4ca94c271b0338dfb02055be6
88af80502c44cd52ca81ffe7dc7276b7eccb06cf
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/font-awesome.min.css HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 31004
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/starsink/css/ry-ui.css?v=4.2.0

124.221.138.94

200

23 kB

URL GET HTTP/1.1
124.221.138.94:8881/starsink/css/ry-ui.css?v=4.2.0
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
23 kB (22659 bytes)
Hash
792efab4b0fe4deaea5b9074eb3d2837
f33f43c0322a912d72824ad4976d5ce898972326
93dc076b51383128ef63b83a950c1ad496c5095f84c5e2945543e2a35d785adc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /starsink/css/ry-ui.css?v=4.2.0 HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 22659
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/css/bootstrap.min.css

124.221.138.94

200

121 kB

URL GET HTTP/1.1
124.221.138.94:8881/css/bootstrap.min.css
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
ASCII text, with very long lines (65367), with CRLF line terminators
Size
121 kB (121267 bytes)
Hash
c66e40716c9c7a9fe3a8818504973dc6
39322ff0227c0ab4d4047d1c65c278a5cb84c646
07cd689f8412ccaf997a2c5fd0f7eb17eb55716081694793a4788fee24c328d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 121267
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/js/bootstrap.min.js

124.221.138.94

200

37 kB

URL GET HTTP/1.1
124.221.138.94:8881/js/bootstrap.min.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, ASCII text, with very long lines (32003), with CRLF line terminators
Size
37 kB (36876 bytes)
Hash
d6c8c6d7b996538e355355c443f49b13
238e0f56d67ad64c75a16f4a624a7a92dd221b7c
214c9901e85e6b004c8dc82dfb8af5c399d14a04649f3ca815eee1c65c9b34ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 36876
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/ajax/libs/validate/messages_zh.min.js

124.221.138.94

200

1.4 kB

URL GET HTTP/1.1
124.221.138.94:8881/ajax/libs/validate/messages_zh.min.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.4 kB (1435 bytes)
Hash
2e53acbf6518a85fcad23b41db2c7425
2d5e7474ba6509a478d6600acab1103db5f07c4b
569a2be4832b1ebf6244b6e2b219daf8705782a2c94d23dd932ceef4d69148c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/messages_zh.min.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 1435
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/ajax/libs/layer/layer.min.js

124.221.138.94

200

22 kB

URL GET HTTP/1.1
124.221.138.94:8881/ajax/libs/layer/layer.min.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (22032), with CRLF line terminators
Size
22 kB (22117 bytes)
Hash
b4b722614d6d4b6b5f345361b8e5355f
f91dfc32558f2fe1347babbe11f644bd486d7c3e
3cb403b2abfeaf137ebf64eabb0107a01136d1831923b489d6835af431985544

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/layer.min.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 22117
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/ajax/libs/validate/jquery.validate.min.js

124.221.138.94

200

22 kB

URL GET HTTP/1.1
124.221.138.94:8881/ajax/libs/validate/jquery.validate.min.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21388), with CRLF line terminators
Size
22 kB (21530 bytes)
Hash
0909b4a0efdadf7a2a679e1f43d7d7cf
be2ec5f330a7b537b6752283c3d99ea5651116bb
f01f5ea5ff71b32da6759fb193943622b2d04e19a8d4017e8528e0bb1f248fde

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/jquery.validate.min.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 21530
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/ajax/libs/blockUI/jquery.blockUI.js

124.221.138.94

200

21 kB

URL GET HTTP/1.1
124.221.138.94:8881/ajax/libs/blockUI/jquery.blockUI.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
21 kB (20641 bytes)
Hash
d1b570f6154466b04656d6bf82f83334
ff13abea09fce7cac97c9a8799edcdef7b33b998
fe71ac0177ef82f38e030cca3ad8074377479ec82701d38ac6db1e476ea83c8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/blockUI/jquery.blockUI.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 20641
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/js/jquery.min.js

124.221.138.94

200

84 kB

URL GET HTTP/1.1
124.221.138.94:8881/js/jquery.min.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators
Size
84 kB (84349 bytes)
Hash
b0dc11d0a434aafe88908c7f33d71095
1327f754ff87d26bced46568543207e9df190aaa
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 84349
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/starsink/login.js

124.221.138.94

200

2.7 kB

URL GET HTTP/1.1
124.221.138.94:8881/starsink/login.js
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.7 kB (2672 bytes)
Hash
046d1e3c139f45efea2eb7c727575a80
abed31cf76890d94c7fd973ca317f5c59ab60354
cf7909067013b072cd982f94c1f65da85382f22e966f44c3ef3402a3bb7ee246

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /starsink/login.js HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 2672
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/css/style.css

124.221.138.94

200

139 kB

URL GET HTTP/1.1
124.221.138.94:8881/css/style.css
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
Unicode text, UTF-8 text, with very long lines (483), with CRLF line terminators
Size
139 kB (138637 bytes)
Hash
33f0964547f74c87e7b40e87dbf3cf16
55f73d1dae530344f23de72170566ae848b9d9a7
925159815b665ba8811c1b2cf4f3c2087ec094afbb767f258a91e66a6019e643

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 138637
Date: Tue, 07 May 2024 10:56:48 GMT

124.221.138.94:8881/starsink/js/ry-ui.js?v=4.2.0

124.221.138.94

200

67 kB

URL GET HTTP/1.1
124.221.138.94:8881/starsink/js/ry-ui.js?v=4.2.0
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JavaScript source, Unicode text, UTF-8 text
Size
67 kB (67154 bytes)
Hash
9015515412af12f72524a2081a4bd2d1
55b1ac54419d519f27e1c7a6f6d03e01dfa2f3a1
0e7fd72bd3eeb0b0bffabb3dd0c6bf22f3c630963f78846f35419f536c266652

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /starsink/js/ry-ui.js?v=4.2.0 HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 67154
Date: Tue, 07 May 2024 10:56:49 GMT

124.221.138.94:8881/captcha/captchaImage?type=math

124.221.138.94

200

2.7 kB

URL GET HTTP/1.1
124.221.138.94:8881/captcha/captchaImage?type=math
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x60, components 3
Size
2.7 kB (2747 bytes)
Hash
dbaa5836da17e30580d1ad7663adc4b9
b6406fa8f28b2f43cd71db52a2d770457d9c50bd
86fd45b594845dc7d7b0fa88289b6292034aa1fd7bb6f97ec84800ab525acbd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/captchaImage?type=math HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/jpeg
Transfer-Encoding: chunked
Date: Tue, 07 May 2024 10:56:50 GMT

124.221.138.94:8881/img/locked.png

124.221.138.94

200

1.1 kB

URL GET HTTP/1.1
124.221.138.94:8881/img/locked.png
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1132 bytes)
Hash
f6f30beb72f584e218bfec975eb1109d
bf2df8c47190b0643683569dbe42e619186135e3
5d49f096f9957f3b969cdf922469092b26550ec5cfe9c78a86515460c4230cd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/locked.png HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/css/login.min.css
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1132
Date: Tue, 07 May 2024 10:56:50 GMT

124.221.138.94:8881/ajax/libs/layer/theme/default/layer.css?v=3.1.1

124.221.138.94

200

15 kB

URL GET HTTP/1.1
124.221.138.94:8881/ajax/libs/layer/theme/default/layer.css?v=3.1.1
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
ASCII text, with very long lines (15156), with no line terminators
Size
15 kB (15156 bytes)
Hash
f0f9dca00a24bd457da5305214b2b4e5
9b08a0281f73c9d17a807def7e878fc27d01459c
811968878fd43543f1155d371a2f243dab5b469ca6c077fc40afeedc8b69c880

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/theme/default/layer.css?v=3.1.1 HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 15156
Date: Tue, 07 May 2024 10:56:50 GMT

124.221.138.94:8881/img/login-background.jpg

124.221.138.94

200

250 kB

URL GET HTTP/1.1
124.221.138.94:8881/img/login-background.jpg
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3
Size
250 kB (250364 bytes)
Hash
a060e466cf92ee2ec8afc5ef44890f56
7520cfedbbdd977f8a077ce1a7e6bf9cbd902abf
546db0588f032d40b8a815dc2697e8f8b1b22f8f2ca02c0c19e140e5ccf78bd9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/login-background.jpg HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/css/login.min.css
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 250364
Date: Tue, 07 May 2024 10:56:50 GMT

124.221.138.94:8881/favicon.ico

124.221.138.94

200

946 B

URL GET HTTP/1.1
124.221.138.94:8881/favicon.ico
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
MS Windows icon resource - 1 icon, 16x13, 32 bits/pixel
Size
946 B (946 bytes)
Hash
0488faca4c19046b94d07c3ee83cf9d6
02fb8c5e4c3d113f310651a4d021aecc68f79d54
a3fe67e3549fdbc5819762b43c7efd93b1caea734f87a33c909a4e4b2ba4e32b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/login
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Length: 946
Date: Tue, 07 May 2024 10:56:50 GMT

124.221.138.94:8881/img/user.png

124.221.138.94

200

1.1 kB

URL GET HTTP/1.1
124.221.138.94:8881/img/user.png
IP
124.221.138.94:8881
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://124.221.138.94:8881/login

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1106 bytes)
Hash
681dfebf3a20ec9c580d8dc248eb6a6e
46a81ebddfdb1e2e647b711cf896aea3c4557f74
09bbf9c144222134ee6d4f28b25d4b846f8c099d72c4360c7998bfd89715eb45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/user.png HTTP/1.1
Host: 124.221.138.94:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.221.138.94:8881/css/login.min.css
Cookie: JSESSIONID=a161fe8e-d120-4406-95b2-ef2ccc494bf3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Fri, 24 Mar 2023 08:42:34 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1106
Date: Tue, 07 May 2024 10:56:50 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML