Report - 8.140.36.106/login

Report Overview

Submitted URL
8.140.36.106/login
IP
8.140.36.106
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-05-02 12:25:05
Access
public
Website Title
登录河北农村人居环境整治数据平台
Final URL
8.140.36.106/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25	2024-04-30	666 B	1.9 kB	104.18.38.66
8.140.36.106	unknown	unknown	No data	No data	8.0 kB	1.1 MB	8.140.36.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed
2024-05-02	medium	8.140.36.106	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	8.140.36.106/ruoyi/login.js	2.7 kB	2023-07-07	2024-05-15
Pretty URL 8.140.36.106/ruoyi/login.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-07 11:21:49 Last Seen2024-05-15 11:24:40 Times Seen22 Hash ef2ebece48a7863696d3dddc7a9ff2f4 18babace93567dd4c2e90ec092fc8401ce68a788 5bf5793b19cef177161c0e899e1edc19fe5ec887c4bef087cba4c94e447c8edc Loading...

	8.140.36.106/login	0 B	2023-03-07	2024-05-17
Pretty URL 8.140.36.106/login IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-17 08:44:36 Times Seen37732726 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	8.140.36.106/js/jquery.min.js	84 kB	2023-03-07	2024-05-17
Pretty URL 8.140.36.106/js/jquery.min.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:08 Last Seen2024-05-17 06:06:44 Times Seen1880 Hash b0dc11d0a434aafe88908c7f33d71095 1327f754ff87d26bced46568543207e9df190aaa de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f Loading...

	8.140.36.106/ajax/libs/validate/jquery.validate.min.js	22 kB	2023-05-08	2024-05-16
Pretty URL 8.140.36.106/ajax/libs/validate/jquery.validate.min.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 08:52:31 Last Seen2024-05-16 12:25:10 Times Seen139 Hash 7798b82361d00430029282940e40c353 f09358ac4f6f4c3863e94c044c8dda7c5f926adf e51f6692c221e90f372a17cf0a2436d023018f5c9341f72bd2c2858022d44577 Loading...

	8.140.36.106/ajax/libs/blockUI/jquery.blockUI.js	21 kB	2023-03-07	2024-05-15
Pretty URL 8.140.36.106/ajax/libs/blockUI/jquery.blockUI.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:33:48 Last Seen2024-05-15 12:29:25 Times Seen197 Hash d2527dc37bd691ee37c0769a85d4e678 7f6ae26a61a7d5dfa1fed93de574d736e80e3476 5fccc001b2b5cadcb733169e116de392bb571b456e2bef0d5cbeaa51c85f7ea5 Loading...

	8.140.36.106/ruoyi/js/ry-ui.js?v=4.1.0	87 kB	2024-05-02	2024-05-02
Pretty URL 8.140.36.106/ruoyi/js/ry-ui.js?v=4.1.0 IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 14:25:11 Last Seen2024-05-02 14:25:11 Times Seen1 Hash bd5bb0484e36bc92073c6b534cf0cd16 edd3d95968889f2a5e76a1288ba9e754063fe852 25c8059eb05c774e9da1b2f9f27587880843bf0847c1c416d31262802b704462 Loading...

	8.140.36.106/login	48 B	2023-06-01	2024-05-16
Pretty URL 8.140.36.106/login IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 00:10:52 Last Seen2024-05-16 12:25:10 Times Seen153 Hash fb5a8c94e360a6a4b6d2cc8755007bba da4356bfe27a14d941383bfba020db240c3bd94f 3aeecc9fb20b249d22a7eebc7d89fbd13783ee0dcad3dd59311e5b17321671d4 Loading...

	8.140.36.106/js/bootstrap.min.js	37 kB	2023-03-08	2024-05-16
Pretty URL 8.140.36.106/js/bootstrap.min.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:29:31 Last Seen2024-05-16 12:41:53 Times Seen182 Hash d6c8c6d7b996538e355355c443f49b13 238e0f56d67ad64c75a16f4a624a7a92dd221b7c 214c9901e85e6b004c8dc82dfb8af5c399d14a04649f3ca815eee1c65c9b34ba Loading...

	8.140.36.106/ajax/libs/validate/messages_zh.min.js	1.4 kB	2023-03-09	2024-05-16
Pretty URL 8.140.36.106/ajax/libs/validate/messages_zh.min.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:33:45 Last Seen2024-05-16 12:25:10 Times Seen281 Hash 2e53acbf6518a85fcad23b41db2c7425 2d5e7474ba6509a478d6600acab1103db5f07c4b 569a2be4832b1ebf6244b6e2b219daf8705782a2c94d23dd932ceef4d69148c3 Loading...

	8.140.36.106/ajax/libs/layer/layer.min.js	22 kB	2024-05-02	2024-05-02
Pretty URL 8.140.36.106/ajax/libs/layer/layer.min.js IP 8.140.36.106 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 14:25:11 Last Seen2024-05-02 14:25:11 Times Seen1 Hash fda79f65e3159d501bf1ad8c8daa7fe6 a3328aedd12e2bc366356982f81e449993bea441 fe2760aa64fd3ec0699449b0cd47f3fe9701b4400919dac1dec5c3420f7740f1 Loading...

HTTP Transactions (22)

URL IP Response Size

ocsp.sectigochina.com/

104.18.38.66

472 B

URL
ocsp.sectigochina.com/
IP
104.18.38.66:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
cb7289ac68c438786c5ec5cdceaad334
aad06dfa2a9af57d3a53151a7cf64d282231f316
00229b7e0bddcfa6b9e3b67e02a4163c07442df81970355f2d22b2ddd0de2d1b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 12:24:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 30 Apr 2024 14:21:16 GMT
Expires: Tue, 07 May 2024 14:21:15 GMT
Etag: "aad06dfa2a9af57d3a53151a7cf64d282231f316"
Cache-Control: max-age=438396,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 87d7fd4afb250b41-OSL

ocsp.sectigochina.com/

104.18.38.66

472 B

URL
ocsp.sectigochina.com/
IP
104.18.38.66:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
cb7289ac68c438786c5ec5cdceaad334
aad06dfa2a9af57d3a53151a7cf64d282231f316
00229b7e0bddcfa6b9e3b67e02a4163c07442df81970355f2d22b2ddd0de2d1b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 12:24:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 30 Apr 2024 14:21:16 GMT
Expires: Tue, 07 May 2024 14:21:15 GMT
Etag: "aad06dfa2a9af57d3a53151a7cf64d282231f316"
Cache-Control: max-age=438396,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 87d7fd4afcd27131-OSL

8.140.36.106/login

8.140.36.106

1.7 kB

URL User Request GET
8.140.36.106/login
IP
8.140.36.106:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.7 kB (1698 bytes)
Hash
d22f04cae957193a215b71e84c847041
e0817b103f9b9c39de475166cec781a61c259849
019909789aa4b512e87423a4bf5953033775e6c367493d7ec9d7d35338808801

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:39 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789; Path=/; HttpOnly; SameSite=lax
Content-Language: zh-CN
Content-Encoding: gzip

8.140.36.106/css/font-awesome.min.css

8.140.36.106

200

7.0 kB

URL GET HTTP/1.1
8.140.36.106/css/font-awesome.min.css
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
ASCII text, with very long lines (30837), with CRLF line terminators
Size
7.0 kB (7039 bytes)
Hash
a0e784c4ca94c271b0338dfb02055be6
88af80502c44cd52ca81ffe7dc7276b7eccb06cf
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/font-awesome.min.css HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/css/login.min.css

8.140.36.106

200

844 B

URL GET HTTP/1.1
8.140.36.106/css/login.min.css
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
ASCII text, with very long lines (2354), with no line terminators
Size
844 B (844 bytes)
Hash
56388c270cb23c2962ce487c57e119ca
3b4ec363e9116d06e35b5b4b22696b9f492860d9
9e39f9d8335ff6384c7bc7cbf0a8f251b799aeb5f7fbfe9acc293203aaadd5f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.min.css HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ruoyi/css/ry-ui.css?v=4.1.0

8.140.36.106

200

5.0 kB

URL GET HTTP/1.1
8.140.36.106/ruoyi/css/ry-ui.css?v=4.1.0
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
5.0 kB (4952 bytes)
Hash
d3892f44099d94b39ff03f905ca38e41
4b2008e61985942d95e12bba3d54e02011401a9e
8fb97ec873b558d0796e17dd5ea904ee6e8cd2f559a36649346b4615f7d255cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ruoyi/css/ry-ui.css?v=4.1.0 HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/css/bootstrap.min.css

8.140.36.106

200

20 kB

URL GET HTTP/1.1
8.140.36.106/css/bootstrap.min.css
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
ASCII text, with very long lines (65367), with CRLF line terminators
Size
20 kB (19755 bytes)
Hash
c66e40716c9c7a9fe3a8818504973dc6
39322ff0227c0ab4d4047d1c65c278a5cb84c646
07cd689f8412ccaf997a2c5fd0f7eb17eb55716081694793a4788fee24c328d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/js/bootstrap.min.js

8.140.36.106

200

9.9 kB

URL GET HTTP/1.1
8.140.36.106/js/bootstrap.min.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, ASCII text, with very long lines (32003), with CRLF line terminators
Size
9.9 kB (9854 bytes)
Hash
d6c8c6d7b996538e355355c443f49b13
238e0f56d67ad64c75a16f4a624a7a92dd221b7c
214c9901e85e6b004c8dc82dfb8af5c399d14a04649f3ca815eee1c65c9b34ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/css/style.css

8.140.36.106

200

23 kB

URL GET HTTP/1.1
8.140.36.106/css/style.css
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
Unicode text, UTF-8 text, with very long lines (483), with CRLF line terminators
Size
23 kB (22583 bytes)
Hash
6bc7a898f0893a8ca5dd8bb9450277d4
5400512c236a23e6bef980367a517765ddace521
2acb6673ccdd72778c144fdf280eb4f438d673484c0d5b18bb54f20b08afa4af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ajax/libs/validate/jquery.validate.min.js

8.140.36.106

200

6.8 kB

URL GET HTTP/1.1
8.140.36.106/ajax/libs/validate/jquery.validate.min.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21388), with CRLF line terminators
Size
6.8 kB (6771 bytes)
Hash
0909b4a0efdadf7a2a679e1f43d7d7cf
be2ec5f330a7b537b6752283c3d99ea5651116bb
f01f5ea5ff71b32da6759fb193943622b2d04e19a8d4017e8528e0bb1f248fde

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/jquery.validate.min.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ajax/libs/validate/messages_zh.min.js

8.140.36.106

200

674 B

URL GET HTTP/1.1
8.140.36.106/ajax/libs/validate/messages_zh.min.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
674 B (674 bytes)
Hash
2e53acbf6518a85fcad23b41db2c7425
2d5e7474ba6509a478d6600acab1103db5f07c4b
569a2be4832b1ebf6244b6e2b219daf8705782a2c94d23dd932ceef4d69148c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/messages_zh.min.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ajax/libs/layer/layer.min.js

8.140.36.106

200

7.7 kB

URL GET HTTP/1.1
8.140.36.106/ajax/libs/layer/layer.min.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (22032), with CRLF line terminators
Size
7.7 kB (7680 bytes)
Hash
cbbe52478f82cf11386a71991b6f9a99
d40f55f3f11a492df98c0595b810a79576086e3f
bc895f2a58371ae0a81e0c6aeb63a3ad06713c83eca7c91be0606db2d23639ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/layer.min.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/js/jquery.min.js

8.140.36.106

200

30 kB

URL GET HTTP/1.1
8.140.36.106/js/jquery.min.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators
Size
30 kB (29758 bytes)
Hash
b0dc11d0a434aafe88908c7f33d71095
1327f754ff87d26bced46568543207e9df190aaa
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ajax/libs/blockUI/jquery.blockUI.js

8.140.36.106

200

6.7 kB

URL GET HTTP/1.1
8.140.36.106/ajax/libs/blockUI/jquery.blockUI.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
6.7 kB (6741 bytes)
Hash
d1b570f6154466b04656d6bf82f83334
ff13abea09fce7cac97c9a8799edcdef7b33b998
fe71ac0177ef82f38e030cca3ad8074377479ec82701d38ac6db1e476ea83c8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/blockUI/jquery.blockUI.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ruoyi/login.js

8.140.36.106

200

1.1 kB

URL GET HTTP/1.1
8.140.36.106/ruoyi/login.js
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1118 bytes)
Hash
ef2ebece48a7863696d3dddc7a9ff2f4
18babace93567dd4c2e90ec092fc8401ce68a788
5bf5793b19cef177161c0e899e1edc19fe5ec887c4bef087cba4c94e447c8edc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ruoyi/login.js HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/ruoyi/js/ry-ui.js?v=4.1.0

8.140.36.106

200

17 kB

URL GET HTTP/1.1
8.140.36.106/ruoyi/js/ry-ui.js?v=4.1.0
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JavaScript source, Unicode text, UTF-8 text
Size
17 kB (16598 bytes)
Hash
8d8264e10601d6e0b924bea1c8a22177
166f61caf6fdc3fe724cb0e9f4e91b30a605d84f
e226c577a41155720a920af7b2e6b326ccffdc5abafe066660dac74225255333

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ruoyi/js/ry-ui.js?v=4.1.0 HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/img/user.png

8.140.36.106

200

1.1 kB

URL GET HTTP/1.1
8.140.36.106/img/user.png
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1106 bytes)
Hash
681dfebf3a20ec9c580d8dc248eb6a6e
46a81ebddfdb1e2e647b711cf896aea3c4557f74
09bbf9c144222134ee6d4f28b25d4b846f8c099d72c4360c7998bfd89715eb45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/user.png HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/css/login.min.css
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: image/png
Content-Length: 1106
Connection: keep-alive
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Accept-Ranges: bytes

8.140.36.106/img/locked.png

8.140.36.106

200

1.1 kB

URL GET HTTP/1.1
8.140.36.106/img/locked.png
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1132 bytes)
Hash
f6f30beb72f584e218bfec975eb1109d
bf2df8c47190b0643683569dbe42e619186135e3
5d49f096f9957f3b969cdf922469092b26550ec5cfe9c78a86515460c4230cd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/locked.png HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/css/login.min.css
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: image/png
Content-Length: 1132
Connection: keep-alive
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Accept-Ranges: bytes

8.140.36.106/ajax/libs/layer/theme/default/layer.css?v=3.1.1

8.140.36.106

200

2.9 kB

URL GET HTTP/1.1
8.140.36.106/ajax/libs/layer/theme/default/layer.css?v=3.1.1
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
ASCII text, with very long lines (15156), with no line terminators
Size
2.9 kB (2904 bytes)
Hash
f0f9dca00a24bd457da5305214b2b4e5
9b08a0281f73c9d17a807def7e878fc27d01459c
811968878fd43543f1155d371a2f243dab5b469ca6c077fc40afeedc8b69c880

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/theme/default/layer.css?v=3.1.1 HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Content-Encoding: gzip

8.140.36.106/captcha/captchaImage?type=math

8.140.36.106

200

3.0 kB

URL GET HTTP/1.1
8.140.36.106/captcha/captchaImage?type=math
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x60, components 3
Size
3.0 kB (3040 bytes)
Hash
dd6155ea25a645f9c0d3fdee2afd7b7b
360d0597e3e49f2fad74a4cef37e9ee377f5ee02
25d251ae915592505ddb9dea4293f264e0e293b07ade2a24ebc8f949a340f0b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha/captchaImage?type=math HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

8.140.36.106/favicon.ico

8.140.36.106

200

17 kB

URL GET HTTP/1.1
8.140.36.106/favicon.ico
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Size
17 kB (16958 bytes)
Hash
e49fd30ea870c7a820464ca56a113e6e
38ccc3603a8bc74ed3f7491222c9d50e73aa421a
148ce319907e947199c93f77c9317c0b166bc17d77d6cf6378f8374e8d2fb1a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/login
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: image/x-icon
Content-Length: 16958
Connection: keep-alive
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Accept-Ranges: bytes

8.140.36.106/img/login-background.jpg

8.140.36.106

200

906 kB

URL GET HTTP/1.1
8.140.36.106/img/login-background.jpg
IP
8.140.36.106:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://8.140.36.106/login

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, components 3
Size
906 kB (906096 bytes)
Hash
d33c47f1a673ccd3ab6d3bc1f151310d
e7d7390595a66c743eec44f3f6c5876b8972a50e
3166f93e430b8fc422823699bbb1da115a125fb0bd4c9ecdde639b37abebb690

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/login-background.jpg HTTP/1.1
Host: 8.140.36.106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://8.140.36.106/css/login.min.css
Cookie: JSESSIONID=83bee906-0c6c-4bae-8016-7b4b6e1de789
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 02 May 2024 12:24:41 GMT
Content-Type: image/jpeg
Content-Length: 906096
Connection: keep-alive
Last-Modified: Thu, 14 Mar 2024 08:44:12 GMT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML