{"report_id":"2dfc1ca6-a490-42d0-983c-337f13d080a8","version":6,"status":"done","tags":[],"date":"2024-04-25T12:01:45Z","url":{"schema":"http","addr":"111.70.31.106/","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":""},"ip":{"addr":"111.70.31.106","port":0,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"final":{"url":{"schema":"http","addr":"111.70.31.106/#/home","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"title":"IPCAM Network Camera"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T19:30:38Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"111.70.31.106","ip":{"addr":"111.70.31.106","port":0,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2024-02-11 17:40:12","last_seen":"2024-02-11 17:40:12","alert_count":15,"request_count":15,"received_data":4241531,"sent_data":5483,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"111.70.31.106/js/elementUI.cba91223.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ba1d0b2bf5e82d0ff796605760a86bf","sha1":"d929cf8acbef05e715349148612fae1e1acf4778","sha256":"35364202561ae22d27b7945fab79d5cd14e88e62bcac06a8945b8dc4a914d00c","sha512":"d1f9268a8fe90ceddf14ed218000f843ef664115dd76cf20755131071f15b070d019c954870e025fe4929966369e26a16eedf7f33d85279f94167dc8a1814786","ssdeep":"6144:ksUUqZjuLac6FVSUe2cFxErT8azw+UEi6qXov/yg/W:kHU6cac/pfzazw+UEi67v/yg/W","tlshash":"89d4f88e72c5f46207b3a0b5102f200bb3372a6964498098b7b9d8d9ad7d90d527ff7d","size":607896,"data":"","first_seen":"2024-08-20T02:50:31.246047Z","last_seen":"2025-12-20T06:07:19.32083Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/app.1bd196e7.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf2afa66f69b0bca0ae397f7c4ee599c","sha1":"04d3e4d9a44244821de4a3cb4be6850aa5b87020","sha256":"b357b712b13dfccff86fca18812b696bbb70baa6babcc0c1bb9f6c5df28bde63","sha512":"6686cb58d4fecd691d6be3c44733f393519b955712ad67cf28215c8eb3220e0cf27a20a17174bcaf0d0f54c7ae9a57d8e4e2d356e0af47f7817492b4ae83cba1","ssdeep":"49152:fKiJvG7FFcPIEUuDKXmnxnvH6GQZrZCKtuhXUa//a2iCrMU9lyF0PmzPaGK0kB+L:0UIInPNYtaddtIt","tlshash":"9fe57c5d32497836435362e6501f350b7379089ae84ac4a4f4edd9ed28fd58aa32bf3c","size":3295638,"data":"","first_seen":"2024-08-20T02:50:31.240251Z","last_seen":"2024-10-18T20:36:24.907909Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/chunk-0138a8ee.60c2606c.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8884d022a116ba9016a5a685d4faa22","sha1":"36d3c44764b2ae2b53ed6c439bf910dd2696ebb3","sha256":"6ca7001c2dd6802e88609b1c16dd6f7716fe394e2feb32475fca0a850790fdf8","sha512":"8e9e3804423adee661b36badfcade375f2cc35083dd4da62af6960f4f50f3a356b4c8c9612ef904a50f9ae0bda565ca21d050673ed66dbec6ddd15c8d8f9f12e","ssdeep":"384:IYVo1Dq5UyOQSMQKiEFgKViy5q+GA2ZnNZWUX:Lo1D8Uy5SMxjqef8AuGUX","tlshash":"46b2fb1e71cbf56d0eba71b1102b3141a2760c58680ddeaafa74d8d69d8cd481227bff","size":24564,"data":"","first_seen":"2024-08-20T02:50:31.240939Z","last_seen":"2024-10-18T20:36:24.913729Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":0,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":true,"md5":"c1e58720c8caee02c1e1851ba418eed9","sha1":"6196d00b3a856924c493c495aa63f46fb6898cfe","sha256":"2c55fc3043599ac846d9e58720eb9d4afe381b99923e0422147a5d7c95a01605","sha512":"11bac6d40fd8f9b8e4ad3ff1b0fd95391f5fbdeae1f2eaab1a6a4cc9ea28bde4940ac33fbd37159382f46db8e910f20fcf4ce884630e31d00afd7b2cf3fd3643","ssdeep":"","tlshash":"2c61874fa42918b322a3eb691bff43e135223641b411c68a3fbed3a397155c4c2439ed","size":3351,"data":"","first_seen":"2023-06-12T00:18:52Z","last_seen":"2025-01-19T10:49:27.169432Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/runtime.8b25d951.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"introduction_type":"scriptElement","is_inline":false,"md5":"7fa63060a41e0d6eef00cf4b6083a6e5","sha1":"c81d4ba368dc5e973caec33985926f6f34ef9c41","sha256":"23650c94c3f0e071a05efc16ad7a5b61e903173b1c1c35edec966ee5abc91fae","sha512":"06c369f58e7f79699bdd11e3e56a2958f820c50be1030a8970d2c21054b77ba455d2a06a64f24944ab42c04348da3eadc3fd62bd43fa6f75c555346ec4384233","ssdeep":"192:MMu/uxkmtY6rvS3pNgVIONoKjaEVNeaj8ZRXbmmDK9L:Vu2xkmxm3puVHNoK3VNeaj8ZRXbmmiL","tlshash":"ae328472d388f8789f956c1b1626fb6350db2a733c306675434de6b1a3a0af5138bd06","size":11456,"data":"","first_seen":"2024-08-20T02:50:31.236804Z","last_seen":"2024-10-18T20:36:24.889097Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"111.70.31.106/","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":0,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-04-25T12:01:16.848Z","timestamp":1714046476848,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nPragma: no-cache\r\nCache-Control: no-store\r\nConnection: close\r\nContent-Type: text/html\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\nContent-Length: 4658\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":4658,"size_decoded":4658,"mime_type":"","magic":"HTML document, ASCII text, with very long lines (1071)","md5":"e71cc2fa7fdd24b36d4c1cb0019fc709","sha1":"feb6fb87278d741e89f9776e76e8139271592fd2","sha256":"afe78161ff7d9592781d57a499f891711fa620b74a663e59cb92517fe110c44c","sha512":"b9d1b814f5478299f643df582d1a72e2278ccc5febff2efec85e748af03e1aaddfe21cdc3a533ec3380e1af1aca934fa2160bef5e0dc4e5b625ab98e761fc805","ssdeep":"48:v41AH1E1O3ryhQPEYETw3UwW1E1uHD3a4zxaLx9YF9dvTMWxf7bA8t:v4SH1E1yyBjMET1E1aqN9q/AWl7Rt","tlshash":"b6a1348e6d6e506753b3f33a62bf5295311548176900cc423afed7790f20ae08483dde","first_seen":"2024-08-20T02:50:31.235332Z","last_seen":"2024-10-18T20:36:24.881506Z","times_seen":2,"resource_available":false,"data":null}},"time_used":551,"timings":{"blocked":551,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/fonts/iconfont.css","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.424Z","timestamp":1714046478424,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /fonts/iconfont.css HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:18 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Length: 9829\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: text/css\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9829,"size_decoded":9829,"mime_type":"text/css","magic":"ASCII text","md5":"8beaab9bfce2a27b45e8cfd169d03708","sha1":"f2ee8d232db2aadb62ce305727a7dbdef39e3d8d","sha256":"5012b5a4442137c2d8bcad7292de1063ca45580873a66da235b22ac000e63973","sha512":"e0b98cadc69e61c8dea90ea8feb1398a0df9d615222f6f764fbabc66129d9c092ca4eae2619c34295fc9dc6c5564127275c24c1b36c0f603544488fca10d14cf","ssdeep":"96:WyIYer4HlIfdrK2HZxdWW0EXtOsNrjimwkBWvr7geWPvSBEMmhLLyECW:WEydrKywW0+LlWvr7geWPvSBtmhnyECW","tlshash":"6c1299e499bd09805701e1d163426a60ef1da3688d8f6d1ae6b3b89cb7e3251d1c37ec","first_seen":"2024-08-20T02:50:31.236152Z","last_seen":"2025-12-20T06:07:19.309513Z","times_seen":12,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/runtime.8b25d951.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.678Z","timestamp":1714046478678,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/runtime.8b25d951.js HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:18 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Length: 11456\r\nLast-Modified: Sat, 06 May 2023 14:06:26 GMT\r\nContent-Type: application/x-javascript\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11456,"size_decoded":11456,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (11456), with no line terminators","md5":"7fa63060a41e0d6eef00cf4b6083a6e5","sha1":"c81d4ba368dc5e973caec33985926f6f34ef9c41","sha256":"23650c94c3f0e071a05efc16ad7a5b61e903173b1c1c35edec966ee5abc91fae","sha512":"06c369f58e7f79699bdd11e3e56a2958f820c50be1030a8970d2c21054b77ba455d2a06a64f24944ab42c04348da3eadc3fd62bd43fa6f75c555346ec4384233","ssdeep":"192:MMu/uxkmtY6rvS3pNgVIONoKjaEVNeaj8ZRXbmmDK9L:Vu2xkmxm3puVHNoK3VNeaj8ZRXbmmiL","tlshash":"ae328472d388f8789f956c1b1626fb6350db2a733c306675434de6b1a3a0af5138bd06","first_seen":"2024-08-20T02:50:31.236804Z","last_seen":"2024-10-18T20:36:24.889097Z","times_seen":2,"resource_available":true,"data":null}},"time_used":372,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":313,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/css/custom.css","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.425Z","timestamp":1714046478425,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/custom.css HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:18 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=999\r\nContent-Length: 0\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: text/css\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T10:49:22.366716Z","times_seen":13328728,"resource_available":true,"data":null}},"time_used":635,"timings":{"blocked":314,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/css/app.0bd8558b.css","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.676Z","timestamp":1714046478676,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/app.0bd8558b.css HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:19 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Length: 14162\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: text/css\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14162,"size_decoded":14162,"mime_type":"text/css","magic":"ASCII text, with very long lines (14162), with no line terminators","md5":"d120b0b49860657d8865920c31f99784","sha1":"8e8ee5d1ae63e94be69cdb76e36961c3cc3b5327","sha256":"e358f36515e723f51caca2002018bc97b38358bea18a80480e22ae784f42c19b","sha512":"24a7bf31db2a679dee4020649b730a2d2163ac63bca6dcc2f646e2e176838f37f27224ba04d48adb2cec47b9dc550b60cde60aa4ad7d1226ab4b1863d207b215","ssdeep":"384:gErDPDgRDgPDg4DCD1DkDgDyDqDTDbDV9ADbJRsPcf3K8dkhc9I9/pbZ:HJIcf6KkG9IJ7","tlshash":"40529322f35f2a1fa027d2aeb891ad9d3a245357c1031672ec1d3626cedb895333275d","first_seen":"2024-08-20T02:50:31.238094Z","last_seen":"2024-10-18T20:36:24.891684Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1215,"timings":{"blocked":300,"dns":1,"connect":303,"send":0,"wait":312,"receive":299,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/css/elementUI.53cdeac4.css","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.674Z","timestamp":1714046478674,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/elementUI.53cdeac4.css HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:19 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Length: 174439\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: text/css\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":174439,"size_decoded":174439,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"efc11a0520b850dbca17f42c3fbeeb93","sha1":"d694ea0efc8ba9004fb8813f2200fb104bee7c4b","sha256":"9b9c23ae7fc4696e73294ef301cf6aa6bec0b3da90cfb93bad654893a36860d7","sha512":"c605f33638d9dabff89bed828ab2b5f166af7ea7df4a4fb521f7f344b682e47a7ddb6d11cefbd3296f3528aef2cc51c16681f1a4705f179d3fa2f47f5776cf63","ssdeep":"1536:528Y7SrW3YeWXA1u9w4HCe/l4AP8Iccu/PshjEIajr8rCq/MDi/H78O6iZkJIgYV:SGOJsCq/MWNkG","tlshash":"0b049510db172067622bdaad74c0f9896f28c363d9735b2bfd95341ccae64891227e1f","first_seen":"2024-08-20T02:50:31.238964Z","last_seen":"2025-12-20T06:07:19.292561Z","times_seen":12,"resource_available":false,"data":null}},"time_used":1868,"timings":{"blocked":294,"dns":0,"connect":298,"send":0,"wait":313,"receive":963,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/elementUI.cba91223.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.680Z","timestamp":1714046478680,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/elementUI.cba91223.js HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:19 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Length: 607901\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: application/x-javascript\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":607901,"size_decoded":607901,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64876), with no line terminators","md5":"60c7d3f883651fbfd55d52eb668fd114","sha1":"1652bd4efcdcf53e58db4dd800aa60f1669e9e10","sha256":"cf1e7d0b126c625fb81b5cf80d6c6fbfac0a3762154ddb3afd6059c51558cd38","sha512":"1624a16fe01b58903cb6a3219e488a609d888c88d3c98158cac5d06d36ad391568b137b781807d16da4f13a43f71acb0ec2fefdac21a6975ee0de4b7e3ddacb7","ssdeep":"6144:IsUUqZjuLac6FVSUe2cFxErT8azw+UEi6qXov/yg/W:IHU6cac/pfzazw+UEi67v/yg/W","tlshash":"66d4f88e72c5f46207b3a0b5102f200bb3372a6964498098b7b9d8d9ad7d90d527ff7d","first_seen":"2024-08-20T02:50:31.239661Z","last_seen":"2025-01-04T22:45:23.152896Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2649,"timings":{"blocked":296,"dns":0,"connect":303,"send":0,"wait":314,"receive":1735,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/app.1bd196e7.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:18.681Z","timestamp":1714046478681,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/app.1bd196e7.js HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:19 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Length: 3295638\r\nLast-Modified: Sat, 06 May 2023 14:06:26 GMT\r\nContent-Type: application/x-javascript\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3295638,"size_decoded":3295638,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65531), with no line terminators","md5":"cf2afa66f69b0bca0ae397f7c4ee599c","sha1":"04d3e4d9a44244821de4a3cb4be6850aa5b87020","sha256":"b357b712b13dfccff86fca18812b696bbb70baa6babcc0c1bb9f6c5df28bde63","sha512":"6686cb58d4fecd691d6be3c44733f393519b955712ad67cf28215c8eb3220e0cf27a20a17174bcaf0d0f54c7ae9a57d8e4e2d356e0af47f7817492b4ae83cba1","ssdeep":"49152:fKiJvG7FFcPIEUuDKXmnxnvH6GQZrZCKtuhXUa//a2iCrMU9lyF0PmzPaGK0kB+L:0UIInPNYtaddtIt","tlshash":"9fe57c5d32497836435362e6501f350b7379089ae84ac4a4f4edd9ed28fd58aa32bf3c","first_seen":"2024-08-20T02:50:31.240251Z","last_seen":"2024-10-18T20:36:24.907909Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3378,"timings":{"blocked":298,"dns":0,"connect":0,"send":0,"wait":323,"receive":2757,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/js/chunk-0138a8ee.60c2606c.js","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:22.529Z","timestamp":1714046482529,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/chunk-0138a8ee.60c2606c.js HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:22 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=999\r\nContent-Length: 24564\r\nLast-Modified: Sat, 06 May 2023 12:56:36 GMT\r\nContent-Type: application/x-javascript\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24564,"size_decoded":24564,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (24546), with no line terminators","md5":"d8884d022a116ba9016a5a685d4faa22","sha1":"36d3c44764b2ae2b53ed6c439bf910dd2696ebb3","sha256":"6ca7001c2dd6802e88609b1c16dd6f7716fe394e2feb32475fca0a850790fdf8","sha512":"8e9e3804423adee661b36badfcade375f2cc35083dd4da62af6960f4f50f3a356b4c8c9612ef904a50f9ae0bda565ca21d050673ed66dbec6ddd15c8d8f9f12e","ssdeep":"384:IYVo1Dq5UyOQSMQKiEFgKViy5q+GA2ZnNZWUX:Lo1D8Uy5SMxjqef8AuGUX","tlshash":"46b2fb1e71cbf56d0eba71b1102b3141a2760c58680ddeaafa74d8d69d8cd481227bff","first_seen":"2024-08-20T02:50:31.240939Z","last_seen":"2024-10-18T20:36:24.913729Z","times_seen":2,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":309,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/css/chunk-0138a8ee.e1610b39.css","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:22.527Z","timestamp":1714046482527,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/chunk-0138a8ee.e1610b39.css HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:22 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=999\r\nContent-Length: 5252\r\nLast-Modified: Wed, 26 Apr 2023 08:41:22 GMT\r\nContent-Type: text/css\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5252,"size_decoded":5252,"mime_type":"text/css","magic":"ASCII text, with very long lines (5252), with no line terminators","md5":"78829006b718d9fced218563108b5cea","sha1":"3287df10875fa115396e6f50d9b9ddc60219f02f","sha256":"9d0f5540a1dd9dae193dcf2b911134ff97218346da8cf305acbd22a8e624adb3","sha512":"d3f8e582128d5b74053ec3a4078fcdaa2117a51668ea50e087aacc08f1654001303dcbd8de5b3ad869c2339f9272b8f6dfae88f3d53816a23398ce1018b6324d","ssdeep":"96:xNXSbqE8iX2ccjV3F4vhteJIZoLXwrKictC6vD4rWqANP:zSwiXuF4vTer0rKictnvD5qaP","tlshash":"7ab1be2233ac1f1769f7e39d24f46188781ea753c302df5e58766c288ee3390272567a","first_seen":"2024-08-20T02:50:31.24154Z","last_seen":"2024-10-18T20:36:24.910981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/shortcut.ico","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:22.750Z","timestamp":1714046482750,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /shortcut.ico HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:22 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=998\r\nContent-Length: 15086\r\nLast-Modified: Tue, 18 Apr 2023 08:17:14 GMT\r\nContent-Type: text/plain\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15086,"size_decoded":15086,"mime_type":"text/plain","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"494153b444f9c2b5b62e1d13703857b5","sha1":"d5eda54e7c17b9df9fbd7dc0f1e0c33e44711c09","sha256":"c5c62dce59eb3e5292e40b480643988447717f0760701ecd68c381ec573b9507","sha512":"b22d66fb9b0cb5b04bcd9642bcad4073961c5651998741a8a9e9879673a6015b31f82e8617fb2decc60ba45342a1ed1983f50e09d512fea137a0ea6555d18c94","ssdeep":"384:jVDpXrKbpkMIr7Acecbdxr3uTM95FfoWtrMGa:Z9X+Bceydl3uENoONa","tlshash":"7962192d1b29c19cebbd2db81abfa2f8520d47c5795c9772e85005cc1fb8f1dad058a1","first_seen":"2023-11-23T21:47:05Z","last_seen":"2024-10-18T20:36:24.901002Z","times_seen":3,"resource_available":false,"data":null}},"time_used":428,"timings":{"blocked":101,"dns":0,"connect":0,"send":0,"wait":326,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/activationData?JSON\u0026company\u0026oemtitle\u0026softversion\u0026JSON\u0026softversion\u0026JSON\u0026oemdeflang\u0026softversion\u0026company\u0026oemtitle\u0026JSON\u0026productmodel\u0026user.0-21\u0026authority.0-21\u0026privilege.0-21\u0026JSON\u0026enableanony\u0026oemlang\u0026user.0-19\u0026isnewuser.0-19\u0026macplugin\u0026activestatus\u0026pwdstrengthtype","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:22.881Z","timestamp":1714046482881,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /activationData?JSON\u0026company\u0026oemtitle\u0026softversion\u0026JSON\u0026softversion\u0026JSON\u0026oemdeflang\u0026softversion\u0026company\u0026oemtitle\u0026JSON\u0026productmodel\u0026user.0-21\u0026authority.0-21\u0026privilege.0-21\u0026JSON\u0026enableanony\u0026oemlang\u0026user.0-19\u0026isnewuser.0-19\u0026macplugin\u0026activestatus\u0026pwdstrengthtype HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nx-from: Web\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nPragma: no-cache\r\nCache-Control: no-store\r\nConnection: close\r\nContent-Type: text/plain\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\nContent-Length: 2120\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2120,"size_decoded":2120,"mime_type":"text/plain","magic":"JSON text data","md5":"3a7a941a94fcef24b299be097d43687a","sha1":"5ad1ffd6a13aac4476142290a2a2934cb8b09d48","sha256":"8c46786f5aff2f170a0d9e848c4da2ec77b358d0bf9d757c7e8e85fcc73ad94f","sha512":"0e4fca0b729e06d6835fffda35ff306a9ec964b7f7671f625c46ebeafee01f5a70d9f110f865b90f02ee11bbf1dd294c4c59af45933001b961eccb1414f10f4e","ssdeep":"","tlshash":"5441a106102ba145fe4799a8cbcdd493a2cc0b7dc0edd888cdf4dca7444aa9bd34a357","first_seen":"2024-08-20T02:50:31.243017Z","last_seen":"2024-10-18T20:36:24.916864Z","times_seen":2,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":327,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/image/map.png","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:22.876Z","timestamp":1714046482876,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/map.png HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/css/chunk-0138a8ee.e1610b39.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:23 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=998\r\nContent-Length: 33646\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: image/png\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33646,"size_decoded":33646,"mime_type":"image/png","magic":"PNG image data, 1920 x 980, 8-bit colormap, non-interlaced","md5":"3e1340263d6fe58391ac92ec576c3d44","sha1":"84363c8f4f84fc94e825a78519988c555f867b49","sha256":"391ffaec84bc9079e080822a1d0ca4110ba67a6ed72f81ac23ee311663c35ae7","sha512":"88261474a7e9c46b7a05564e4e0702b6ca674497bc5b509d0a1748ed722b78fdea2b31a4a14b8b83540cb8c4e79af63e86847d071d1ea8f0848ecfbed16dbf55","ssdeep":"","tlshash":"","first_seen":"2023-06-12T00:18:52Z","last_seen":"2025-12-31T01:23:30.969982Z","times_seen":19,"resource_available":false,"data":null}},"time_used":649,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":318,"receive":331,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/image/logo.png","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:23.239Z","timestamp":1714046483239,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/logo.png HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:23 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=997\r\nContent-Length: 4913\r\nLast-Modified: Tue, 18 Apr 2023 08:17:14 GMT\r\nContent-Type: image/png\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4913,"size_decoded":4913,"mime_type":"image/png","magic":"PNG image data, 170 x 59, 8-bit/color RGBA, non-interlaced","md5":"32234d54e715ee53bc34d2c55f1d747c","sha1":"cd63ecec0067c2dcdad91668bdb3f174e3a5e8c1","sha256":"5133302dc4ebd7589d79757ce3a471b8f767f074d356f8f99b49ea180d0477ae","sha512":"ebb0fe370728a894f1331e270410df839ffa67b17f3e3cad4534046bb0e826b44ef45dd1c7e7399687801058794499c8540e846cbb7f5fb466047d918eb80519","ssdeep":"96:ESMllcHitlIxv9vk7C1+I4wWHLihk/xft+sqg1jjcewiwG0DNB+2xViuuaqXAfLG:ESHIIHUCD4wa14y1/cewFrB+K8aq0G","tlshash":"d8a17e889c744c53108f846e35ea8b498763a54832a83c6ae6de031fc722d913d34aa7","first_seen":"2024-08-20T02:50:31.244283Z","last_seen":"2025-09-13T22:01:56.899025Z","times_seen":3,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"111.70.31.106/fonts/iconfont.woff?t=1b7f75a3783973c05769cd01b1adac9d","fqdn":"111.70.31.106","domain":"111.70.31.106","tld":"106"},"ip":{"addr":"111.70.31.106","port":80,"asn":17421,"as":"Mobile Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://111.70.31.106/","date":"2024-04-25T12:01:23.257Z","timestamp":1714046483257,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /fonts/iconfont.woff?t=1b7f75a3783973c05769cd01b1adac9d HTTP/1.1\r\nHost: 111.70.31.106\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://111.70.31.106/fonts/iconfont.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Apr 2024 12:01:23 GMT\r\nServer: WebServer\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=999\r\nContent-Length: 33292\r\nLast-Modified: Tue, 25 Apr 2023 02:27:38 GMT\r\nContent-Type: text/plain\r\nP3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33292,"size_decoded":33292,"mime_type":"text/plain","magic":"Web Open Font Format, TrueType, length 33292, version 1.0","md5":"05865920c3dfb046e96e95d52194b5a5","sha1":"cfc92aea575f1e0ba91dd03173a9860bf5dda585","sha256":"056125d2496955b7c06a9b1e1f4e84b502d9d273b9afa3434b3793d5b09af4c1","sha512":"3e2b35e40e777a21d89f954a23e9f93fd9bc15af9a2c3ee98ee1c311b1fc72857e2a6169f09e074e1bb59747fe2941e9bc5a1424ec185ad24969803b860c6481","ssdeep":"768:QwfQuPOvhvwYgsmOfQr3pAECQGktwRmIuA2tFeJEVGm7:QJuadwYg+ILpAECQ7amIjWZT","tlshash":"12e2f15f6fca710ecd3b03394e87d0769a706f1a5a0aeaa0fec1dc10a71615215479df","first_seen":"2024-08-20T02:50:31.245224Z","last_seen":"2025-01-04T22:45:23.159436Z","times_seen":5,"resource_available":false,"data":null}},"time_used":631,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":317,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-04-25","alert":"Sinkholed","trigger":"111.70.31.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}