Report - 222.85.156.110:8881/login

Report Overview

Submitted URL
222.85.156.110:8881/login
IP
222.85.156.110
ASN
#4134 Chinanet
Submitted
2024-04-30 12:16:48
Access
public
Website Title
贵阳住建消防建设工程综合管理云平台登录
Final URL
222.85.156.110:8881/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
222.85.156.110:8881	unknown	unknown	No data	No data	5.5 kB	316 kB	222.85.156.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed
2024-04-30	medium	222.85.156.110	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	222.85.156.110:8881/plugins/tips/jquery.tips.js	4.6 kB	2023-08-06	2024-04-30
Pretty URL 222.85.156.110:8881/plugins/tips/jquery.tips.js IP 222.85.156.110 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-06 11:03:39 Last Seen2024-04-30 14:16:54 Times Seen20 Hash 92e797d5ac56072eb488b23b60c75693 9ce4c3ae1b4664af53f27de9d0d0340752647b31 cfcf5e197780bb652db6f524c679cd0975992e66bebb4e2f7a11a1ef864a07a0 Loading...

	222.85.156.110:8881/js/login.js	4.1 kB	2024-01-10	2024-04-30
Pretty URL 222.85.156.110:8881/js/login.js IP 222.85.156.110 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-10 11:33:26 Last Seen2024-04-30 14:16:54 Times Seen6 Hash 05a80ad788a72487aa0ab8b85a575f91 ed527ac1c080512318cfe2832a609614c09c8d23 127fb6f736e2b641b88cda4678f41a507e848591bfcb8ac679d9b6aaf5f741ff Loading...

	222.85.156.110:8881/js/jquery-1.7.2.js	262 kB	2024-01-10	2024-04-30
Pretty URL 222.85.156.110:8881/js/jquery-1.7.2.js IP 222.85.156.110 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-10 11:33:26 Last Seen2024-04-30 14:16:54 Times Seen6 Hash 8a11b53e0e215eb262e6a9b5d23e29e0 759167135cf863e84cc8d62934e8d6865a91b943 452429d3ee81023bdf964994ce4ad3d4b7ece4205cbc04ad4fce75be4de72af4 Loading...

	222.85.156.110:8881/js/commons.js	33 kB	2024-01-10	2024-04-30
Pretty URL 222.85.156.110:8881/js/commons.js IP 222.85.156.110 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-10 11:33:26 Last Seen2024-04-30 14:16:54 Times Seen3 Hash f6d46178f690f58c4da73c413e083249 8c4b9cfac5a86bdd4ef63b678a48c1753994390b eac45a22f65f9cace9b1b836a22b6a7b8a490cc1f045c44ed991e724a8e8dd38 Loading...

HTTP Transactions (15)

URL IP Response Size

222.85.156.110:8881/login

222.85.156.110

1.8 kB

URL
222.85.156.110:8881/login
IP
222.85.156.110:0
ASN
#4134 Chinanet

File type
HTML document, Unicode text, UTF-8 text
Size
1.8 kB (1815 bytes)
Hash
9e5629698250d9fd0b87a7cf3fb1750c
68f22f0d90aa7052e94d7702621fd4adcb5b437e
a8a7101195d164a37f112521b076d85b5f369bdf1772861f8dc53e2bf5d8db92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Content-Language: en-US
Content-Encoding: gzip

222.85.156.110:8881/assets/css/font-awesome.min.css

222.85.156.110

200

4.4 kB

URL GET HTTP/1.1
222.85.156.110:8881/assets/css/font-awesome.min.css
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
ASCII text, with very long lines (668), with CRLF line terminators
Size
4.4 kB (4411 bytes)
Hash
509f2380e987550ba42172dae37dd91a
0185c8f33868998e0b42eacadc0c8e3cdd06a050
83b1cdc6c096c687715fd87ca06458bf79580460cbb3a99827565ea2f8904484

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/font-awesome.min.css HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/assets/css/bootstrap.min.css

222.85.156.110

200

16 kB

URL GET HTTP/1.1
222.85.156.110:8881/assets/css/bootstrap.min.css
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
ASCII text, with very long lines (65308), with CRLF line terminators
Size
16 kB (16027 bytes)
Hash
25e8a26a11901c2618587ef5a2e03754
107bedb791f636280fe56f3ffeabd3c82b64c2a7
279aafba2e6b69b4b1ef603ba4025e1665dd8ee4c2ce91e3485830f1e47d9a54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/js/commons.js

222.85.156.110

200

6.6 kB

URL GET HTTP/1.1
222.85.156.110:8881/js/commons.js
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
6.6 kB (6605 bytes)
Hash
6d70a4e49e0b591fc5cac69009a15ebd
ceb508abdc7fd88785f0633b088810cadb241a0f
321c0401e68d81d4c9217194987eedde05d0afb880a8092f2a9a61413c15fb84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/commons.js HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/plugins/tips/jquery.tips.js

222.85.156.110

200

1.5 kB

URL GET HTTP/1.1
222.85.156.110:8881/plugins/tips/jquery.tips.js
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.5 kB (1519 bytes)
Hash
92e797d5ac56072eb488b23b60c75693
9ce4c3ae1b4664af53f27de9d0d0340752647b31
cfcf5e197780bb652db6f524c679cd0975992e66bebb4e2f7a11a1ef864a07a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /plugins/tips/jquery.tips.js HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/js/login.js

222.85.156.110

200

1.2 kB

URL GET HTTP/1.1
222.85.156.110:8881/js/login.js
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.2 kB (1235 bytes)
Hash
05a80ad788a72487aa0ab8b85a575f91
ed527ac1c080512318cfe2832a609614c09c8d23
127fb6f736e2b641b88cda4678f41a507e848591bfcb8ac679d9b6aaf5f741ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/login.js HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/assets/css/ace-rtl.min.css

222.85.156.110

200

6.5 kB

URL GET HTTP/1.1
222.85.156.110:8881/assets/css/ace-rtl.min.css
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
ASCII text, with very long lines (36873), with no line terminators
Size
6.5 kB (6528 bytes)
Hash
78df1b15700117ef2c3e425485de8be3
eb97e990f560848d9029c1b85822af816228988d
be72a2621f281f07d32abb393aa9d6e606f3f31ec54c9cb4aaeb74d2e6970185

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/ace-rtl.min.css HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/assets/css/ace.min.css

222.85.156.110

200

44 kB

URL GET HTTP/1.1
222.85.156.110:8881/assets/css/ace.min.css
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (43742 bytes)
Hash
c1082546d6e6c8423006d85619b7c44a
59ef933f7c105d5b220a75f475fcd9814606dcec
2fc5fe537c1e0072dc7d9f2c65247069dfd79678c8c6ebc0247a1855c52043b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/ace.min.css HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/js/jquery-1.7.2.js

222.85.156.110

200

75 kB

URL GET HTTP/1.1
222.85.156.110:8881/js/jquery-1.7.2.js
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
75 kB (74603 bytes)
Hash
8a11b53e0e215eb262e6a9b5d23e29e0
759167135cf863e84cc8d62934e8d6865a91b943
452429d3ee81023bdf964994ce4ad3d4b7ece4205cbc04ad4fce75be4de72af4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-1.7.2.js HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Content-Encoding: gzip

222.85.156.110:8881/css/login_.css

222.85.156.110

200

290 B

URL GET HTTP/1.1
222.85.156.110:8881/css/login_.css
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
ASCII text, with CRLF line terminators
Size
290 B (290 bytes)
Hash
6bb103714ab4531dcce709d53da565f2
cf55ef5bfc286f1d6222ab79b406c046b07effa9
385508c147ecd3ccaeb834b5cc98e310601aa99aeebe99cfcc66d14f6882fc76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login_.css HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:22 GMT
Content-Type: text/css
Content-Length: 290
Connection: keep-alive
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Accept-Ranges: bytes

222.85.156.110:8881/img/yan.png

222.85.156.110

200

405 B

URL GET HTTP/1.1
222.85.156.110:8881/img/yan.png
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
PNG image data, 27 x 23, 8-bit colormap, non-interlaced
Size
405 B (405 bytes)
Hash
be9f09f2e0a54b9db88cf370c3634624
998d47ad4f461ec91bac30b3a895436d76b36fcd
88976f231b8e6067df6b8703e5dbed90ff09dfba4099fbfdaa742593e3f2d548

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/yan.png HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:22 GMT
Content-Type: image/png
Content-Length: 405
Connection: keep-alive
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Accept-Ranges: bytes

222.85.156.110:8881/code?t=1714479384683

222.85.156.110

200

1.2 kB

URL GET HTTP/1.1
222.85.156.110:8881/code?t=1714479384683
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 70x25, components 3
Size
1.2 kB (1203 bytes)
Hash
3b441945ff8bb1e81608c41d52792f92
493ee721e8c687cfd78338f889b2e6111e0d3719
cc74a8f25b6044d5b4ad7bfe243333b26adf5bcf761d46e84a5fb4e826033ad5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /code?t=1714479384683 HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:22 GMT
Content-Length: 1203
Connection: keep-alive
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Set-Cookie: JSESSIONID=986712d4-f50e-429a-a46f-e389def0d99f; Path=/; HttpOnly; SameSite=lax

222.85.156.110:8881/img/login_bg.jpg

222.85.156.110

200

109 kB

URL GET HTTP/1.1
222.85.156.110:8881/img/login_bg.jpg
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1080, components 3
Size
109 kB (108588 bytes)
Hash
b532ef4c93b85551bd4e54729e677124
8ec410344c42487e8ca322b243bc6bdb393d5a2b
0573297d0032560093a3d565232f798a12c068bc64ab3f50c4f09984512721e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/login_bg.jpg HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/css/login_.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:22 GMT
Content-Type: image/jpeg
Content-Length: 108588
Connection: keep-alive
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Accept-Ranges: bytes

222.85.156.110:8881/favicon.ico

222.85.156.110

200

946 B

URL GET HTTP/1.1
222.85.156.110:8881/favicon.ico
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
MS Windows icon resource - 1 icon, 16x13, 32 bits/pixel
Size
946 B (946 bytes)
Hash
0488faca4c19046b94d07c3ee83cf9d6
02fb8c5e4c3d113f310651a4d021aecc68f79d54
a3fe67e3549fdbc5819762b43c7efd93b1caea734f87a33c909a4e4b2ba4e32b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/login
Cookie: JSESSIONID=986712d4-f50e-429a-a46f-e389def0d99f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:23 GMT
Content-Type: image/x-icon
Content-Length: 946
Connection: keep-alive
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Accept-Ranges: bytes

222.85.156.110:8881/assets/font/fontawesome-webfont.woff?v=3.2.1

222.85.156.110

200

44 kB

URL GET HTTP/1.1
222.85.156.110:8881/assets/font/fontawesome-webfont.woff?v=3.2.1
IP
222.85.156.110:8881
ASN
#4134 Chinanet

Requested by
http://222.85.156.110:8881/login

File type
Web Open Font Format, TrueType, length 43572, version 1.0
Size
44 kB (43572 bytes)
Hash
b683029bafe0305ac2234038a03e1541
12f8c193902e99348493ace32e498031bf79b654
18e6b5ff511b90edf098e62ac45ed9d6673a3eee10165d0de4164d4d02a3a77f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/font/fontawesome-webfont.woff?v=3.2.1 HTTP/1.1
Host: 222.85.156.110:8881
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://222.85.156.110:8881/assets/css/font-awesome.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.16.1
Date: Tue, 30 Apr 2024 12:16:23 GMT
Content-Type: application/font-woff
Content-Length: 43572
Connection: keep-alive
X-Application-Context: com.guiyang.fire.control.admin:prod:9000
Last-Modified: Sat, 23 Mar 2024 14:00:33 GMT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections