Report - 1.117.7.214/

Report Overview

Submitted URL

1.117.7.214/
IP

1.117.7.214

ASN

#45090 Shenzhen Tencent Computer Systems Company Limited
Submitted

2023-11-20T21:18:33Z

Access

public
Website Title

盛博网络办公系统
Final URL

1.117.7.214/home/login/index.html
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

11

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
1.117.7.214 (11)	unknown	2022-12-03 12:41:48	2023-10-18 02:52:30	4646	218783	1.117.7.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed
2023-11-20	medium	1.117.7.214	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

Pretty

URL

1.117.7.214/static/assets/layui/layui.js?v=1.0.22
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 13:02:52

Last Seen2023-12-03 15:53:42

Times Seen77
Hash

210a8b1c979a8ff8d8036c3bab6e3b46

40ed39b8c127b1f1307c142e94cc8f9e0c36e31b

fef3fe945718e6caef2f72dc7c89080374cfd74e59576746e477de017c1ef0ad

Pretty

URL

1.117.7.214/home/login/index.html
IP

1.117.7.214:0
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Introduced by

scriptElement
Inline HTML

true

Observations

First Seen2023-03-07 01:01:59

Last Seen2023-12-08 15:57:52

Times Seen32473059
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Transactions (11)

URL IP Response Size

1.117.7.214/

China Shenzhen Tencent Computer Systems Company Limited

1.117.7.214

302 Found

URL User Request GET HTTP/1.1

1.117.7.214/
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET / HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
Server: nginx
Date: Mon, 20 Nov 2023 21:18:18 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache,must-revalidate
Location: /home/login/index.html

1.117.7.214/home/login/index.html

1.117.7.214

2046

URL User Request GET

1.117.7.214/home/login/index.html
IP

1.117.7.214:0
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

Size

2046
Hash

e0c87b86ab393e9de199299c7969a080

47453dab41bcb50e9011011629f299e42ccc24ed

b26d8792f1c7863fb925abb5f29dcde4e09fcebdbd3c03520cf1767397c90109

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /home/login/index.html HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2; path=/
Content-Encoding: gzip

1.117.7.214/static/assets/layui/css/layui.css?v=1.0.22

1.117.7.214

200 OK

17920

URL GET HTTP/1.1

1.117.7.214/static/assets/layui/css/layui.css?v=1.0.22
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

17920
Hash

3f301374d385c19214a4b3e17c815422

4b82ec3e4fc883d6331063fa19ccc94e2a0b970c

7e90b7ced175894e5737acf791e4f77d2d3223e85d15c81b2485f1c525730987

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/assets/layui/css/layui.css?v=1.0.22 HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:20 GMT
Content-Type: text/css
Last-Modified: Fri, 10 Feb 2023 04:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e5c7c6-14153"
Expires: Tue, 21 Nov 2023 09:18:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

1.117.7.214/static/assets/layui/layui.js?v=1.0.22

1.117.7.214

200 OK

107243

URL GET HTTP/1.1

1.117.7.214/static/assets/layui/layui.js?v=1.0.22
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

107243
Hash

210a8b1c979a8ff8d8036c3bab6e3b46

40ed39b8c127b1f1307c142e94cc8f9e0c36e31b

fef3fe945718e6caef2f72dc7c89080374cfd74e59576746e477de017c1ef0ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/assets/layui/layui.js?v=1.0.22 HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:20 GMT
Content-Type: application/javascript
Last-Modified: Fri, 10 Feb 2023 04:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e5c7c6-4714a"
Expires: Tue, 21 Nov 2023 09:18:20 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

1.117.7.214/static/home/images/login_logo.png

1.117.7.214

200 OK

7595

URL GET HTTP/1.1

1.117.7.214/static/home/images/login_logo.png
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

PNG image data, 300 x 90, 8-bit/color RGBA, non-interlaced\012- data

Size

7595
Hash

680b108356136658e4c2a1674e778448

a6b744b45a15485d4abbc7b19f854b214c0c5eb3

0bb25fdadff1e661f0938bb0ce21ee1ea521e8f9a0f50ecdc5040013300f14fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/home/images/login_logo.png HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:21 GMT
Content-Type: image/png
Content-Length: 7595
Last-Modified: Mon, 13 Feb 2023 05:54:20 GMT
Connection: keep-alive
ETag: "63e9d08c-1dab"
Expires: Wed, 20 Dec 2023 21:18:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

1.117.7.214/static/home/images/bg.png

1.117.7.214

200 OK

72186

URL GET HTTP/1.1

1.117.7.214/static/home/images/bg.png
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

PNG image data, 3840 x 2160, 8-bit colormap, non-interlaced\012- data

Size

72186
Hash

70df09670d54517fee7f864cc9082e35

f86d034b80a4d58bb34cd71017f03dcb86fbbcf0

b921934e78e4afd926c7892c6956440ddcc7e9f2197a85b7f2bc092c45ca19df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/home/images/bg.png HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:20 GMT
Content-Type: image/png
Content-Length: 72186
Last-Modified: Fri, 10 Feb 2023 04:27:50 GMT
Connection: keep-alive
ETag: "63e5c7c6-119fa"
Expires: Wed, 20 Dec 2023 21:18:20 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

1.117.7.214/captcha.html

1.117.7.214

200 OK

1844

URL GET HTTP/1.1

1.117.7.214/captcha.html
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

PNG image data, 250 x 62, 8-bit colormap, non-interlaced\012- data

Size

1844
Hash

57492ca9b88c3761194f79b97c8f002c

97f671f50c2de44505582126c5467cca03c25f63

6aafda9c2ceab9bb41a25f82ea4bd5994fc5a3931affa92f0125c298c498c15c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /captcha.html HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:21 GMT
Content-Type: image/png; charset=utf-8
Content-Length: 1844
Connection: keep-alive
Set-Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2; path=/

1.117.7.214/static/assets/layui/css/modules/layer/default/layer.css?v=3.5.1

1.117.7.214

200 OK

3191

URL GET HTTP/1.1

1.117.7.214/static/assets/layui/css/modules/layer/default/layer.css?v=3.5.1
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

ASCII text, with very long lines (14323), with no line terminators

Size

3191
Hash

9bc0bb378b16f6d3d94b945b8a12de7f

b3a3a2788fa3cfab78191f3c2f9ac3dfac1192a4

452d67901461bc418452e139ce517ca82971744bb128aedf6aeae16091574681

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/assets/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:21 GMT
Content-Type: text/css
Last-Modified: Fri, 10 Feb 2023 04:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e5c7c6-37f3"
Expires: Tue, 21 Nov 2023 09:18:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

1.117.7.214/static/assets/layui/css/modules/laydate/default/laydate.css?v=5.3.1

1.117.7.214

200 OK

2007

URL GET HTTP/1.1

1.117.7.214/static/assets/layui/css/modules/laydate/default/laydate.css?v=5.3.1
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

ASCII text, with very long lines (7787), with no line terminators

Size

2007
Hash

965ecf4e5b007d28c7813d295310c9f8

85850be545bf1b7e5856988633b40184cd776449

68e2983e63097dc51336bd69da10365ce29d723d7dfdab3796a29bcfe5aaa335

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/assets/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:21 GMT
Content-Type: text/css
Last-Modified: Fri, 10 Feb 2023 04:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e5c7c6-1e6b"
Expires: Tue, 21 Nov 2023 09:18:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

1.117.7.214/static/assets/layui/css/modules/code.css?v=3

1.117.7.214

200 OK

580

URL GET HTTP/1.1

1.117.7.214/static/assets/layui/css/modules/code.css?v=3
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

ASCII text, with very long lines (1738), with no line terminators

Size

580
Hash

9e6c47f424536b7039ede0093cc8a153

0e994c799db4c0f0de38cef2ea4bda958813cf87

e5fa94378e76c854bbf3572f9e090f1fa5d8260c3e93d8a864a74941b540034e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /static/assets/layui/css/modules/code.css?v=3 HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 20 Nov 2023 21:18:21 GMT
Content-Type: text/css
Last-Modified: Fri, 10 Feb 2023 04:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e5c7c6-6ca"
Expires: Tue, 21 Nov 2023 09:18:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

1.117.7.214/favicon.ico

1.117.7.214

404 Not Found

874

URL GET HTTP/1.1

1.117.7.214/favicon.ico
IP

1.117.7.214:80
ASN

#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by

http://1.117.7.214/home/login/index.html

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

Size

874
Hash

d99b5db9572e4ed5bc67edbac9372096

f3dbae89f15cd77f0b4d8081d2aacd50da8ebc0e

1ab2b1318bad123ed960590e5036913d6e81acf036d69e47c532691304fa89a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: 1.117.7.214
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.117.7.214/home/login/index.html
Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 20 Nov 2023 21:18:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=ce28c8de8b218d1002b4a8a15b6bc4a2; path=/
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

#1 JS:Script (size: 291146)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 0)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

HTTP Transactions (11)

URL User Request GET HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP