Report - 120.76.138.173:7799/login

Report Overview

Submitted URL
120.76.138.173:7799/login
IP
120.76.138.173
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-05-07 11:01:10
Access
public
Website Title
登录系统
Final URL
120.76.138.173:7799/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
120.76.138.173:7799	unknown	unknown	No data	No data	8.2 kB	1.0 MB	120.76.138.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed
2024-05-07	medium	120.76.138.173	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	120.76.138.173:7799/login	0 B	2023-03-07	2024-05-19
Pretty URL 120.76.138.173:7799/login IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 16:34:34 Times Seen37833837 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	120.76.138.173:7799/js/jquery.min.js	132 kB	2023-06-04	2024-05-13
Pretty URL 120.76.138.173:7799/js/jquery.min.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-04 12:19:36 Last Seen2024-05-13 11:39:24 Times Seen68 Hash 3c852a75e6d52b8d2d4de5f6d1762e13 d04ed77fac1b126224af54d94bdb4d064026cb9f d56e7a458495aa3c0a3bb3a377c46f031afcc875e67adecf7202acde1aec2754 Loading...

	120.76.138.173:7799/ajax/libs/blockUI/jquery.blockUI.js	21 kB	2023-03-07	2024-05-18
Pretty URL 120.76.138.173:7799/ajax/libs/blockUI/jquery.blockUI.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:33:48 Last Seen2024-05-18 18:47:10 Times Seen200 Hash d2527dc37bd691ee37c0769a85d4e678 7f6ae26a61a7d5dfa1fed93de574d736e80e3476 5fccc001b2b5cadcb733169e116de392bb571b456e2bef0d5cbeaa51c85f7ea5 Loading...

	120.76.138.173:7799/zq/login.js	3.1 kB	2024-05-07	2024-05-07
Pretty URL 120.76.138.173:7799/zq/login.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 13:01:16 Last Seen2024-05-07 13:01:17 Times Seen2 Hash 4b7378f1500fd9a08b6dfca3f120c222 3e363b2d179d04d3c0e75b898eaa17bf609e363e 5a868fd633dc6f366fa27854739f0ddccdd62e292f9bf39a7767e8cc2f7bb327 Loading...

	120.76.138.173:7799/login	46 B	2024-05-07	2024-05-07
Pretty URL 120.76.138.173:7799/login IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 13:01:16 Last Seen2024-05-07 13:01:16 Times Seen1 Hash ee4ec5dae8017525676843136bef62fb a81a35b6d70ec6398479a1dd8b24310b589953cd 41e285db54ecda3400bef98c9b69d43542cfab21838573ab336962b7d3117d74 Loading...

	120.76.138.173:7799/js/bootstrap.min.js	39 kB	2023-03-08	2024-05-13
Pretty URL 120.76.138.173:7799/js/bootstrap.min.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:42:27 Last Seen2024-05-13 11:39:24 Times Seen152 Hash 93a1f823d90b3c0b0c92c7eaa9669754 c5656ed696219cc6b7dceed19a34bb4d9f6faab1 761b0a0362022aec0c1d121ea530ea547e2773e01aabe56cf3180236973e0af8 Loading...

	120.76.138.173:7799/ajax/libs/validate/jquery.validate.min.js	22 kB	2024-05-07	2024-05-07
Pretty URL 120.76.138.173:7799/ajax/libs/validate/jquery.validate.min.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 13:01:16 Last Seen2024-05-07 13:01:16 Times Seen1 Hash 0658b54b1466fbc6eaefdb6ad4a0f6cd 08ed9a317e86fc4af5cba9235263f2f0825ba765 bd082e9cda7ddb479e2d72200a5e40083170e52fd5c7717008acc25832c6238d Loading...

	120.76.138.173:7799/ajax/libs/validate/messages_zh.min.js	1.5 kB	2024-05-07	2024-05-07
Pretty URL 120.76.138.173:7799/ajax/libs/validate/messages_zh.min.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 13:01:16 Last Seen2024-05-07 13:01:16 Times Seen2 Hash a3ca994cb37db4aabc5af2eefde3b449 23131ac051f9e4ff7b5ca6c9ce130f4964b571bc e0637890445ab94a92cb47e8d3465b6a4c7ee8eb70dfa06905df621163380fb2 Loading...

	120.76.138.173:7799/ajax/libs/layer/layer.min.js	22 kB	2023-04-07	2024-05-18
Pretty URL 120.76.138.173:7799/ajax/libs/layer/layer.min.js IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 19:23:28 Last Seen2024-05-18 18:47:10 Times Seen201 Hash 47db0e57d73194c6a41bab5b4d55e860 9db378fa8d56979e86519f483993486dc476902b 69025fc1818313fb94c9ca4975c6a45e8385a6fd0ab9d0c60c0ac93cd997566e Loading...

	120.76.138.173:7799/zq/js/ry-ui.js?v=4.4.0	79 kB	2024-05-07	2024-05-07
Pretty URL 120.76.138.173:7799/zq/js/ry-ui.js?v=4.4.0 IP 120.76.138.173 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 13:01:16 Last Seen2024-05-07 13:01:16 Times Seen1 Hash 39194fb7a05da8bea5bf15007c9cf353 12ae0206d2a8e96dd0dcfbb0c763a76ebdba6331 ce97bca8994948a8914e4661f7b27ae4920e27c6640fba9447547a171815b100 Loading...

HTTP Transactions (20)

URL IP Response Size

120.76.138.173:7799/login

120.76.138.173

200

3.2 kB

URL User Request GET HTTP/1.1
120.76.138.173:7799/login
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.2 kB (3165 bytes)
Hash
ca2bb72c68cdb52998528d7db4049ecb
c549bcf9b5a9fc3ceb32ea34e8db724bcee2e464
ec873fea77e443c3a4c80348ad6edbad962663d0c406f32feaa446229a1f9dd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Set-Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff; Path=/; HttpOnly; SameSite=lax
Content-Type: text/html;charset=UTF-8
Content-Language: zh-CN
Transfer-Encoding: chunked
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/css/login.css

120.76.138.173

200

5.3 kB

URL GET HTTP/1.1
120.76.138.173:7799/css/login.css
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
Unicode text, UTF-8 text, with very long lines (326), with CRLF line terminators
Size
5.3 kB (5310 bytes)
Hash
0fb0fe4bc86ffc5e447a540296048e01
e27496df576fd54c629d4a359c095dd2de3bd284
3b7ae2b8a1e1aaf976ff7f25875d5ff58cbb578bcc373eadf1726357d0711e1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/login.css HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 5310
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/css/font-awesome.min.css

120.76.138.173

200

31 kB

URL GET HTTP/1.1
120.76.138.173:7799/css/font-awesome.min.css
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
ASCII text, with very long lines (30837), with CRLF line terminators
Size
31 kB (31004 bytes)
Hash
a0e784c4ca94c271b0338dfb02055be6
88af80502c44cd52ca81ffe7dc7276b7eccb06cf
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/font-awesome.min.css HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 31004
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/zq/css/ry-ui.css?v=4.4.0

120.76.138.173

200

24 kB

URL GET HTTP/1.1
120.76.138.173:7799/zq/css/ry-ui.css?v=4.4.0
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
24 kB (23841 bytes)
Hash
4f3040bf2f19440d7211be38ef6be427
c90e9dfc1257e8f17c510a8765af497ffdece2dd
684ee5ac17d5f8c4a128a37246f1ae7f5340dd864a95272e902bb8679d8ef14a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zq/css/ry-ui.css?v=4.4.0 HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 23841
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/js/bootstrap.min.js

120.76.138.173

200

39 kB

URL GET HTTP/1.1
120.76.138.173:7799/js/bootstrap.min.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, ASCII text, with very long lines (38738), with CRLF line terminators
Size
39 kB (38868 bytes)
Hash
93a1f823d90b3c0b0c92c7eaa9669754
c5656ed696219cc6b7dceed19a34bb4d9f6faab1
761b0a0362022aec0c1d121ea530ea547e2773e01aabe56cf3180236973e0af8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 38868
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/ajax/libs/validate/messages_zh.min.js

120.76.138.173

200

1.5 kB

URL GET HTTP/1.1
120.76.138.173:7799/ajax/libs/validate/messages_zh.min.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.5 kB (1504 bytes)
Hash
a3ca994cb37db4aabc5af2eefde3b449
23131ac051f9e4ff7b5ca6c9ce130f4964b571bc
e0637890445ab94a92cb47e8d3465b6a4c7ee8eb70dfa06905df621163380fb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/messages_zh.min.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 1504
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/ajax/libs/validate/jquery.validate.min.js

120.76.138.173

200

22 kB

URL GET HTTP/1.1
120.76.138.173:7799/ajax/libs/validate/jquery.validate.min.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21310), with CRLF line terminators
Size
22 kB (21452 bytes)
Hash
8e1063c092d4ecc4e64b1789364153d9
8c932b3f657ad38ef4a7677912673aaa914e24c6
9f4011caeb29a152d3c2bb66faadd242d54a702b4e9bc2e5f0714a9c9923d16c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/validate/jquery.validate.min.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 21452
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/css/bootstrap.min.css

120.76.138.173

200

121 kB

URL GET HTTP/1.1
120.76.138.173:7799/css/bootstrap.min.css
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
ASCII text, with very long lines (65367), with CRLF line terminators
Size
121 kB (121217 bytes)
Hash
9ad492ab1297d5f88132a6c30785bbb7
54d78183e2c2e1ac68bfcb0ff43f8b14d5ff2337
b176741e36fbade69acc8529b01e2f8bbef130b99d84cde384dcb8a8a5da1a57

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 121217
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/css/style.css

120.76.138.173

200

140 kB

URL GET HTTP/1.1
120.76.138.173:7799/css/style.css
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
Unicode text, UTF-8 text, with very long lines (483), with CRLF line terminators
Size
140 kB (139461 bytes)
Hash
bf2104a36ee518d05de66707e5fce93e
887c6434f4e0be37f5066d859e871a8ffa0ae8ad
36aa620d60ba6010e7cd5846c1f7ae3fec0ae7e2c4d08ebc4216063711ef3a3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 139461
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/ajax/libs/layer/layer.min.js

120.76.138.173

200

22 kB

URL GET HTTP/1.1
120.76.138.173:7799/ajax/libs/layer/layer.min.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (22032), with CRLF line terminators
Size
22 kB (22117 bytes)
Hash
b4b722614d6d4b6b5f345361b8e5355f
f91dfc32558f2fe1347babbe11f644bd486d7c3e
3cb403b2abfeaf137ebf64eabb0107a01136d1831923b489d6835af431985544

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/layer.min.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:32 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 22117
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/ajax/libs/blockUI/jquery.blockUI.js

120.76.138.173

200

21 kB

URL GET HTTP/1.1
120.76.138.173:7799/ajax/libs/blockUI/jquery.blockUI.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
21 kB (20641 bytes)
Hash
d1b570f6154466b04656d6bf82f83334
ff13abea09fce7cac97c9a8799edcdef7b33b998
fe71ac0177ef82f38e030cca3ad8074377479ec82701d38ac6db1e476ea83c8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/blockUI/jquery.blockUI.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:32 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 20641
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/js/jquery.min.js

120.76.138.173

200

132 kB

URL GET HTTP/1.1
120.76.138.173:7799/js/jquery.min.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, ASCII text, with very long lines (50027), with CRLF line terminators
Size
132 kB (131465 bytes)
Hash
3c852a75e6d52b8d2d4de5f6d1762e13
d04ed77fac1b126224af54d94bdb4d064026cb9f
d56e7a458495aa3c0a3bb3a377c46f031afcc875e67adecf7202acde1aec2754

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 131465
Date: Tue, 07 May 2024 11:00:44 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/zq/login.js

120.76.138.173

200

3.1 kB

URL GET HTTP/1.1
120.76.138.173:7799/zq/login.js
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.1 kB (3121 bytes)
Hash
4b7378f1500fd9a08b6dfca3f120c222
3e363b2d179d04d3c0e75b898eaa17bf609e363e
5a868fd633dc6f366fa27854739f0ddccdd62e292f9bf39a7767e8cc2f7bb327

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zq/login.js HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 3121
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/img/close.png

120.76.138.173

200

296 B

URL GET HTTP/1.1
120.76.138.173:7799/img/close.png
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
Size
296 B (296 bytes)
Hash
dbb1dfd92632da26df90b9f4c69d1026
a8fe2afb2f2de02cbe1e604307f4ccf706416ac6
d11f2f57941b7be7e1ae3eb8178e18d1095b813dcc3b2dfc168e0d7c7dbb27e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/close.png HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 296
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/img/user.png

120.76.138.173

200

510 B

URL GET HTTP/1.1
120.76.138.173:7799/img/user.png
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
510 B (510 bytes)
Hash
cca6b384d68b8dd28c55cc4d611d8dc5
9b2f821cdb1901edcc93d319988d65f0d0b8b33f
d5b7a66077d639f6a87952e058779aded7654b4396016379a14e9ebca029d8ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/user.png HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/css/login.css
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 510
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/img/lock.png

120.76.138.173

200

502 B

URL GET HTTP/1.1
120.76.138.173:7799/img/lock.png
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
502 B (502 bytes)
Hash
3a1710d1d25a645a42f123ceb13aa01c
f3d8ebdd92e6e18164a843e54fbffe1b50f303df
2086b0f9c009f99c3e7a14411f6b5be76b97d24aa502a629122ec59f976195c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/lock.png HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/css/login.css
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 502
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/ajax/libs/layer/theme/default/layer.css?v=3.1.1

120.76.138.173

200

15 kB

URL GET HTTP/1.1
120.76.138.173:7799/ajax/libs/layer/theme/default/layer.css?v=3.1.1
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
ASCII text, with very long lines (15156), with no line terminators
Size
15 kB (15156 bytes)
Hash
f0f9dca00a24bd457da5305214b2b4e5
9b08a0281f73c9d17a807def7e878fc27d01459c
811968878fd43543f1155d371a2f243dab5b469ca6c077fc40afeedc8b69c880

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ajax/libs/layer/theme/default/layer.css?v=3.1.1 HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:32 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 15156
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/zq/js/ry-ui.js?v=4.4.0

120.76.138.173

200

79 kB

URL GET HTTP/1.1
120.76.138.173:7799/zq/js/ry-ui.js?v=4.4.0
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
JavaScript source, Unicode text, UTF-8 text
Size
79 kB (78779 bytes)
Hash
87bf21f9bd64d2ba0a6799241f850210
0443cdd2fe0351d0b6bd31f702c31a4ea7340352
73c92c4eb4cf272b3e699bc3ed5db4c0bbcebac2113ad9e771ad6260e3c35b8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zq/js/ry-ui.js?v=4.4.0 HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 78779
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/favicon.ico

120.76.138.173

200

241 B

URL GET HTTP/1.1
120.76.138.173:7799/favicon.ico
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
241 B (241 bytes)
Hash
419e641f3cb32c146328656045619aed
9a5d8f17a91cbfc176e2af3b3b915725136e7e48
71397385c2e11d2d40d2e20a2a3e7fe572ad82a413444a9d667d7e4429567ebe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/login
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Length: 241
Date: Tue, 07 May 2024 11:00:47 GMT
Keep-Alive: timeout=20
Connection: keep-alive

120.76.138.173:7799/img/login-background.png

120.76.138.173

200

364 kB

URL GET HTTP/1.1
120.76.138.173:7799/img/login-background.png
IP
120.76.138.173:7799
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://120.76.138.173:7799/login

File type
PNG image data, 1440 x 900, 8-bit/color RGBA, non-interlaced
Size
364 kB (364241 bytes)
Hash
7c44d755a41d52e4f263b19e0f0564d6
7f7e6bc0f9aa5ac2bef57059dc52d10be8040668
1895b68e52fe35c9737d09e134181a82337743e6249a52ac3acc9154c302b7f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/login-background.png HTTP/1.1
Host: 120.76.138.173:7799
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.138.173:7799/css/login.css
Cookie: JSESSIONID=cb637b8b-4d5c-41c3-9a02-1f0e15db84ff
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Thu, 30 Nov 2023 00:51:34 GMT
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 364241
Date: Tue, 07 May 2024 11:00:45 GMT
Keep-Alive: timeout=20
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML