Report - 221.141.14.27/

Report Overview

Submitted URL
221.141.14.27/
IP
221.141.14.27
ASN
#9318 SK Broadband Co Ltd
Submitted
2024-05-07 20:55:18
Access
public
Website Title
Opening...
Final URL
221.141.14.27/webpages/index.html?t=29ba1aa0
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
68

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22	2024-05-06	366 B	326 B	54.230.111.23
221.141.14.27	unknown	unknown	No data	No data	16 kB	2.3 MB	221.141.14.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed
2024-05-07	medium	221.141.14.27	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	221.141.14.27/webpages/js/libs/encrypt.js?t=29ba1aa0	19 kB	2024-02-14	2024-05-10
Pretty URL 221.141.14.27/webpages/js/libs/encrypt.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 15:10:49 Last Seen2024-05-10 01:04:11 Times Seen10 Hash 18754a39389b0fb64f890741fef1bcae fa444d2417831619814313de414bc787eb128967 93dcb8346528ff69bf0721a379d59eab534ebe83f1cdd2751e0959246269e760 Loading...

	221.141.14.27/webpages/js/libs/cryptoJS.min.js?t=29ba1aa0	37 kB	2023-03-08	2024-05-18
Pretty URL 221.141.14.27/webpages/js/libs/cryptoJS.min.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:31:18 Last Seen2024-05-18 00:10:51 Times Seen259 Hash 242f7a6460d88d62952bc73f3fdee691 679c50b118801a48f13ab4a0e06c00370d48d719 fe07d716cf3b06012d630b58916b1863d3d2359805d1a2309c8bd199a10a4eb8 Loading...

	221.141.14.27/webpages/js/su/char.js?t=29ba1aa0	3.8 kB	2023-03-14	2024-05-17
Pretty URL 221.141.14.27/webpages/js/su/char.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 04:54:29 Last Seen2024-05-17 23:52:39 Times Seen124 Hash 492a8b26dc4ceee50242d80e4949efff cb78326c06ccc0ab873e0365d90b3a93abd7ff66 5249880594a0525556b122a6e1eed9a986040d8a901b8763d372d13c28c7d2a5 Loading...

	221.141.14.27/webpages/js/libs/base64.js?t=29ba1aa0	1.5 kB	2023-10-31	2024-05-17
Pretty URL 221.141.14.27/webpages/js/libs/base64.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 22:18:50 Last Seen2024-05-17 23:52:39 Times Seen164 Hash 4f993937854b67c2c8ce9819786133af 32b493527dc9a3af145de5420371d5559fc7a919 e6a53e5de818d2bc3c496d023e80f6a03ba9cff3324bbd07f4a11e1aa9bade62 Loading...

	221.141.14.27/webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0	3.1 kB	2023-10-31	2024-05-17
Pretty URL 221.141.14.27/webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 22:18:50 Last Seen2024-05-17 23:52:39 Times Seen164 Hash 7c7d50597056d7447cbd2e9d674a4923 58a7c5b7a8529cfb4a940f267523711c6c31bf72 f39c5f2fab5da8317e550348f76739099c372f9c38cbc914bd21209b67dc5d0e Loading...

	221.141.14.27/webpages/js/app/url.js?t=29ba1aa0	323 B	2023-11-08	2024-05-17
Pretty URL 221.141.14.27/webpages/js/app/url.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-08 02:33:12 Last Seen2024-05-17 23:52:39 Times Seen100 Hash 6e7925ced5dc121458d9a719972e5ea9 6de4445680d6cb123fef1bc9add4f5de78c48d3a 30c12d0f3035f7a9d42cfc43f7adb6e0ecd7754906965a8181bfc19c1fa45187 Loading...

	221.141.14.27/webpages/index.html?t=29ba1aa0	0 B	2023-03-07	2024-05-19
Pretty URL 221.141.14.27/webpages/index.html?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 15:51:01 Times Seen37831250 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	221.141.14.27/webpages/js/su/language.js?t=29ba1aa0	1.8 kB	2024-05-07	2024-05-10
Pretty URL 221.141.14.27/webpages/js/su/language.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 22:55:26 Last Seen2024-05-10 01:04:01 Times Seen4 Hash 7fbfba95c478d3e4f2ba3a4df516135e c5335c3ad5a3940feb997cb65cef444ebd7384a9 61d961370b2095320d4c241bd24ef449d98a556e27537644b8e5c89624310a12 Loading...

	221.141.14.27/webpages/js/libs/tpEncrypt.js?t=29ba1aa0	4.3 kB	2024-05-04	2024-05-10
Pretty URL 221.141.14.27/webpages/js/libs/tpEncrypt.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 00:05:15 Last Seen2024-05-10 01:04:01 Times Seen7 Hash 8b773a07229624624650b064b80735a9 6ca72affb9f439002673236bc1f0404aeea19de2 b98c72362c16f2811d73e3d846f343e15e9d109900702a87508277b634d639e1 Loading...

	221.141.14.27/webpages/js/libs/jquery.min.js?t=29ba1aa0	93 kB	2023-03-07	2024-05-18
Pretty URL 221.141.14.27/webpages/js/libs/jquery.min.js?t=29ba1aa0 IP 221.141.14.27 ASN #9318 SK Broadband Co Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:50:44 Last Seen2024-05-18 00:10:51 Times Seen336 Hash 00ff34b67a328f219fa3ae2423d4f252 19715ffee604b54e95a0e9db76f6de2b5125c29e dbe2f39d679680bec02757226881b9ac53fb18a7a6cf397e2bbe6d4724c1c8e1 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 22f174a4f144d4379b36c3514347f57a	864 B	2024-02-13	2024-05-07
Pretty Observations First Seen2024-02-13 04:10:42 Last Seen2024-05-07 22:55:26 Times Seen2 Hash 22f174a4f144d4379b36c3514347f57a 0dcf379cb38661d57b514d67070588e27873ead6 a18754b76041e1844ed23f1d314d84809d080a72d28c49df1f57cb8e6b1536b7 Loading...

	#2 Eval - 0035179f2b802eaa36c647080a0084cc	2.8 kB	2024-05-07	2024-05-10
Pretty Observations First Seen2024-05-07 22:55:26 Last Seen2024-05-10 01:04:01 Times Seen2 Hash 0035179f2b802eaa36c647080a0084cc 172dd964b192ec3d64af9c0138df8372d5ca71aa f16c44c2f58e158607d4f97962ff9b7be9aeeb314e16ab558e30b672e2824f7d Loading...

HTTP Transactions (35)

URL IP Response Size

mitmdetection.services.mozilla.com/

54.230.111.23

0 B

URL
mitmdetection.services.mozilla.com/
IP
54.230.111.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
date: Tue, 07 May 2024 20:54:56 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lv6JvJGkEgGvUT-vqylWUvgTqkqVe5MMhwb7y8dCkARcxK7ftDCuZA==
X-Firefox-Spdy: h2

221.141.14.27/

221.141.14.27

272 B

URL
221.141.14.27/
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type
XML 1.0 document, ASCII text
Size
272 B (272 bytes)
Hash
bf09f1ff72ee7a91714816f78a2fd976
dc5404c9571e34c3f637a4ca3082212d4fd4d89a
a0e089d1aca81cbe85313ac63b02086d5067eb0424bfa57c56b037314ccbd18a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "291-110-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:54:56 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 272

221.141.14.27/webpages/index.html

221.141.14.27

3.2 kB

URL
221.141.14.27/webpages/index.html
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type
HTML document, ASCII text
Size
3.2 kB (3223 bytes)
Hash
f008673d3d0ea859674b77022a377ce2
6acec353ec867b0e405c969725bf43fb91bd8916
fd4a6067a15096fcaf03eade2771d0c34be10d19b1a017953ab14c48b732b989

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/index.html HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2f0-c97-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:54:57 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 3223

221.141.14.27/webpages/themes/default/css/perfect-scrollbar.css?t=29ba1aa0

221.141.14.27

200 OK

1.7 kB

URL GET HTTP/1.1
221.141.14.27/webpages/themes/default/css/perfect-scrollbar.css?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1712), with no line terminators
Size
1.7 kB (1712 bytes)
Hash
2266db0e4804abc5551b10758d96d9ab
00aa0d250bcc5bb3962b8b597107c0eb14a80208
48b73d75d4d603b31f1c5e538603615adaf8143019776a7ec00248026bb62946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/perfect-scrollbar.css?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2e8-6b0-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:54:58 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 1712

221.141.14.27/webpages/themes/default/css/base.css?t=29ba1aa0

221.141.14.27

200 OK

252 kB

URL GET HTTP/1.1
221.141.14.27/webpages/themes/default/css/base.css?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
252 kB (251886 bytes)
Hash
b756bcc8992a91c697839dccd03be131
2bc4359e4da9a944d5b13dcaf6140efff9b2351b
2837d05cdda859f93c239437c60b6e53d14a3391111fdb9a3bcf3fbc30fed4e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/base.css?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2ed-3d7ee-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:54:58 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 251886

221.141.14.27/webpages/js/libs/base64.js?t=29ba1aa0

221.141.14.27

200 OK

1.5 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/base64.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1511), with no line terminators
Size
1.5 kB (1511 bytes)
Hash
4f993937854b67c2c8ce9819786133af
32b493527dc9a3af145de5420371d5559fc7a919
e6a53e5de818d2bc3c496d023e80f6a03ba9cff3324bbd07f4a11e1aa9bade62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/base64.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "465-5e7-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1511

221.141.14.27/webpages/js/libs/jquery.min.js?t=29ba1aa0

221.141.14.27

200 OK

93 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/jquery.min.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (32099)
Size
93 kB (93026 bytes)
Hash
00ff34b67a328f219fa3ae2423d4f252
19715ffee604b54e95a0e9db76f6de2b5125c29e
dbe2f39d679680bec02757226881b9ac53fb18a7a6cf397e2bbe6d4724c1c8e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.min.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "464-16b62-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:54:59 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 93026

221.141.14.27/webpages/js/libs/tpEncrypt.js?t=29ba1aa0

221.141.14.27

200 OK

4.3 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/tpEncrypt.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (4344), with no line terminators
Size
4.3 kB (4344 bytes)
Hash
8b773a07229624624650b064b80735a9
6ca72affb9f439002673236bc1f0404aeea19de2
b98c72362c16f2811d73e3d846f343e15e9d109900702a87508277b634d639e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/tpEncrypt.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "469-10f8-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 4344

221.141.14.27/webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0

221.141.14.27

200 OK

3.1 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (3124), with no line terminators
Size
3.1 kB (3124 bytes)
Hash
7c7d50597056d7447cbd2e9d674a4923
58a7c5b7a8529cfb4a940f267523711c6c31bf72
f39c5f2fab5da8317e550348f76739099c372f9c38cbc914bd21209b67dc5d0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "466-c34-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3124

221.141.14.27/webpages/js/app/url.js?t=29ba1aa0

221.141.14.27

200 OK

323 B

URL GET HTTP/1.1
221.141.14.27/webpages/js/app/url.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (323), with no line terminators
Size
323 B (323 bytes)
Hash
6e7925ced5dc121458d9a719972e5ea9
6de4445680d6cb123fef1bc9add4f5de78c48d3a
30c12d0f3035f7a9d42cfc43f7adb6e0ecd7754906965a8181bfc19c1fa45187

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/app/url.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46d-143-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 323

221.141.14.27/webpages/js/libs/encrypt.js?t=29ba1aa0

221.141.14.27

200 OK

19 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/encrypt.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (18695), with no line terminators
Size
19 kB (18695 bytes)
Hash
18754a39389b0fb64f890741fef1bcae
fa444d2417831619814313de414bc787eb128967
93dcb8346528ff69bf0721a379d59eab534ebe83f1cdd2751e0959246269e760

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/encrypt.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "463-4907-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 18695

221.141.14.27/webpages/js/libs/cryptoJS.min.js?t=29ba1aa0

221.141.14.27

200 OK

37 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/cryptoJS.min.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (37061), with no line terminators
Size
37 kB (37061 bytes)
Hash
242f7a6460d88d62952bc73f3fdee691
679c50b118801a48f13ab4a0e06c00370d48d719
fe07d716cf3b06012d630b58916b1863d3d2359805d1a2309c8bd199a10a4eb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/cryptoJS.min.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46b-90c5-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 37061

221.141.14.27/webpages/js/su/char.js?t=29ba1aa0

221.141.14.27

200 OK

3.8 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/su/char.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (3828), with no line terminators
Size
3.8 kB (3828 bytes)
Hash
492a8b26dc4ceee50242d80e4949efff
cb78326c06ccc0ab873e0365d90b3a93abd7ff66
5249880594a0525556b122a6e1eed9a986040d8a901b8763d372d13c28c7d2a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/char.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "45f-ef4-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3828

221.141.14.27/webpages/js/su/language.js?t=29ba1aa0

221.141.14.27

200 OK

1.8 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/su/language.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
HTML document, ASCII text, with very long lines (1827), with no line terminators
Size
1.8 kB (1827 bytes)
Hash
7fbfba95c478d3e4f2ba3a4df516135e
c5335c3ad5a3940feb997cb65cef444ebd7384a9
61d961370b2095320d4c241bd24ef449d98a556e27537644b8e5c89624310a12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/language.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "45b-723-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1827

221.141.14.27/webpages/js/su/frame.js?t=29ba1aa0

221.141.14.27

200 OK

644 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/su/frame.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (65516), with no line terminators
Size
644 kB (643520 bytes)
Hash
e9753b7e62b330ec3be6143d76e1ef8c
2404e2febe286bc2864aedb81e3e8667e57a3105
2578b2c519e1e505d155c53996af35b637952b285fb8e9d38cba6ec74c94b76d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/frame.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "45c-9d1c0-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:00 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 643520

221.141.14.27/cgi-bin/luci/;stok=/locale?form=lang&operation=read

221.141.14.27

200 OK

157 kB

URL GET HTTP/1.1
221.141.14.27/cgi-bin/luci/;stok=/locale?form=lang&operation=read
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (42618), with no line terminators
Size
157 kB (157155 bytes)
Hash
ea07f8e0d5e412b6ecdd0c00c98a0801
9ba62931df58a80e6642dbe01b5fbed072b1f419
23cad2f04b718e8cde8f66763489d3216126a532a2f84f68129b6140d78c07f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-bin/luci/;stok=/locale?form=lang&operation=read HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Cache-Control: no-cache
Expires: 0

221.141.14.27/

221.141.14.27

5.9 kB

URL
221.141.14.27/
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3
Size
5.9 kB (5858 bytes)
Hash
56858b454c7ea990cfa2854359398c6f
54ed7574e1f129e0ffc1bb3896e035e5c7013b19
29b1a14ae082befb750c59338f8b53604f4d93d6c1a8bb84db9ce4a36cecdefc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Location: https://221.141.14.27:443/
Connection: close

221.141.14.27/webpages/favicon.ico?t=29ba1aa0

221.141.14.27

8.0 kB

URL
221.141.14.27/webpages/favicon.ico?t=29ba1aa0
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type
data
Size
8.0 kB (8028 bytes)
Hash
952622d053b89d528848bc16d58bcc84
0d96740a05d950bfcfaaeafcbee474af7052dc25
94111d7d462f0c0735bce1c5e145ec672d20ca82c3ba578460fa0574338d76c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/favicon.ico?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2f8-1f5c-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:06 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: application/octet-stream
Content-Length: 8028

221.141.14.27/webpages/locale/ko_KR/lan.css?t=29ba1aa0

221.141.14.27

485 B

URL
221.141.14.27/webpages/locale/ko_KR/lan.css?t=29ba1aa0
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type
ASCII text, with CRLF line terminators
Size
485 B (485 bytes)
Hash
cd791f9c8e82d989ac6e2825d2d1e843
7f270d497fd18fe4a84fec50b901072e945dc7c2
94618f4166c6df769fa106fe78b2163c2ccb405b7cfff5d5411271de19703d37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/ko_KR/lan.css?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4dd-1e5-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:06 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 485

221.141.14.27/webpages/locale/ko_KR/help.js?_=1715115301597

221.141.14.27

0 B

URL
221.141.14.27/webpages/locale/ko_KR/help.js?_=1715115301597
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/ko_KR/help.js?_=1715115301597 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "4de-0-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:06 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 0

221.141.14.27/webpages/locale/language.js?_=1715115301598

221.141.14.27

2.8 kB

URL
221.141.14.27/webpages/locale/language.js?_=1715115301598
IP
221.141.14.27:0
ASN
#9318 SK Broadband Co Ltd

File type
Unicode text, UTF-8 text, with very long lines (2725), with no line terminators
Size
2.8 kB (2808 bytes)
Hash
465950bec923a197467e3a36fdb55eba
8b54988bda351abeac2cb8b61eefb8954b995bf0
e60e0b0c76985921adea169b14103a39395a926fd6e7091669fdb74a230cd77c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/language.js?_=1715115301598 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "487-af8-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:06 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 2808

221.141.14.27/webpages/index.html?t=29ba1aa0

221.141.14.27

200 OK

3.2 kB

URL User Request GET HTTP/1.1
221.141.14.27/webpages/index.html?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
HTML document, ASCII text
Size
3.2 kB (3223 bytes)
Hash
f008673d3d0ea859674b77022a377ce2
6acec353ec867b0e405c969725bf43fb91bd8916
fd4a6067a15096fcaf03eade2771d0c34be10d19b1a017953ab14c48b732b989

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/index.html?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2f0-c97-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:06 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 3223

221.141.14.27/webpages/themes/default/css/perfect-scrollbar.css?t=29ba1aa0

221.141.14.27

200 OK

1.7 kB

URL GET HTTP/1.1
221.141.14.27/webpages/themes/default/css/perfect-scrollbar.css?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1712), with no line terminators
Size
1.7 kB (1712 bytes)
Hash
2266db0e4804abc5551b10758d96d9ab
00aa0d250bcc5bb3962b8b597107c0eb14a80208
48b73d75d4d603b31f1c5e538603615adaf8143019776a7ec00248026bb62946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/perfect-scrollbar.css?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2e8-6b0-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:07 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 1712

221.141.14.27/webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0

221.141.14.27

200 OK

3.1 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (3124), with no line terminators
Size
3.1 kB (3124 bytes)
Hash
7c7d50597056d7447cbd2e9d674a4923
58a7c5b7a8529cfb4a940f267523711c6c31bf72
f39c5f2fab5da8317e550348f76739099c372f9c38cbc914bd21209b67dc5d0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.backgroundSize.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "466-c34-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3124

221.141.14.27/webpages/js/libs/base64.js?t=29ba1aa0

221.141.14.27

200 OK

1.5 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/base64.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (1511), with no line terminators
Size
1.5 kB (1511 bytes)
Hash
4f993937854b67c2c8ce9819786133af
32b493527dc9a3af145de5420371d5559fc7a919
e6a53e5de818d2bc3c496d023e80f6a03ba9cff3324bbd07f4a11e1aa9bade62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/base64.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "465-5e7-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1511

221.141.14.27/webpages/js/libs/tpEncrypt.js?t=29ba1aa0

221.141.14.27

200 OK

4.3 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/tpEncrypt.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (4344), with no line terminators
Size
4.3 kB (4344 bytes)
Hash
8b773a07229624624650b064b80735a9
6ca72affb9f439002673236bc1f0404aeea19de2
b98c72362c16f2811d73e3d846f343e15e9d109900702a87508277b634d639e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/tpEncrypt.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "469-10f8-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 4344

221.141.14.27/webpages/js/app/url.js?t=29ba1aa0

221.141.14.27

200 OK

323 B

URL GET HTTP/1.1
221.141.14.27/webpages/js/app/url.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (323), with no line terminators
Size
323 B (323 bytes)
Hash
6e7925ced5dc121458d9a719972e5ea9
6de4445680d6cb123fef1bc9add4f5de78c48d3a
30c12d0f3035f7a9d42cfc43f7adb6e0ecd7754906965a8181bfc19c1fa45187

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/app/url.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46d-143-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 323

221.141.14.27/webpages/js/su/char.js?t=29ba1aa0

221.141.14.27

200 OK

3.8 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/su/char.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (3828), with no line terminators
Size
3.8 kB (3828 bytes)
Hash
492a8b26dc4ceee50242d80e4949efff
cb78326c06ccc0ab873e0365d90b3a93abd7ff66
5249880594a0525556b122a6e1eed9a986040d8a901b8763d372d13c28c7d2a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/char.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "45f-ef4-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 3828

221.141.14.27/webpages/js/libs/encrypt.js?t=29ba1aa0

221.141.14.27

200 OK

19 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/encrypt.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (18695), with no line terminators
Size
19 kB (18695 bytes)
Hash
18754a39389b0fb64f890741fef1bcae
fa444d2417831619814313de414bc787eb128967
93dcb8346528ff69bf0721a379d59eab534ebe83f1cdd2751e0959246269e760

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/encrypt.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "463-4907-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 18695

221.141.14.27/webpages/js/libs/cryptoJS.min.js?t=29ba1aa0

221.141.14.27

200 OK

37 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/cryptoJS.min.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (37061), with no line terminators
Size
37 kB (37061 bytes)
Hash
242f7a6460d88d62952bc73f3fdee691
679c50b118801a48f13ab4a0e06c00370d48d719
fe07d716cf3b06012d630b58916b1863d3d2359805d1a2309c8bd199a10a4eb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/cryptoJS.min.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "46b-90c5-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 37061

221.141.14.27/webpages/js/su/language.js?t=29ba1aa0

221.141.14.27

200 OK

1.8 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/su/language.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
HTML document, ASCII text, with very long lines (1827), with no line terminators
Size
1.8 kB (1827 bytes)
Hash
7fbfba95c478d3e4f2ba3a4df516135e
c5335c3ad5a3940feb997cb65cef444ebd7384a9
61d961370b2095320d4c241bd24ef449d98a556e27537644b8e5c89624310a12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/language.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "45b-723-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 1827

221.141.14.27/webpages/js/su/frame.js?t=29ba1aa0

221.141.14.27

200 OK

644 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/su/frame.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
Unicode text, UTF-8 text, with very long lines (65516), with no line terminators
Size
644 kB (643520 bytes)
Hash
e9753b7e62b330ec3be6143d76e1ef8c
2404e2febe286bc2864aedb81e3e8667e57a3105
2578b2c519e1e505d155c53996af35b637952b285fb8e9d38cba6ec74c94b76d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/su/frame.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "45c-9d1c0-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:08 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 643520

221.141.14.27/webpages/themes/default/css/base.css?t=29ba1aa0

221.141.14.27

200 OK

252 kB

URL GET HTTP/1.1
221.141.14.27/webpages/themes/default/css/base.css?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
252 kB (251886 bytes)
Hash
b756bcc8992a91c697839dccd03be131
2bc4359e4da9a944d5b13dcaf6140efff9b2351b
2837d05cdda859f93c239437c60b6e53d14a3391111fdb9a3bcf3fbc30fed4e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/themes/default/css/base.css?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "2ed-3d7ee-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:10 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/css
Content-Length: 251886

221.141.14.27/webpages/js/libs/jquery.min.js?t=29ba1aa0

221.141.14.27

200 OK

93 kB

URL GET HTTP/1.1
221.141.14.27/webpages/js/libs/jquery.min.js?t=29ba1aa0
IP
221.141.14.27:443
ASN
#9318 SK Broadband Co Ltd

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0
Certificate
Issuer
Subjecttplinkwifi.net
Fingerprint58:DD:C5:E2:FF:A7:4E:A8:8C:2C:FB:39:49:46:C9:F1:5E:86:99:90
ValidityFri, 01 Jan 2010 00:00:00 GMT - Tue, 31 Dec 2030 00:00:00 GMT

File type
JavaScript source, ASCII text, with very long lines (32099)
Size
93 kB (93026 bytes)
Hash
00ff34b67a328f219fa3ae2423d4f252
19715ffee604b54e95a0e9db76f6de2b5125c29e
dbe2f39d679680bec02757226881b9ac53fb18a7a6cf397e2bbe6d4724c1c8e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/js/libs/jquery.min.js?t=29ba1aa0 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
ETag: "464-16b62-61cfd4ab"
Last-Modified: Sat, 01 Jan 2022 04:12:27 GMT
Date: Tue, 07 May 2024 20:55:12 GMT
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors 'none'
Content-Type: text/javascript
Content-Length: 93026

221.141.14.27/webpages/locale/ko_KR/lan.js?_=1715115313970

0.0.0.0

0 B

URL GET
221.141.14.27/webpages/locale/ko_KR/lan.js?_=1715115313970
IP
0.0.0.0:0
ASN
#0

Requested by
https://221.141.14.27/webpages/index.html?t=29ba1aa0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /webpages/locale/ko_KR/lan.js?_=1715115313970 HTTP/1.1
Host: 221.141.14.27
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://221.141.14.27/webpages/index.html?t=29ba1aa0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML