Report - 111.20.161.194:9001/

Report Overview

Visitedpublic

2025-05-28 19:36:40

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
111.20.161.194	unknown	unknown	No data	No data	6.8 kB	1.7 MB	111.20.161.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed
2025-05-28	medium	111.20.161.194	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	111.20.161.194:9001/	ScriptElement	3.9 kB	2025-05-28	2025-05-28
URL 111.20.161.194:9001/ IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded true Resource Info First Seen 2025-05-28 Last Seen 2025-05-28 Times Seen 1 Size 3.9 kB (3853 bytes) MD5 e2bf13e584336924fc701a52f01050c4 SHA1 d2dd45e2294c209489a93d7d7ed3365cd38b4d8c SHA256 86c290a7d9a019206549437e314e62a43d1f8c7cd33b28d7d2188b97e017a011 Format Code Loading...

	111.20.161.194:9001/	ScriptElement	360 B	2023-03-07	2025-08-01
URL 111.20.161.194:9001/ IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 237 Size 360 B (360 bytes) MD5 062525ec329b070ecce11837e23ddcd6 SHA1 63e54072bc6fa3a15fe5366f13191b5bf937f199 SHA256 d8daa76ad70fab2e638c15da953a59c8930eff47d469851bdde3e5be250fe082 Format Code Loading...

	111.20.161.194:9001/	ScriptElement	52 B	2023-10-14	2025-06-25
URL 111.20.161.194:9001/ IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-14 Last Seen 2025-06-25 Times Seen 12 Size 52 B (52 bytes) MD5 048f19d36573551c000c011cdedf1ea8 SHA1 946f86c70c82dd2982e7c58bca6a199401c54a3a SHA256 5bc1c6e5e095eb48285a93fb6441bf4e81821562b6ac2c47133b2f57cf61018d Format Code Loading...

	111.20.161.194:9001/JS/RSA/RSA.js	ScriptElement	4.0 kB	2023-03-13	2025-06-06
URL 111.20.161.194:9001/JS/RSA/RSA.js IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-13 Last Seen 2025-06-06 Times Seen 13 Size 4.0 kB (4020 bytes) MD5 88d4a4aafb07ad4c9c12e8e51a053984 SHA1 98295f492c0dc53d3c87a5a17f733140ac1a8368 SHA256 919da83be1bfba25812336b18bcfa5d13236ae73cdfa965a1efed5d16c257190 Format Code Loading...

	111.20.161.194:9001/WebResource.axd?d=NYFJVMoNDzsnMPKmSYdcQQ2&t=636505311683602768	ScriptElement	22 kB	2024-08-19	2025-05-28
URL 111.20.161.194:9001/WebResource.axd?d=NYFJVMoNDzsnMPKmSYdcQQ2&t=636505311683602768 IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-19 Last Seen 2025-05-28 Times Seen 3 Size 22 kB (21725 bytes) MD5 779cb04b0126aa0ddc730768c83daffb SHA1 fd3b1cec321493cb78bd4c9250751843c5418cbb SHA256 03fc3576d307c6cb9630deba2419ea9f592adaa6f2921c8ccb29a52cde780c0c Format Code Loading...

	111.20.161.194:9001/JS/RSA/BigInt.js	ScriptElement	16 kB	2023-03-13	2025-06-06
URL 111.20.161.194:9001/JS/RSA/BigInt.js IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-13 Last Seen 2025-06-06 Times Seen 13 Size 16 kB (15728 bytes) MD5 c930f53385f4fc2d3e47de7fda5a06ff SHA1 88fd9f8fdc2b01771fb5b359cf8d7eea69a71737 SHA256 7df864d607991927a98e092c40dcbc42bb01f1407b6583e7aabc737dd7c78548 Format Code Loading...

	111.20.161.194:9001/WebResource.axd?d=qxhxw1GeOy7cjOSLTy4axg2&t=636505311683602768	ScriptElement	3.0 kB	2023-03-07	2025-08-01
URL 111.20.161.194:9001/WebResource.axd?d=qxhxw1GeOy7cjOSLTy4axg2&t=636505311683602768 IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 943 Size 3.0 kB (3005 bytes) MD5 a870b45ac5d6b0d4e18c4829c7b660b4 SHA1 2d3ca0e1f19efdeb9b2dd3dcffb17f8aba118aa0 SHA256 144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf Format Code Loading...

	111.20.161.194:9001/JS/jquery-1.8.3.min.js	ScriptElement	94 kB	2023-03-07	2025-08-02
URL 111.20.161.194:9001/JS/jquery-1.8.3.min.js IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 17500 Size 94 kB (93637 bytes) MD5 e1288116312e4728f98923c79b034b67 SHA1 8b6babff47b8a9793f37036fd1b1a3ad41d38423 SHA256 ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32 Format Code Loading...

	111.20.161.194:9001/JS/RSA/Barrett.js	ScriptElement	1.8 kB	2023-03-13	2025-06-06
URL 111.20.161.194:9001/JS/RSA/Barrett.js IP / ASN 111.20.161.194 #9808 China Mobile Communications Group Co., Ltd. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-13 Last Seen 2025-06-06 Times Seen 19 Size 1.8 kB (1812 bytes) MD5 10184c53fdb4ac09fe7b33edc8076bc6 SHA1 75650c6f6977d7dc2ffe77c7bbf500b6ffb43351 SHA256 df0be3b4daf1631fdd23f2b73628ae1998710c61beda2325ab8eefccee160aa1 Format Code Loading...

HTTP Transactions (16)

URL IP Response Size

GET 111.20.161.194:9001/JS/RSA/Barrett.js

111.20.161.194

200 OK

1.8 kB

URL

111.20.161.194:9001/JS/RSA/Barrett.js

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2023-03-13

Last Seen2025-06-06

Times Seen19

Size1.8 kB (1812 bytes)

MD510184c53fdb4ac09fe7b33edc8076bc6

SHA175650c6f6977d7dc2ffe77c7bbf500b6ffb43351

SHA256df0be3b4daf1631fdd23f2b73628ae1998710c61beda2325ab8eefccee160aa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JS/RSA/Barrett.js HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Sun, 04 Mar 2012 12:04:30 GMT
Accept-Ranges: bytes
ETag: "05b25f4fef9cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 937

GET 111.20.161.194:9001/WebResource.axd?d=NYFJVMoNDzsnMPKmSYdcQQ2&t=636505311683602768

111.20.161.194

200 OK

22 kB

URL

111.20.161.194:9001/WebResource.axd?d=NYFJVMoNDzsnMPKmSYdcQQ2&t=636505311683602768

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeJavaScript source, ASCII text, with CRLF line terminators

First Seen2024-08-19

Last Seen2025-05-28

Times Seen3

Size22 kB (21725 bytes)

MD5779cb04b0126aa0ddc730768c83daffb

SHA1fd3b1cec321493cb78bd4c9250751843c5418cbb

SHA25603fc3576d307c6cb9630deba2419ea9f592adaa6f2921c8ccb29a52cde780c0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WebResource.axd?d=NYFJVMoNDzsnMPKmSYdcQQ2&t=636505311683602768 HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Content-Encoding: gzip
Expires: Wed, 27 May 2026 23:56:21 GMT
Last-Modified: Tue, 02 Jan 2018 15:06:08 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 5502

GET 111.20.161.194:9001/Handler/CreateValidateCode.ashx

111.20.161.194

200 OK

1.4 kB

URL

111.20.161.194:9001/Handler/CreateValidateCode.ashx

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeGIF image data, version 89a, 70 x 22

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size1.4 kB (1393 bytes)

MD54ff48247d4d62aeeca7a9f2a95902215

SHA131cb12616ac68fe42dea3551b54d437dd61fe190

SHA2568237f00419871be25553803e533d1f8ab67a214201caf16ed5a06ae35836d356

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Handler/CreateValidateCode.ashx HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 1393
Content-Type: image/Gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT

GET 111.20.161.194:9001/WebResource.axd?d=qxhxw1GeOy7cjOSLTy4axg2&t=636505311683602768

111.20.161.194

200 OK

3.0 kB

URL

111.20.161.194:9001/WebResource.axd?d=qxhxw1GeOy7cjOSLTy4axg2&t=636505311683602768

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2023-03-07

Last Seen2025-08-01

Times Seen943

Size3.0 kB (3005 bytes)

MD5a870b45ac5d6b0d4e18c4829c7b660b4

SHA12d3ca0e1f19efdeb9b2dd3dcffb17f8aba118aa0

SHA256144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WebResource.axd?d=qxhxw1GeOy7cjOSLTy4axg2&t=636505311683602768 HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Content-Encoding: gzip
Expires: Wed, 27 May 2026 23:56:46 GMT
Last-Modified: Tue, 02 Jan 2018 15:06:08 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 978

GET 111.20.161.194:9001/Images/login_bg.png

111.20.161.194

200 OK

1.1 MB

URL

111.20.161.194:9001/Images/login_bg.png

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typePNG image data, 1920 x 895, 8-bit/color RGBA, non-interlaced

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size1.1 MB (1104212 bytes)

MD551fd2847c1a3577420517741b614360b

SHA16acd7a6d621614f10c102b06da6e9c776c484410

SHA2568d98d20e7baa49e9b47a8e4c1c47b7fd006d6bd9716332c571b61bdd40d23c49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/login_bg.png HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/CSS/login_main.css
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 10 Jun 2019 03:11:35 GMT
Accept-Ranges: bytes
ETag: "d8203363a1fd51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 1104212

GET 111.20.161.194:9001/

111.20.161.194

200 OK

8.6 kB

URL

111.20.161.194:9001/

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byN/A

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (540), with CRLF line terminators

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size8.6 kB (8633 bytes)

MD5255beb850a3c22f07e8a812d90499615

SHA1fc8f031f7ae3541ba213c6bba58bb5b4547d5f5b

SHA25657c418f55388217bda6e6b88de1dc0f26d4041f83f46b5a92eb48420041a0428

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:12 GMT
Content-Length: 3865

GET 111.20.161.194:9001/JS/RSA/RSA.js

111.20.161.194

200 OK

4.0 kB

URL

111.20.161.194:9001/JS/RSA/RSA.js

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2023-03-13

Last Seen2025-06-06

Times Seen13

Size4.0 kB (4020 bytes)

MD588d4a4aafb07ad4c9c12e8e51a053984

SHA198295f492c0dc53d3c87a5a17f733140ac1a8368

SHA256919da83be1bfba25812336b18bcfa5d13236ae73cdfa965a1efed5d16c257190

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JS/RSA/RSA.js HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Sun, 04 Mar 2012 11:55:30 GMT
Accept-Ranges: bytes
ETag: "0e547b2fdf9cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 1653

GET 111.20.161.194:9001/JS/RSA/BigInt.js

111.20.161.194

200 OK

16 kB

URL

111.20.161.194:9001/JS/RSA/BigInt.js

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2023-03-13

Last Seen2025-06-06

Times Seen13

Size16 kB (15728 bytes)

MD5c930f53385f4fc2d3e47de7fda5a06ff

SHA188fd9f8fdc2b01771fb5b359cf8d7eea69a71737

SHA2567df864d607991927a98e092c40dcbc42bb01f1407b6583e7aabc737dd7c78548

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JS/RSA/BigInt.js HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Sun, 04 Mar 2012 11:27:46 GMT
Accept-Ranges: bytes
ETag: "0a575d2f9f9cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 4600

GET 111.20.161.194:9001/Images/SystemLogo/login_logo.png

111.20.161.194

200 OK

404 kB

URL

111.20.161.194:9001/Images/SystemLogo/login_logo.png

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typePNG image data, 310 x 70, 8-bit/color RGBA, non-interlaced

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size404 kB (403510 bytes)

MD5177fae3c9fdf43a5a81e550295b2a33b

SHA142f6cca13f2927851c8034b52762fdbb289b530c

SHA2564136060a905ab155ff61807b1ed032f1996c2387666847dd8ff41c82c57f6d64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/SystemLogo/login_logo.png HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/CSS/login_main.css
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 10 Jun 2019 03:11:31 GMT
Accept-Ranges: bytes
ETag: "12e9cd333a1fd51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 403510

GET 111.20.161.194:9001/Images/input_bg.png

111.20.161.194

200 OK

2.5 kB

URL

111.20.161.194:9001/Images/input_bg.png

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typePNG image data, 350 x 52, 8-bit/color RGBA, non-interlaced

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size2.5 kB (2521 bytes)

MD5a387d927b8264346439b5959f7bdea51

SHA16b3d4648146b0a4b8b365db361149acc26563a34

SHA256456838f94a3a789dd3d1801b9df5cb4aac443b992a85e68e0b2f0851b6ab463a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/input_bg.png HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/CSS/login_main.css
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 10 Jun 2019 03:11:35 GMT
Accept-Ranges: bytes
ETag: "6cc5ff353a1fd51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 2521

GET 111.20.161.194:9001/favicon.ico

111.20.161.194

404 Not Found

1.2 kB

URL

111.20.161.194:9001/favicon.ico

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-04-07

Last Seen2025-08-01

Times Seen897

Size1.2 kB (1163 bytes)

MD5b95f02d7712377499e60763a74069631

SHA12a6ea7a8c7353bddd6bd7b487842da1feaa525cf

SHA2565da10042a026a0612186de79cd45da85dfb2e2d71e5749f92f10ae9f91871f68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 1163

GET 111.20.161.194:9001/Images/teacher_bg.png

111.20.161.194

200 OK

1.2 kB

URL

111.20.161.194:9001/Images/teacher_bg.png

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typePNG image data, 164 x 45, 8-bit/color RGBA, non-interlaced

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size1.2 kB (1182 bytes)

MD512d55ae16e06a55e4cd42f509dec0fd7

SHA12987ff7b89c5de969eb57e67b306161a6afa8f17

SHA256a5720d058db22a8f37b93a7c0da6daa50b477fe08eab3b3ca85895d7832321ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/teacher_bg.png HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/CSS/login_main.css
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 10 Jun 2019 03:11:35 GMT
Accept-Ranges: bytes
ETag: "f2b85363a1fd51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 1182

GET 111.20.161.194:9001/Images/password_bg.png

111.20.161.194

200 OK

2.2 kB

URL

111.20.161.194:9001/Images/password_bg.png

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typePNG image data, 350 x 52, 8-bit/color RGBA, non-interlaced

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size2.2 kB (2185 bytes)

MD52fc7c99198051710629b5f71558927b7

SHA1300aff2793257a0d571a93b0b996734b78334c09

SHA2560c4097c54b3040548867d21a300e9a1203a6b301ea5284218142d3b03cffcc9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/password_bg.png HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/CSS/login_main.css
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 10 Jun 2019 03:11:35 GMT
Accept-Ranges: bytes
ETag: "7ea74363a1fd51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 2185

GET 111.20.161.194:9001/CSS/login_main.css

111.20.161.194

200 OK

4.7 kB

URL

111.20.161.194:9001/CSS/login_main.css

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeassembler source, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size4.7 kB (4717 bytes)

MD5f0d6bfe50be8e658c3f6615255a85255

SHA1e427837030ee0e204d7c9f5be0d4da963da24254

SHA256bd5484e115388a45b4b6d2eb84a076917e962563aae4c713446f5e3be4560284

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CSS/login_main.css HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 10 Jun 2019 03:11:47 GMT
Accept-Ranges: bytes
ETag: "801bb3d3a1fd51:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 1312

GET 111.20.161.194:9001/JS/jquery-1.8.3.min.js

111.20.161.194

200 OK

94 kB

URL

111.20.161.194:9001/JS/jquery-1.8.3.min.js

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65482), with CRLF line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen17500

Size94 kB (93637 bytes)

MD5e1288116312e4728f98923c79b034b67

SHA18b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JS/jquery-1.8.3.min.js HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Mon, 10 Jun 2019 03:11:30 GMT
Accept-Ranges: bytes
ETag: "01de9323a1fd51:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:14 GMT
Content-Length: 33507

GET 111.20.161.194:9001/Images/line_bg.png

111.20.161.194

200 OK

942 B

URL

111.20.161.194:9001/Images/line_bg.png

IP / ASN

111.20.161.194

#9808 China Mobile Communications Group Co., Ltd.

Requested byhttp://111.20.161.194:9001/

Resource Info

File typePNG image data, 112 x 4, 8-bit/color RGB, non-interlaced

First Seen2025-05-28

Last Seen2025-05-28

Times Seen1

Size942 B (942 bytes)

MD58ef85577c8ac4e154c3bc536edffd2c9

SHA15de955b66b1033f2b9b71fed746d3712ae9508c2

SHA2568a338435e261caf4e96f3444ad71f9f53dad755358b5b1ad1608d7b5a1a5e10e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Images/line_bg.png HTTP/1.1
Host: 111.20.161.194:9001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://111.20.161.194:9001/CSS/login_main.css
Cookie: ASP.NET_SessionId=ntrtk1erisc0fv0e0ea3nwwy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 10 Jun 2019 03:11:35 GMT
Accept-Ranges: bytes
ETag: "22731363a1fd51:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 28 May 2025 19:36:15 GMT
Content-Length: 942