| 111.116.20.57:8080/reader/login.php | 111.116.20.57 | 200 OK | 8.3 kB |
URL User Request GET HTTP/1.1111.116.20.57:8080/reader/login.php IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
File typeHTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Hash79fccce1260e0afebf486c5ac961519e 32ce6cd155b19ab1de8dcdd021a3806857cd82c5 8e84fb604505ec9c23904ae5b0a6c97811a2d5f426d27ba6a25fd5510729c9c3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /reader/login.php HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:41 GMT
Server: Server
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3; path=/; HttpOnly
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| 111.116.20.57:8080/tpl/css/mylib.css | 111.116.20.57 | 200 OK | 3.2 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/css/mylib.css IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeASCII text, with CRLF line terminators Hashad1748b899d2f2cb6238bb04173d9a14 6a6930c147f4805f45074dd2a9852372416cafb7 800ace76552305746da07f2d6ca8cad5fd17a295eec61a710117d6bbfbf2295d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/css/mylib.css HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:44 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:36 GMT
ETag: "c78-5cdcee4066c1c"
Accept-Ranges: bytes
Content-Length: 3192
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 111.116.20.57:8080/tpl/css/style.css | 111.116.20.57 | 200 OK | 47 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/css/style.css IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeUnicode text, UTF-8 text, with very long lines (735), with CRLF line terminators Hashfefd78213a7a7d9b5e84adbd4d3eb3ce be1a07775469711b8b80cd90ebae005ea5627341 27dd035fc6644e45a489fff85089df3388677c95f75a2f18277d6a86b1c89850
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/css/style.css HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:42 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:36 GMT
ETag: "b6e1-5cdcee406a921"
Accept-Ranges: bytes
Content-Length: 46817
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 111.116.20.57:8080/tpl/js/highlighter.js | 111.116.20.57 | 200 OK | 3.4 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/js/highlighter.js IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeUnicode text, UTF-8 text, with CRLF line terminators Hashb249b5976884a68b36f795c33ff38ca9 cf79267de7b4f7db0dc8939cdd4af527bf725cab c54a19ab79b65cf0142d5df83a9b9179c9a5f881a8a4d7a51f55fdd3739037da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/js/highlighter.js HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:44 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:37 GMT
ETag: "d73-5cdcee41e0692"
Accept-Ranges: bytes
Content-Length: 3443
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 111.116.20.57:8080/tpl/css/font-awesome.css | 111.116.20.57 | 200 OK | 25 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/css/font-awesome.css IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typetroff or preprocessor input, ASCII text, with very long lines (305) Hashe4e5f0ff7d97d2851d8f06c26a4e302b 15e5b5a9c81e2cf89c768a80cd06c6180f35ab04 305fdd8ab222d1123866f401b7e8786d674f72ec8d40197069369683b6019655
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/css/font-awesome.css HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:43 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:36 GMT
ETag: "626d-5cdcee4062f13"
Accept-Ranges: bytes
Content-Length: 25197
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 111.116.20.57:8080/tpl/js/base64.js | 111.116.20.57 | 200 OK | 6.8 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/js/base64.js IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeJavaScript source, ASCII text Hash0c282d9ab2bb518b96a918b05b2d44c6 86ca53325faf2d6f0367a9abc7db09a244214ebf 04ae29c937820b9b3b79bd8cfae6fabf6cc3f4fc14690ae40106189f23b63990
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/js/base64.js HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:44 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:37 GMT
ETag: "1a8b-5cdcee41d8c84"
Accept-Ranges: bytes
Content-Length: 6795
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 111.116.20.57:8080/tpl/js/md5.js | 111.116.20.57 | 200 OK | 8.8 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/js/md5.js IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeASCII text, with CRLF line terminators Hashee3a962f93b0031161f08e7c6503f961 742ebc274ad08267f56e51e585c8720a32c9e3a5 dc0df8d67a1cd007a197171d3c5594dbc0635e47e18c67ba3487ce90f183e474
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/js/md5.js HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:44 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:37 GMT
ETag: "227b-5cdcee41efabc"
Accept-Ranges: bytes
Content-Length: 8827
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 111.116.20.57:8080/tpl/css/ui-lightness/jquery-ui.css | 111.116.20.57 | 200 OK | 36 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/css/ui-lightness/jquery-ui.css IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeASCII text, with very long lines (2363) Hashc4a88ec0cb998929a670c0c58d7dc526 03135a88e8dbc36020dd453d1e7407ce9a3a2cc2 44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/css/ui-lightness/jquery-ui.css HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:45 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:36 GMT
ETag: "8c85-5cdcee408ce74"
Accept-Ranges: bytes
Content-Length: 35973
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 111.116.20.57:8080/favicon.ico | 111.116.20.57 | 200 OK | 1.4 kB |
URL GET HTTP/1.1111.116.20.57:8080/favicon.ico IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeMS Windows icon resource - 1 icon, 16x16, 8 bits/pixel Hash226d26f23bc72004c7c8fc22b4876d84 1f5e6cdbd9fffea91f22b32b8d427c7560856512 b7243ca887a76a65b6c16a13fbc9d928080af461ae2565ee9d9faabf8a403619
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:55 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:28 GMT
ETag: "57e-5cdcee394ef4a"
Accept-Ranges: bytes
Content-Length: 1406
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/x-icon
|
|
| 111.116.20.57:8080/tpl/js/jquery.js | 111.116.20.57 | 200 OK | 87 kB |
URL GET HTTP/1.1111.116.20.57:8080/tpl/js/jquery.js IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/js/jquery.js HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:43 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:37 GMT
ETag: "1538f-5cdcee41ebdbf"
Accept-Ranges: bytes
Content-Length: 86927
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 111.116.20.57:8080/reader/captcha.php | 111.116.20.57 | 200 OK | 3.8 kB |
URL GET HTTP/1.1111.116.20.57:8080/reader/captcha.php IP111.116.20.57:8080 ASN#4538 China Education and Research Network Center
Requested byhttp://111.116.20.57:8080/reader/login.php
File typePNG image data, 160 x 40, 8-bit/color RGB, non-interlaced Hash6fdf9bc66f1e48c0504a5869dcf5a052 bbefb7fd669f82ce01f59c8d9f7ee13bc1b4dc0f c295d12a898bde0b7a05181a932afa196e4ad7ade8e5186953a2533a93b7a93f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /reader/captcha.php HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:55 GMT
Server: Server
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
|
|
| 111.116.20.57:8080/tpl/js/jquery-ui.js | 0.0.0.0 | | 0 B |
URL GET 111.116.20.57:8080/tpl/js/jquery-ui.js IP0.0.0.0:0
Requested byhttp://111.116.20.57:8080/reader/login.php
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tpl/js/jquery-ui.js HTTP/1.1
Host: 111.116.20.57:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=l7v2e4baqih16otm1vn22m3hv3
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 10:20:44 GMT
Server: Server
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Fri, 08 Oct 2021 03:22:37 GMT
ETag: "7f20a-5cdcee41e439a"
Accept-Ranges: bytes
Content-Length: 520714
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
|
|