Report - 141.11.212.141/

Report Overview

Visited public
2023-12-01 21:09:40
Tags
URL
141.11.212.141/
Finishing URL
141.11.212.141/
IP / ASN
141.11.212.141
#1239 SPRINTLINK
Title
BMWAi - 首页

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
hm.baidu.com	8254	1999-10-11	2012-05-26 10:38:45	2023-12-01 09:32:46	1.1 kB	12 kB	103.235.46.191
141.11.212.141	unknown	unknown	No data	No data	14 kB	1.6 MB	141.11.212.141

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed
2023-12-01	medium	141.11.212.141	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	unknown	DomTimer	101 B	2023-07-10	2024-08-20
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-07-10 09:31 Last Seen2024-08-20 17:08 Times Seen1 Hash ea7c97d246c1f59b5c2bc6924786db4b 443e6d0118469206bc26dbd8611e4fc0364f2967 95fb3ea5b5594881c6ff6313f2d36231b4638143ad587a8bc67112d191dcbe7c Loading...

	141.11.212.141/js/functions.js	ScriptElement	16 kB	2024-08-20	2024-08-20
Pretty URL 141.11.212.141/js/functions.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash 7eb61b0ca8966d75495a8ce70d1f1a5c 9a57c83b55d724eccf48bc94995aedf5ee1569f1 2b27259fff61cfa53f1d0b9823063150b4131c4fc0bf52eb36ba6c6df6fd7412 Loading...

	141.11.212.141/js/HituxScrollTop.js	ScriptElement	1.0 kB	2024-08-20	2024-08-20
Pretty URL 141.11.212.141/js/HituxScrollTop.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash e37f0186b84e2632327a409b382e28ae 03a06e3910ba4a849d6dffcce5fe87603f8c445d 0037a1d456ecafbd1e08f1c03a1ee13362a20a2fe8163e5961c5396c559eed2a Loading...

	141.11.212.141/js/ServiceCenter.js	ScriptElement	18 B	2023-03-10	2025-02-26
Pretty URL 141.11.212.141/js/ServiceCenter.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:22 Last Seen2025-02-26 15:02 Times Seen23 Hash 0ece2602b9d48e16dd457127b2a73cd1 2f99c929c02e02bace80a2a6517cd371c6212ba3 b16c6169d7d1a768c6c49f2ef79205fb7d74a47501f99a1f1a0be16e6629d679 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49 Last Seen2025-05-11 19:40 Times Seen34573 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	Function	275 B	2024-08-20	2024-08-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash 49397e2af6265796e09257d2fdc13209 4690f9b14e5a3cf5f002dc28cbafeeea51229043 505d68cc722fc38ab509fbebf4e71d5e0b3c428c0575ef0335d158e880932d4f Loading...

	141.11.212.141/js/jquery.min.js	ScriptElement	94 kB	2023-03-07	2025-05-11
Pretty URL 141.11.212.141/js/jquery.min.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 18:38 Times Seen16010 Hash e1288116312e4728f98923c79b034b67 8b6babff47b8a9793f37036fd1b1a3ad41d38423 ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32 Loading...

	141.11.212.141/js/focusslide.js	ScriptElement	10 kB	2024-08-20	2024-08-20
Pretty URL 141.11.212.141/js/focusslide.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash b6e36341d505a9dd0b10ee89842d4941 09dbaec3c122d91ef1431237c8e61a5f771c5daf eb941f1901302d505042b103b505628d3e86e153227f8d5e81269e09c5d03f2f Loading...

	141.11.212.141/js/h.js	ScriptElement	335 B	2023-12-01	2024-08-20
Pretty URL 141.11.212.141/js/h.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 22:09 Last Seen2024-08-20 17:08 Times Seen2 Hash 7577cc17ead5761c76a0ae932c94babd bb4d12f4cb7ff382076dbb1100128da7729d62fd d7e4aa28c2268f81ff97e571dae187d87fa5f2127cc3fbab52227f5c83e24bc2 Loading...

	141.11.212.141/	ScriptElement	285 B	2023-07-10	2024-08-20
Pretty URL 141.11.212.141/ IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-10 09:31 Last Seen2024-08-20 17:08 Times Seen1 Hash 88786149abb06749ce6834ab0baea20b 638c8544eab601b9ccd71391b0fc6729b58078a7 08a2b4e4a78a789ec6137cbc8cdbffeb74832f0ff5d5e2c07e9ff79052cf0020 Loading...

	hm.baidu.com/hm.js?b3f5146e5b1edacdc9e40410135942f4	ScriptElement	30 kB	2023-12-01	2023-12-01
Pretty URL hm.baidu.com/hm.js?b3f5146e5b1edacdc9e40410135942f4 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 22:09 Last Seen2023-12-01 22:09 Times Seen1 Hash 7f4074367cba4bee0800322a8b0be4b8 ae8c1b88b0de9da58276455b8c62b13f763d8c45 228f9898c226eaa7ec5c722e1ace4e6535223dbc3a5142a901d8fe6d4de39a5f Loading...

	141.11.212.141/	ScriptElement	23 B	2024-08-20	2024-08-20
Pretty URL 141.11.212.141/ IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash 51f8ca9afc507be65bd15519a7536539 3395860468aad91d3c4e010d6052c8dc523f3643 fdfb7cfa6bc73cd693c3caa626946ae07833ae57b5f8b2c7ea05881afa3faa18 Loading...

	141.11.212.141/js/index.js	ScriptElement	16 kB	2023-07-10	2024-08-20
Pretty URL 141.11.212.141/js/index.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-10 09:31 Last Seen2024-08-20 17:08 Times Seen1 Hash b371165f552c22d8328609b1993c4df3 00ec28ec0612352ec20565b187b800f986fcc99a ca1c2809e3b7c1eb377333dab60451accb2f2a810b1902e0cae66fad6b6be783 Loading...

	141.11.212.141/images/iepng/iepngfix_tilebg.js	ScriptElement	4.3 kB	2023-03-08	2025-01-24
Pretty URL 141.11.212.141/images/iepng/iepngfix_tilebg.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:36 Last Seen2025-01-24 10:41 Times Seen26 Hash 2700a811fcca690548a5c67e982ca336 fc1634ea45a05b9e68e8c949a1cdca89a9a593ca 63945981e420fbf85b33dc09fbb878963ff5e66be0d824285bd2524335c345cc Loading...

	141.11.212.141/JS/jquery.lazyload.js	ScriptElement	7.0 kB	2023-07-10	2024-08-20
Pretty URL 141.11.212.141/JS/jquery.lazyload.js IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-10 09:31 Last Seen2024-08-20 17:08 Times Seen1 Hash 8b9eeb576f677ee5a9df894269a54039 12f06056784f3d1e8809de77cdac17f81de38696 b5cb9c1c059491e8048a44cf1a17b2c23213a0784842b8403e8f5b654c7a175d Loading...

	141.11.212.141/	ScriptElement	254 B	2024-08-20	2024-08-20
Pretty URL 141.11.212.141/ IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash 26aca5f66de5e75934655513502c9b7f 17be55b0804534a79fd3ee602e9d4ddee9e0b283 e35449e135cb0399a09dd5da691d872aca6ad41ebf6ef82fd17d6987eed50cc0 Loading...

	141.11.212.141/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL 141.11.212.141/ IP 141.11.212.141 ASN #1239 SPRINTLINK Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 20:04 Times Seen4657049 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - d41d8cd98f00b204e9800998ecf8427e	0 B	0001-01-01 00:00	2025-05-11 20:04
Pretty Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 20:04 Times Seen4657049 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (40)

URL IP Response Size

141.11.212.141/

141.11.212.141

4.8 kB

URL User Request GET
141.11.212.141/
IP
141.11.212.141:0
ASN
#1239 SPRINTLINK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1671), with CRLF, CR line terminators
Size
4.8 kB (4814 bytes)
Hash
bb03db05dc0c2fe07b999b666d5f9ebc
132a3b033d1529435c3c3090848c624be2e8870f
c6c5e4f6d7b4dc01dcc2aa994d81d58e6d8df99ea9583376330483cec3396366

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Fri, 05 May 2023 00:46:27 GMT
Accept-Ranges: bytes
ETag: "80732a6eb7ed91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 4814

141.11.212.141/

141.11.212.141

4.8 kB

URL User Request GET
141.11.212.141/
IP
141.11.212.141:0
ASN
#1239 SPRINTLINK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1671), with CRLF, CR line terminators
Size
4.8 kB (4814 bytes)
Hash
bb03db05dc0c2fe07b999b666d5f9ebc
132a3b033d1529435c3c3090848c624be2e8870f
c6c5e4f6d7b4dc01dcc2aa994d81d58e6d8df99ea9583376330483cec3396366

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Fri, 05 May 2023 00:46:27 GMT
Accept-Ranges: bytes
ETag: "80732a6eb7ed91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 4814

141.11.212.141/css/HituxCMSTurbo/style.css

141.11.212.141

200 OK

26 kB

URL GET HTTP/1.1
141.11.212.141/css/HituxCMSTurbo/style.css
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
26 kB (26334 bytes)
Hash
884d91454939c489b59837cbaefc695d
2859d87f20040c442e082a27adb16a1af32fce2c
170393ad4a2036062717939601b34679da93cfa918c8af52d6f9cf380f14f643

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/HituxCMSTurbo/style.css HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Thu, 15 Jun 2017 02:58:57 GMT
Accept-Ranges: bytes
ETag: "c481eb5483e5d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 26334

141.11.212.141/js/focusslide.js

141.11.212.141

200 OK

11 kB

URL GET HTTP/1.1
141.11.212.141/js/focusslide.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
11 kB (10570 bytes)
Hash
9a2e0aa4d11ccc939a1f8a30a3af6c6d
a31f1ca3c549f4770d40636412d5f5cd4594d4b6
be94ad952b23a3116eff00ab7c33fb26de863608e08528c46289a53c409cb3e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/focusslide.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Mon, 01 Aug 2016 06:19:19 GMT
Accept-Ranges: bytes
ETag: "14360a3bcebd11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 10570

141.11.212.141/js/index.js

141.11.212.141

200 OK

16 kB

URL GET HTTP/1.1
141.11.212.141/js/index.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (11043), with CRLF line terminators
Size
16 kB (16045 bytes)
Hash
d84af853b321729aaf28611bec3c74b2
29af010091aaae3c6520290a97249824a9f18946
fc0dd81e3adb12bab1d5cf678499a02eefef524d3fb8c92e1e76ec000549918a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Mon, 25 Jul 2016 03:44:30 GMT
Accept-Ranges: bytes
ETag: "b4675cd926e6d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 16045

141.11.212.141/JS/jquery.lazyload.js

141.11.212.141

200 OK

7.0 kB

URL GET HTTP/1.1
141.11.212.141/JS/jquery.lazyload.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
7.0 kB (6977 bytes)
Hash
46e3b26339f598b06dd97618671f6d17
b5496623d789a250749358e6b5a9fee11e218c2f
fe0f4c8f95a345feccbc7e8ed17c3a6e3700a5aa0d8fd5e0d747e68aae18c5f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /JS/jquery.lazyload.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Wed, 22 Jun 2016 07:42:50 GMT
Accept-Ranges: bytes
ETag: "2c659aad59ccd11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 6977

141.11.212.141/js/functions.js

141.11.212.141

200 OK

16 kB

URL GET HTTP/1.1
141.11.212.141/js/functions.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (11042), with CRLF line terminators
Size
16 kB (15974 bytes)
Hash
fb08fb60df0bf9ae78c1eeca3aa01798
fc5c0b055e147430563f35af51a2b6d71b2858e8
8d437ed9c0c1f7e0b5a19fa583bd1772e9885a87da4ffd437d3e9d3d1d99f61f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/functions.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Fri, 26 Jan 2018 20:54:28 GMT
Accept-Ranges: bytes
ETag: "8c657fdbe796d31:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 15974

141.11.212.141/css/HituxCMSTurbo/common.css

141.11.212.141

200 OK

18 kB

URL GET HTTP/1.1
141.11.212.141/css/HituxCMSTurbo/common.css
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with CRLF line terminators
Size
18 kB (17681 bytes)
Hash
182cc56a16a17511db731500dca3dcb9
409a4ad5d9d2ca473769de7f0247221d884962a7
dafafb9d1f0b2eee2605dc47ff1d904d392b05401b0882e9cc2080b2949bf5f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/HituxCMSTurbo/common.css HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Sat, 10 Jun 2017 05:04:50 GMT
Accept-Ranges: bytes
ETag: "08cff16a7e1d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 17681

141.11.212.141/images/iepng/iepngfix_tilebg.js

141.11.212.141

200 OK

4.3 kB

URL GET HTTP/1.1
141.11.212.141/images/iepng/iepngfix_tilebg.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
ASCII text, with CRLF line terminators
Size
4.3 kB (4345 bytes)
Hash
2700a811fcca690548a5c67e982ca336
fc1634ea45a05b9e68e8c949a1cdca89a9a593ca
63945981e420fbf85b33dc09fbb878963ff5e66be0d824285bd2524335c345cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/iepng/iepngfix_tilebg.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Sat, 03 Oct 2009 02:05:46 GMT
Accept-Ranges: bytes
ETag: "0b945ce43ca1:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 4345

141.11.212.141/js/h.js

141.11.212.141

200 OK

327 B

URL GET HTTP/1.1
141.11.212.141/js/h.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
ISO-8859 text, with CRLF line terminators
Size
327 B (327 bytes)
Hash
33694fd10fc0334e10eb6fcc1d49e584
6576e4b3c4a16a63d0f6b384f844fea6c92cf479
30a577c48a3887d4fb576cc4c6a8e2daa8ba580430dc8a269c2c6b903dee76fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/h.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Fri, 18 Jan 2013 05:46:48 GMT
Accept-Ranges: bytes
ETag: "94c931353ff5cd1:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 327

141.11.212.141/js/HituxScrollTop.js

141.11.212.141

200 OK

1.0 kB

URL GET HTTP/1.1
141.11.212.141/js/HituxScrollTop.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.0 kB (1004 bytes)
Hash
275fcca8af4f90479a1a0688376c6fe3
5e8ab40780336975f6cba2a4e703307639b49e44
2036bac2dee1509ce7b8a36a6cea4dae3a2fd34543fc329be61132765fdbe9e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/HituxScrollTop.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Sat, 10 Jun 2017 20:43:31 GMT
Accept-Ranges: bytes
ETag: "70c48e382ae2d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 1004

141.11.212.141/js/ServiceCenter.js

141.11.212.141

200 OK

21 B

URL GET HTTP/1.1
141.11.212.141/js/ServiceCenter.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
Unicode text, UTF-8 (with BOM) text, with no line terminators
Size
21 B (21 bytes)
Hash
d0241d0ddc200e148f0ac83f837d65b5
a12076ee6503658f2f175bfa942b6d7830ccb783
f6b1f50e644fa20435a3539ff1e5c7ae6f863c123852869cb882cd2380186d15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ServiceCenter.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 10 Jan 2019 18:14:00 GMT
Accept-Ranges: bytes
ETag: "a69afe4210a9d41:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 21

141.11.212.141/js/jquery.min.js

141.11.212.141

200 OK

94 kB

URL GET HTTP/1.1
141.11.212.141/js/jquery.min.js
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
ASCII text, with very long lines (65482), with CRLF line terminators
Size
94 kB (93637 bytes)
Hash
e1288116312e4728f98923c79b034b67
8b6babff47b8a9793f37036fd1b1a3ad41d38423
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.min.js HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Wed, 22 Jun 2016 07:42:40 GMT
Accept-Ranges: bytes
ETag: "5c7191a759ccd11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:24 GMT
Content-Length: 93637

141.11.212.141/images/up_images/202271820515.png

141.11.212.141

200 OK

18 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/202271820515.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 617 x 377, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (18447 bytes)
Hash
99707c3581ce04d67aa379ac75cbedc0
fe6442acf3fd3ad6ba39c23513161f4079c235a5
7b1aaf9a33dd9539605473749b50875bee814e4382afbae758a8902367ca62c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/202271820515.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 18 Jul 2022 12:51:05 GMT
Accept-Ranges: bytes
ETag: "cfd2f4aa59ad81:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 18447

141.11.212.141/images/left.jpg

141.11.212.141

200 OK

909 B

URL GET HTTP/1.1
141.11.212.141/images/left.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 25x38, components 3\012- data
Size
909 B (909 bytes)
Hash
9e3528e9dc5e9f8c199fb01ba5370cb0
8ff1ac3fc281c4323267731ad96cd9d971a88b01
b119ce0653c2d9f3bcdc58caaf38e58a1bb0d1685c2bfeab713555aaa4378623

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/left.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 21 Jul 2016 21:36:47 GMT
Accept-Ranges: bytes
ETag: "9e46eefb97e3d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 909

141.11.212.141/images/up_images/201769142828.jpg

141.11.212.141

200 OK

12 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/201769142828.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 200x186, components 3\012- data
Size
12 kB (12098 bytes)
Hash
9889e63d56a23f0f47126149e60d7741
0a3a813186d74c81168a21190e079e46686d9a4c
19df5517baf9daafa000592ac59cbe5b061de486784344575af8c052fd00555c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/201769142828.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 09 Jun 2017 21:28:28 GMT
Accept-Ranges: bytes
ETag: "2ea3a25567e1d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 12098

141.11.212.141/images/up_images/201769104340.png

141.11.212.141

200 OK

9.2 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/201769104340.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 399 x 62, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9226 bytes)
Hash
6b64f1fc516f2725ada5ed239e80e44e
01f931aac9ca28261af02391d4573f4b6adeab71
77c5858752bb5f8772405cb3f3137482280d631f414ca0956867f64a91d3e120

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/201769104340.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 09 Jun 2017 17:43:40 GMT
Accept-Ranges: bytes
ETag: "f24d8dee47e1d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 9226

141.11.212.141/images/HituxCMSTurbo/search_bg.gif

141.11.212.141

200 OK

801 B

URL GET HTTP/1.1
141.11.212.141/images/HituxCMSTurbo/search_bg.gif
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
GIF image data, version 89a, 298 x 36\012- data
Size
801 B (801 bytes)
Hash
3b439a5905a6aff3c6839a68ab4d9b0f
9060110357338a3d112ebafb2c6b65a2d32d453e
d6d78f0ee2835c9c78cbd2ed4d51ed86204415ff7ef12ad71e5ad5974e6e230a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/HituxCMSTurbo/search_bg.gif HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/common.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 18 Nov 2015 06:15:00 GMT
Accept-Ranges: bytes
ETag: "6a8ac074c821d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 801

141.11.212.141/images/HituxCMSTurbo/curent.jpg

141.11.212.141

200 OK

9.3 kB

URL GET HTTP/1.1
141.11.212.141/images/HituxCMSTurbo/curent.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:08:17 11:54:07], progressive, precision 8, 30x50, components 3\012- data
Size
9.3 kB (9273 bytes)
Hash
397094c5226ef234d8ea8129b6e76eae
3a96dc96dfc0ece7c74a3934775520fddbde935b
e401e7647d206a0fad2ce1bda1aeeb8a2da72b2f82b94e0e3f0241c20e49df39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/HituxCMSTurbo/curent.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/common.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 17 Aug 2016 18:54:07 GMT
Accept-Ranges: bytes
ETag: "9677cbbb8f8d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 9273

141.11.212.141/images//HituxCMSTurbo/grey.png

141.11.212.141

200 OK

443 B

URL GET HTTP/1.1
141.11.212.141/images//HituxCMSTurbo/grey.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 12 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
443 B (443 bytes)
Hash
abdb286a62e7714ac537163384660850
c81a63b161ed75a743a6979160fff59dd02bc4a1
bc815806f00289b25644f3718e13eded12d1953366adf84d2518b7efe0fb9db9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images//HituxCMSTurbo/grey.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 11 Aug 2012 20:11:39 GMT
Accept-Ranges: bytes
ETag: "d6f09784fd77cd1:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 443

141.11.212.141/images/up_images/20170613204958055805.jpg

141.11.212.141

200 OK

102 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/20170613204958055805.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 614x535, components 3\012- data
Size
102 kB (101592 bytes)
Hash
0d703ab702ccf9f87a15772bb090a283
6b6a5cf0a296ae0e015d46da496927665f8a452b
e3cdf1fc239ed2f0b9ab6c976a16d2d2f19bd193b2a94bb8a6b8fe78163836a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/20170613204958055805.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 14 Jun 2017 03:49:44 GMT
Accept-Ranges: bytes
ETag: "28c19a42c1e4d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 101592

141.11.212.141/images/HituxCMSTurbo/darkblue.png

141.11.212.141

200 OK

583 B

URL GET HTTP/1.1
141.11.212.141/images/HituxCMSTurbo/darkblue.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 12 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
583 B (583 bytes)
Hash
00fefaa9c70fe3b2e6f4b5a98620bee8
8ee6ff5b04b2bd7d821e8f4c50101a11d322f21e
6e2f3eecdba64f5cd069cc92dc160e9b4e4aec1491619a646afad7bc4cf5ae00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/HituxCMSTurbo/darkblue.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 11 Aug 2012 20:11:39 GMT
Accept-Ranges: bytes
ETag: "f23ea684fd77cd1:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 583

141.11.212.141/images/HituxCMSTurbo/item_bg1.png

141.11.212.141

200 OK

404 B

URL GET HTTP/1.1
141.11.212.141/images/HituxCMSTurbo/item_bg1.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 8 x 282, 8-bit/color RGB, interlaced\012- data
Size
404 B (404 bytes)
Hash
7d7605480e874b110a189d605f322306
4369ca0a05c5750196559b2b9b999e1b0d16e2f5
64f12fc423c02640526036e02fc2e8fa4d7252869de8e5d0ea9acb698738b2aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/HituxCMSTurbo/item_bg1.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 05 Sep 2013 22:58:10 GMT
Accept-Ranges: bytes
ETag: "a0126f648baace1:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 404

141.11.212.141/images/up_images/222333444.jpg

141.11.212.141

200 OK

50 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/222333444.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1120x500, components 3\012- data
Size
50 kB (49954 bytes)
Hash
1849e7d5968a02af1a01851b2ef83acd
4cab66d6de2778ca7acba3fffb4d9b18c62120a8
34fd15c3380b43faa48f5cf0856e5abcf608bb2a5a30d67dfc58d0a6f327aee3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/222333444.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 17 Jul 2017 05:53:44 GMT
Accept-Ranges: bytes
ETag: "1a42cbcc1fed21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 49954

141.11.212.141/images/up_images/20176814146.png

141.11.212.141

200 OK

10 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/20176814146.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 256 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10163 bytes)
Hash
a164cdad2269e53868d095ee19f5ead4
60e4ff8771054f9cd51822a5ee2321a59e24c3de
fc763b98135d921211dda353fb66551162a9c548cb3291d83bdc805bf4a49a42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/20176814146.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jun 2017 08:41:46 GMT
Accept-Ranges: bytes
ETag: "448d581033e0d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 10163

141.11.212.141/images/up_images/201769233153.jpg

141.11.212.141

200 OK

107 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/201769233153.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 978x687, components 3\012- data
Size
107 kB (107337 bytes)
Hash
cadfa502921f4d135e70a5b9ad2a6b5b
b349bb70147b9e0acfd0e573c0a62f233b7e611c
fab72e0484b58552491de2a84dce255cb9904f1d7a8c874b16d72ed1aa2cecb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/201769233153.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 10 Jun 2017 06:31:53 GMT
Accept-Ranges: bytes
ETag: "bcf6c13fb3e1d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 107337

141.11.212.141/images/HituxCMSTurbo/item_button.png

141.11.212.141

200 OK

4.5 kB

URL GET HTTP/1.1
141.11.212.141/images/HituxCMSTurbo/item_button.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 144 x 30, 8-bit/color RGBA, interlaced\012- data
Size
4.5 kB (4490 bytes)
Hash
7d11c1dd76fdb8c761d101fc5d7e40a5
74ada169745739627a362270c834d0167de1203b
7220f8fca601d22666058f6aea452f0c3b043b9b3fac751633ba99eed648865f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/HituxCMSTurbo/item_button.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 17 Aug 2016 07:59:51 GMT
Accept-Ranges: bytes
ETag: "9c43ed545df8d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 4490

141.11.212.141/images/up_images/201768211215.png

141.11.212.141

200 OK

6.9 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/201768211215.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 256 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6876 bytes)
Hash
e5108fda6232a220e93cda81041f6b22
c114597379ba13e5a312b3fe4771c3dd12d560ef
5fc78e4656596bf6b5f37a124275496f634549b1a9331075ff62c4f387998cc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/201768211215.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 09 Jun 2017 04:12:15 GMT
Accept-Ranges: bytes
ETag: "8e271694d6e0d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 6876

141.11.212.141/images/up_images/201768212143.png

141.11.212.141

200 OK

5.9 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/201768212143.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 256 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
5.9 kB (5891 bytes)
Hash
47fb0b2e4350a21a4e1d3b002d2ce222
d34bf5c5bc6ae34189e9ef09ecbeec26347145c8
11b511f3d31b92d678268a0a894f73b7393819c862e1b18ba36f6c38f4b1a857

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/201768212143.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 09 Jun 2017 04:21:43 GMT
Accept-Ranges: bytes
ETag: "de8f1ee6d7e0d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 5891

141.11.212.141/images/up_images/20176821940.png

141.11.212.141

200 OK

7.8 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/20176821940.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 256 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7766 bytes)
Hash
91aee02de4825bf42c0a715adbc80c5b
6dd7a936fe8bdec99231cbf9e298f365bf9275ee
0afe7241c2b5006f60ad49865ca4063ef4065d2c64d6fc4830cd17e44017c6b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/20176821940.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 09 Jun 2017 04:09:40 GMT
Accept-Ranges: bytes
ETag: "3ef59f37d6e0d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 7766

141.11.212.141/images/right.jpg

141.11.212.141

200 OK

891 B

URL GET HTTP/1.1
141.11.212.141/images/right.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 24x37, components 3\012- data
Size
891 B (891 bytes)
Hash
407ad1ff955ed1382f8e9aab064f56de
4badb7600c19f08b8d95a8405185a990b9ad3612
a7a4b2b624194dde8a9d4f702030d16c9414aacd6b9662e9a0c9749a70ffc599

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/right.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 21 Jul 2016 21:36:47 GMT
Accept-Ranges: bytes
ETag: "f23019fc97e3d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 891

141.11.212.141/images/up_images/20176703117.jpg

141.11.212.141

200 OK

30 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/20176703117.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 415x200, components 3\012- data
Size
30 kB (30421 bytes)
Hash
d1e4801be7362db567793a9ac1fe7f2b
9fd2ef5396432e30e3d7f16cfb11501367c1e655
64b9962695dcc12f325afc482cfa43e779a00db427401e18d593303f76d0dbc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/20176703117.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 07 Jun 2017 07:31:17 GMT
Accept-Ranges: bytes
ETag: "d87ed8c60dfd21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 30421

141.11.212.141/images/HituxCMSTurbo/btn.gif

141.11.212.141

200 OK

229 B

URL GET HTTP/1.1
141.11.212.141/images/HituxCMSTurbo/btn.gif
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
GIF image data, version 89a, 30 x 10\012- data
Size
229 B (229 bytes)
Hash
6fcf42060c6c45f89650d575fed4dd61
5911e58ecf16eb8bedf4c8843e7cc7fd30a21c5c
f2ce804777a745697f903c771be6e632741715b8757f1a71a876a49dad1c3476

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/HituxCMSTurbo/btn.gif HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 17 Aug 2016 07:22:24 GMT
Accept-Ranges: bytes
ETag: "78dff61958f8d11:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 229

141.11.212.141/images/up_images/2012521212111.jpg

141.11.212.141

200 OK

38 kB

URL GET HTTP/1.1
141.11.212.141/images/up_images/2012521212111.jpg
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 484x290, components 3\012- data
Size
38 kB (37805 bytes)
Hash
3333ee806c2ec9976c555965f552443d
156e5f6ae2666f53382f85ec27a9aad1fc181975
c1992bb7d189ba4a576a210f40be64d2c28fbd34256a0c87b54446582650ae4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/up_images/2012521212111.jpg HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 04 Dec 2013 18:39:50 GMT
Accept-Ranges: bytes
ETag: "eeb6373720f1ce1:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 37805

141.11.212.141/images/QRCode.png

141.11.212.141

200 OK

27 kB

URL GET HTTP/1.1
141.11.212.141/images/QRCode.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 210 x 210, 8-bit/color RGB, non-interlaced\012- data
Size
27 kB (27051 bytes)
Hash
064454e26344d2aebdb905eab0197144
8497afa20951e3060755e132433e9db19516f2b4
859d45581973e79f6d1fadc0431b7db03ec2ded9e7e94baf1f8321ecfc186ae5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/QRCode.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/common.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sat, 10 Jun 2017 03:29:50 GMT
Accept-Ranges: bytes
ETag: "4a962bd199e1d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 27051

141.11.212.141/images/side-icon02.png

141.11.212.141

200 OK

490 kB

URL GET HTTP/1.1
141.11.212.141/images/side-icon02.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 23 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
490 kB (490098 bytes)
Hash
8126d5fc9d8203e4f6aac068366800bc
96736c12f545ec34dcc4060e1c08bf15636b6ac1
fcc42ae12ce1566489ed73dbfb17e2da2f228c1a243f56a074c74f41d5de8cb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/side-icon02.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/common.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 14 Jan 2015 19:52:52 GMT
Accept-Ranges: bytes
ETag: "0c254ae3330d01:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 490098

141.11.212.141/images/side-icon01.png

141.11.212.141

200 OK

490 kB

URL GET HTTP/1.1
141.11.212.141/images/side-icon01.png
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
490 kB (490110 bytes)
Hash
0176d23bc0adcc8d62eb93a57ce7b842
91e664e01afdb2fb13ae2258885afcf23e642228
d20b99862ae3908c5291e6e34794ce3a5ea82f0c50e10e77db4091ab5beb0d42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/side-icon01.png HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/css/HituxCMSTurbo/common.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 14 Jan 2015 19:52:52 GMT
Accept-Ranges: bytes
ETag: "0c254ae3330d01:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 490110

141.11.212.141/favicon.ico

141.11.212.141

200 OK

318 B

URL GET HTTP/1.1
141.11.212.141/favicon.ico
IP
141.11.212.141:80
ASN
#1239 SPRINTLINK

Requested by
http://141.11.212.141/

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size
318 B (318 bytes)
Hash
e2cb6315f0fcb0064b0d3f328797f30e
5044f4162c5c5c583a65a6c756652b42412b9462
5cf34eb1356b355bad0c92e8e574228faf7aec0f59ea720e86407e9bf3e78887

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 141.11.212.141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Wed, 14 Jun 2017 21:07:55 GMT
Accept-Ranges: bytes
ETag: "8087ab4a52e5d21:0"
Server: Microsoft-IIS/8.5
Date: Fri, 01 Dec 2023 21:09:25 GMT
Content-Length: 318

hm.baidu.com/hm.js?b3f5146e5b1edacdc9e40410135942f4

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?b3f5146e5b1edacdc9e40410135942f4
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://141.11.212.141/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
ASCII text, with very long lines (619)
Size
11 kB (11257 bytes)
Hash
7f4074367cba4bee0800322a8b0be4b8
ae8c1b88b0de9da58276455b8c62b13f763d8c45
228f9898c226eaa7ec5c722e1ace4e6535223dbc3a5142a901d8fe6d4de39a5f

HTTP Headers

GET /hm.js?b3f5146e5b1edacdc9e40410135942f4 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Fri, 01 Dec 2023 21:09:26 GMT
Etag: ab77b70e0066678989d1f64c29125d4d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C9C2D2565A97B87E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1114105902&si=b3f5146e5b1edacdc9e40410135942f4&v=1.3.0&lv=1&sn=45302&r=0&ww=1280&u=http%3A%2F%2F141.11.212.141%2F&tt=BMWAi%20-%20%E9%A6%96%E9%A1%B5

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1114105902&si=b3f5146e5b1edacdc9e40410135942f4&v=1.3.0&lv=1&sn=45302&r=0&ww=1280&u=http%3A%2F%2F141.11.212.141%2F&tt=BMWAi%20-%20%E9%A6%96%E9%A1%B5
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://141.11.212.141/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1114105902&si=b3f5146e5b1edacdc9e40410135942f4&v=1.3.0&lv=1&sn=45302&r=0&ww=1280&u=http%3A%2F%2F141.11.212.141%2F&tt=BMWAi%20-%20%E9%A6%96%E9%A1%B5 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://141.11.212.141/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 01 Dec 2023 21:09:27 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=25F71EB2A58CA60C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations