61.216.19.80/
61.216.19.80 256 B IP 61.216.19.80:0
ASN #3462 Data Communication Business Group
File type HTML document, ASCII text
Hash de127b4fe213e64a1754c34c4268e74e
da0f378c0b5e8a596ca7cdf6b9b860968c701464
29533c60507f47f2428f62cef41ce14314ecacd35637357b319eea236a4b5dd3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 61.216.19.80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:47 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
61.216.19.80:8080/
61.216.19.80 360 B IP 61.216.19.80:0
ASN #3462 Data Communication Business Group
File type HTML document, ASCII text
Hash bf89a1d01d5f0fd8bbb9aed8c89e5ca5
e5412269df960f8f38eb032caadbb7a040b96c33
4a1815f3e87d6d623c22921d9c39b2de614351d71831976bbc807f571953ff21
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:48 GMT
Server: http server 1.0
X-Frame-Options: SAMEORIGIN
Content-type: text/html; charset=UTF-8
Last-modified: Mon, 07 Sep 2020 04:50:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 360
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
61.216.19.80:8080/redirect.html?count=0.034146381883902066
61.216.19.80 548 B URL 61.216.19.80:8080/redirect.html?count=0.034146381883902066
IP 61.216.19.80:0
ASN #3462 Data Communication Business Group
File type HTML document, ASCII text
Hash 02dc8bc49eb5f6f8cff93d765cbf24fc
f71f1920a6608edbb77d7f06707612d1ae20e587
c9ece3bf47416c098e5580c3322d73821075a4f1db27e41b24f174c6fe3568b5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /redirect.html?count=0.034146381883902066 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:48 GMT
Server: http server 1.0
Content-type: text/html; charset=UTF-8
Last-modified: Mon, 07 Sep 2020 04:45:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 548
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
61.216.19.80:8080/cgi-bin/QTS.cgi?count=491327
61.216.19.80302 Found 0 B URL User Request GET HTTP/1.1 61.216.19.80:8080/cgi-bin/QTS.cgi?count=491327
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/QTS.cgi?count=491327 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/redirect.html?count=0.034146381883902066
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Location: /cgi-bin/login.html?1713422749
Keep-Alive: timeout=15, max=198
Connection: Keep-Alive
Transfer-Encoding: chunked
61.216.19.80:8080/cgi-bin/login.html?1713422749
61.216.19.80200 OK 2.5 kB URL User Request GET HTTP/1.1 61.216.19.80:8080/cgi-bin/login.html?1713422749
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash 7e1c3e7b7746cc636898ad1830cb4fd8
727f8774f40741d29f67e9ae4f919a922a7bb4df
c51a3e8439ffe9303e23aa211b2f620b55f6664001a086fb87288650384ba791
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/login.html?1713422749 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://61.216.19.80:8080/redirect.html?count=0.034146381883902066
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: http server 1.0
Content-type: text/html; charset=UTF-8
Last-modified: Thu, 21 Mar 2024 04:02:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2528
Keep-Alive: timeout=15, max=197
Connection: Keep-Alive
61.216.19.80:8080/favicon.ico
61.216.19.80 9.2 kB URL 61.216.19.80:8080/favicon.ico
IP 61.216.19.80:0
ASN #3462 Data Communication Business Group
Hash 3c7fae534e52dadf9623d2178bcd66db
13fc46629fe033f04f2ed2a46602502e91597fc2
2dc86518f53299db8192285280fc6e006ef47ae6a0f544c4d256a4c85526a20f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/redirect.html?count=0.034146381883902066
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: http server 1.0
Content-type: text/html
Last-modified: Thu, 18 Apr 2024 06:45:49 GMT
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
61.216.19.80:8080/cgi-bin/js/qos-core-login.js?1599453942
61.216.19.80200 OK 8.7 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/js/qos-core-login.js?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type JavaScript source, ASCII text, with very long lines (24103), with no line terminators
Hash 0a27a38c4f3dca4fe323863d5a07e149
f24c568bd16740462437396f042b837bd61cb6f8
a5db040cc4ca51cd638b4aed32081f06ca6738205ceb85b29ecf151339fc42d8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/js/qos-core-login.js?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Vary: Referer,Accept-Encoding
Last-Modified: Mon, 07 Sep 2020 04:50:05 GMT
ETag: "5e27-5aeb1f3b93940-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 8743
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.js?1599453942
61.216.19.80200 OK 7.2 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.js?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type JavaScript source, ASCII text, with very long lines (22360), with no line terminators
Hash cd072935fd77372f96ca592e16246f24
ab76e91d257ba0cd5765b6c6b643a1f47cfa62b1
ec537f82c8dd54daf400a24b1027982640ea3bdf8de3b6d2e3258a835e26cd16
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/loginTheme/theme1/login.js?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Vary: Referer,Accept-Encoding
Last-Modified: Mon, 07 Sep 2020 04:50:29 GMT
ETag: "5758-5aeb1f5276f40-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 7159
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: application/javascript; charset=utf-8
61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.css?r=form&1599453942
61.216.19.80200 OK 3.9 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.css?r=form&1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type ASCII text, with very long lines (14560), with no line terminators
Hash 4628285d83494cf8c7ccd9eddddb9f30
c84d30ad1dca7486d731f5bf65d8f5955d690dc2
b804d983d673d0f08ba4a6680438b18ea1a73fdc403e6cd66fd7f989dcee6ff8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/loginTheme/theme1/login.css?r=form&1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Vary: Referer,Accept-Encoding
Last-Modified: Mon, 07 Sep 2020 04:50:30 GMT
ETag: "38e0-5aeb1f536b180-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 3870
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: text/css; charset=utf-8
61.216.19.80:8080/cgi-bin/language.cgi?1599453942
61.216.19.80200 OK 3.9 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/language.cgi?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type Unicode text, UTF-8 text, with very long lines (9345), with no line terminators
Hash 99d2d514617dc71d0b69f687f0496afc
5f16ada077f3107b456a08f44f9d54ef75d1c06b
ff7f7a54f40830977c7be4ac6dba80488abb02e149bbb41d0cfe4a7cf3a11d70
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/language.cgi?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Cache-Control: private, max-age=604800, pre-check=604800
Pragma: private
Expires: Thu, 25 Apr 2024 06:45:49 GMT
Etag: "1599452426-gzip"
Last-Modified: Mon, 07 Sep 2020 04:20:26 GMT
Content-type: application/x-javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3887
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
61.216.19.80:8080/libs/monent/moment.min.js?1599453942
61.216.19.80200 OK 14 kB URL GET HTTP/1.1 61.216.19.80:8080/libs/monent/moment.min.js?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type JavaScript source, ASCII text, with very long lines (34828), with no line terminators
Hash 5a9ac145c76d112746fc21ae57a36472
0ea76c0f803f20d15bbe50cdba192817c555c6f9
380c5886471fbe1a8224252babb3f16a0eebabe4a4f3ae8cb59e8c08c4769bda
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /libs/monent/moment.min.js?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: http server 1.0
Content-type: application/x-javascript
Last-modified: Mon, 07 Sep 2020 04:50:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14006
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
61.216.19.80:8080/cgi-bin/jc.cgi?_dc=1599453942&t=js&f=jquery-1.10.2.min.js
61.216.19.80200 OK 37 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/jc.cgi?_dc=1599453942&t=js&f=jquery-1.10.2.min.js
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type JavaScript source, ASCII text, with very long lines (65453)
Hash 30ca15a5850c3179201f506905bcc58e
4326e01b198e106655cfc06362c3fd7c646e63eb
87f11d2c3f7d3149a550d21fc715fdb7a8110d8fd8146532489b68dcb8054bba
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/jc.cgi?_dc=1599453942&t=js&f=jquery-1.10.2.min.js HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Cache-Control: private, max-age=604800, pre-check=604800
Pragma: private
Expires: Thu, 25 Apr 2024 06:45:49 GMT
Content-type: application/x-javascript
Etag: "1599454239-gzip"
Last-Modified: Mon, 07 Sep 2020 04:50:39 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 36906
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
61.216.19.80:8080/cgi-bin/loginTheme/theme1/login-max-height-768.css?r=wall&1599453942
61.216.19.80200 OK 164 B URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/loginTheme/theme1/login-max-height-768.css?r=wall&1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type ASCII text, with no line terminators
Hash bc0d968a1e1ef8aaf18b7416741cb4da
d65fd1f2adb9c029fa241f5be02179d478cc53a9
dcd1c929e7186ccbcd7ce48440a1c9845ed97cb134246b30238cc16aba1e533f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/loginTheme/theme1/login-max-height-768.css?r=wall&1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Vary: Referer,Accept-Encoding
Last-Modified: Mon, 07 Sep 2020 04:50:29 GMT
ETag: "116-5aeb1f5276f40-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 164
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
Content-Type: text/css; charset=utf-8
61.216.19.80:8080/cgi-bin/language.cgi?undefined=1599453942
61.216.19.80200 OK 4.2 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/language.cgi?undefined=1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type Unicode text, UTF-8 text, with very long lines (9345), with no line terminators
Hash 99d2d514617dc71d0b69f687f0496afc
5f16ada077f3107b456a08f44f9d54ef75d1c06b
ff7f7a54f40830977c7be4ac6dba80488abb02e149bbb41d0cfe4a7cf3a11d70
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/language.cgi?undefined=1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Cache-Control: private, max-age=604800, pre-check=604800
Pragma: private
Expires: Thu, 25 Apr 2024 06:45:50 GMT
Etag: "1599452426-gzip"
Last-Modified: Mon, 07 Sep 2020 04:20:26 GMT
Content-type: application/x-javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
61.216.19.80:8080/libs/extjs-3.3.3/resources/images/default/s.gif?1599453942
61.216.19.80200 OK 43 B URL GET HTTP/1.1 61.216.19.80:8080/libs/extjs-3.3.3/resources/images/default/s.gif?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type GIF image data, version 89a, 1 x 1
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /libs/extjs-3.3.3/resources/images/default/s.gif?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.css?r=form&1599453942
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: http server 1.0
Content-type: image/gif
Last-modified: Sun, 06 Sep 2020 16:00:00 GMT
Accept-Ranges: bytes
Content-length: 43
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
61.216.19.80:8080/cgi-bin/images/cmp/checkbox_radio/sprite.png?1599453942
61.216.19.80200 OK 3.9 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/images/cmp/checkbox_radio/sprite.png?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type PNG image data, 72 x 60, 8-bit/color RGBA, non-interlaced
Hash e91bcb0f4a1b662808d4567ff811e5a4
8bf3434a9d07271c600ed37b1b08d620ead5a59c
af881d41bd993f8d6633f0fe72a193da90e6f728cb2a82cbb4ed38d50135cc0b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/images/cmp/checkbox_radio/sprite.png?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.css?r=form&1599453942
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Vary: Referer
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
ETag: "f19-5aea731b0e000"
Accept-Ranges: bytes
Content-Length: 3865
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: image/png
61.216.19.80:8080/cgi-bin/authLogin.cgi
61.216.19.80200 OK 3.8 kB URL POST HTTP/1.1 61.216.19.80:8080/cgi-bin/authLogin.cgi
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type XML 1.0 document, ASCII text, with very long lines (1947)
Hash 5786a163d73ff04b2a8979f84a839f48
d8a395754f1782335ad4d555acb38fadfbab6df1
dae9f0de8bd6dbe1fd6a009f495d840d9a55240ecf4428e80598cc2980f45d5b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /cgi-bin/authLogin.cgi HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 30
Origin: http://61.216.19.80:8080
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Content-type: text/xml
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
61.216.19.80:8080/cgi-bin/authLogin.cgi
61.216.19.80200 OK 3.8 kB URL POST HTTP/1.1 61.216.19.80:8080/cgi-bin/authLogin.cgi
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type XML 1.0 document, ASCII text, with very long lines (1947)
Hash 5786a163d73ff04b2a8979f84a839f48
d8a395754f1782335ad4d555acb38fadfbab6df1
dae9f0de8bd6dbe1fd6a009f495d840d9a55240ecf4428e80598cc2980f45d5b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /cgi-bin/authLogin.cgi HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 20
Origin: http://61.216.19.80:8080
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Content-type: text/xml
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked
61.216.19.80:8080/cgi-bin/loginTheme/theme1/images/sprite.png?1599453942
61.216.19.80200 OK 15 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/loginTheme/theme1/images/sprite.png?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type PNG image data, 118 x 108, 8-bit/color RGBA, non-interlaced
Hash d809bc7f3105ddbf8e8ec6d2cacdfad9
22aafa26e8ac454e471942821aeb601cbf1fd351
dd0065de767edfa8cbc70e12406511b26e10fe25c2a748d920fd46498da3a4f7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/loginTheme/theme1/images/sprite.png?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/loginTheme/theme1/login.css?r=form&1599453942
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Vary: Referer
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
ETag: "3ac5-5aea731b0e000"
Accept-Ranges: bytes
Content-Length: 15045
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
Content-Type: image/png
61.216.19.80:8080/cgi-bin/images/mobile/logo_144.png?1599453942
61.216.19.80200 OK 4.2 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/images/mobile/logo_144.png?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
Hash 121c44fc0bbcf80da6541fbfe7666778
fc9d634646074b7aadb537fbf0836ea717b9eaa9
5f294ef6d8fa5e146eb50e108f73b841b5a193ac475b2fd7c2dd7771ce889708
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/images/mobile/logo_144.png?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:51 GMT
Server: Apache
Vary: Referer
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
ETag: "1067-5aea731b0e000"
Accept-Ranges: bytes
Content-Length: 4199
Keep-Alive: timeout=15, max=198
Connection: Keep-Alive
Content-Type: image/png
61.216.19.80:8080/cgi-bin/images/mobile/logo_16.ico?1599453942
61.216.19.80200 OK 1.2 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/images/mobile/logo_16.ico?1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash e43a78b241d5cb1de88a307094f89ae3
a14ec2e458157860c7bdd61ccf316e05d7f18a29
dca1b69cdb391fff0bc4af16c10a132cca6ebd6b652c2bed5337514ced9d86b3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/images/mobile/logo_16.ico?1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:51 GMT
Server: Apache
Vary: Referer
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
ETag: "47e-5aea731b0e000"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=15, max=198
Connection: Keep-Alive
Content-Type: image/x-icon
61.216.19.80:8080/v3_menu/fonts/Roboto/Roboto-Regular.ttf
61.216.19.80200 OK 145 kB URL GET HTTP/1.1 61.216.19.80:8080/v3_menu/fonts/Roboto/Roboto-Regular.ttf
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type TrueType Font data, 17 tables, 1st "GPOS", 27 names, Macintosh, Font data copyright Google 2012RobotoRegularGoogle:Roboto Regular:2013Roboto RegularVersion 1.10
Size 145 kB (145348 bytes)
Hash 54a91b0619ccf9373d525109268219dc
1d1d41fcadc571decb6444211b7993b99ce926e2
b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /v3_menu/fonts/Roboto/Roboto-Regular.ttf HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/v3_menu/css/qts-font.css?_dc=1599453942
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Vary: Referer
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
ETag: "237c4-5aea731b0e000"
Accept-Ranges: bytes
Content-Length: 145348
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: font/ttf
61.216.19.80:8080/v3_menu/fonts/Roboto/Roboto-Light.ttf
61.216.19.80200 OK 140 kB URL GET HTTP/1.1 61.216.19.80:8080/v3_menu/fonts/Roboto/Roboto-Light.ttf
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type TrueType Font data, 17 tables, 1st "GPOS", 30 names, Macintosh, Font data copyright Google 2012Roboto LightRegularGoogle:Roboto Light:2013Version 1.100141; 2013
Size 140 kB (140276 bytes)
Hash e22062b3188c8199283ef2aa835d4653
191dda7a5142990cd980727d43b27e4802f0b321
b17667ce7e13581db105777f986e141168231e88a8ef16d13e581c7c1525f14b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /v3_menu/fonts/Roboto/Roboto-Light.ttf HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/v3_menu/css/qts-font.css?_dc=1599453942
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:50 GMT
Server: Apache
Vary: Referer
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
ETag: "223f4-5aea731b0e000"
Accept-Ranges: bytes
Content-Length: 140276
Keep-Alive: timeout=15, max=200
Connection: Keep-Alive
Content-Type: font/ttf
61.216.19.80:8080/cgi-bin/mediaGet.cgi?f=standard_logo&r=97086270
61.216.19.80200 OK 43 B URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/mediaGet.cgi?f=standard_logo&r=97086270
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type GIF image data, version 89a, 1 x 1
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/mediaGet.cgi?f=standard_logo&r=97086270 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:51 GMT
Server: Apache
Cache-Control: private, max-age=604800, pre-check=604800
Pragma: private
Expires: Thu, 25 Apr 2024 06:45:51 GMT
Content-type: image/jpeg
Content-Disposition: inline; filename="standard_logo.jpg"
Etag: "1599408000"
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
Content-Length: 43
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
61.216.19.80:8080/cgi-bin/sysinfoReq.cgi?qpkg=1
61.216.19.80200 OK 531 B URL POST HTTP/1.1 61.216.19.80:8080/cgi-bin/sysinfoReq.cgi?qpkg=1
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type XML 1.0 document, ASCII text, with very long lines (438)
Hash 4796b0645e5f92158e02542b65c5ad77
a1fab12b25c63f2ab5edd1dfe6b5741ed37cc626
657c8b1538460a8c0882c35adbf35b4c16011dfcee4e75667b12e58b3f26a66d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /cgi-bin/sysinfoReq.cgi?qpkg=1 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 20
Origin: http://61.216.19.80:8080
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:51 GMT
Server: Apache
Content-type: text/xml
Keep-Alive: timeout=15, max=197
Connection: Keep-Alive
Transfer-Encoding: chunked
61.216.19.80:8080/cgi-bin/mediaGet.cgi?f=standard_bg&r=97086270
61.216.19.80200 OK 296 kB URL GET HTTP/1.1 61.216.19.80:8080/cgi-bin/mediaGet.cgi?f=standard_bg&r=97086270
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2016:10:20 10:18:20], progressive, precision 8, 4096x2160, components 3
Size 296 kB (296443 bytes)
Hash cf5c9e62cef37527a1a37f91e3c76edb
2a70851032c57e0a5c7a3c3445e13aff2b2fbc32
999915c358b8315e213eba0b224fc478050e54dbc9c56ffbebc7eed4399ec303
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cgi-bin/mediaGet.cgi?f=standard_bg&r=97086270 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:51 GMT
Server: Apache
Cache-Control: private, max-age=604800, pre-check=604800
Pragma: private
Expires: Thu, 25 Apr 2024 06:45:51 GMT
Content-type: image/jpeg
Content-Disposition: inline; filename="standard_bg.jpg"
Etag: "1599408000"
Last-Modified: Sun, 06 Sep 2020 16:00:00 GMT
Content-Length: 296443
Keep-Alive: timeout=15, max=199
Connection: Keep-Alive
61.216.19.80:8080/v3_menu/css/qts-font.css?_dc=1599453942
61.216.19.80200 OK 951 B URL GET HTTP/1.1 61.216.19.80:8080/v3_menu/css/qts-font.css?_dc=1599453942
IP 61.216.19.80:8080
ASN #3462 Data Communication Business Group
Requested by http://61.216.19.80:8080/cgi-bin/login.html?1713422749
File type ASCII text, with very long lines (951), with no line terminators
Hash f89025143db4cedccb60dcd90e5f5cf5
92a7f60ebcfa9c39cef85d9db70e5880278e1154
6065e9daad713f1f9276b715e81e70f6d6b3467c8b67dd8363ce9257acefc7a4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /v3_menu/css/qts-font.css?_dc=1599453942 HTTP/1.1
Host: 61.216.19.80:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://61.216.19.80:8080/cgi-bin/login.html?1713422749
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:45:49 GMT
Server: Apache
Vary: Referer,Accept-Encoding
Last-Modified: Mon, 07 Sep 2020 04:50:55 GMT
ETag: "3b7-5aeb1f6b429c0-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 253
Keep-Alive: timeout=15, max=196
Connection: Keep-Alive
Content-Type: text/css; charset=utf-8