Report - 211.253.37.111:9000/login

Report Overview

Submitted URL
211.253.37.111:9000/login
IP
211.253.37.111
ASN
#4766 Korea Telecom
Submitted
2024-05-04 09:00:38
Access
public
Website Title
BOX_MES
Final URL
211.253.37.111:9000/login
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
58

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
l.incru.it	unknown	unknown	No data	No data	350 B	0 B	0.0.0.0
211.253.37.111:9000	unknown	unknown	No data	No data	11 kB	7.2 MB	211.253.37.111
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-03	436 B	213 kB	104.17.24.14
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	359 B	71 kB	142.250.74.170
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	1.9 kB	72 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed
2024-05-04	medium	211.253.37.111	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.min.js	60 kB	2023-03-07	2024-05-16
Pretty URL 211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.min.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:40 Last Seen2024-05-16 09:14:29 Times Seen159 Hash 63534c9e99f47f6ef78f918a2c045247 c49fcc7639bcb59147903caf71a4977c8fa19a67 c7390975fc3e41ad5ec9d1870edc3103f7c498dd82dce4bbaf22a9e7bba96b77 Loading...

	211.253.37.111:9000/resources/tui/js/tui-time-picker.js	152 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-time-picker.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash dae51083cd47ce9bc5c5eaf659d5b8fe 02d7852bc605f227ccf0b1750f25a0b1e7ccd34b b70ae361a55a4ccfe4b2e56acf1e9a2511a30462f9aa017aa732b29ef985fb8c Loading...

	211.253.37.111:9000/resources/bootstrap/vendor/jquery/jquery.min.js	90 kB	2023-03-07	2024-05-17
Pretty URL 211.253.37.111:9000/resources/bootstrap/vendor/jquery/jquery.min.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-05-17 20:24:47 Times Seen14345 Hash b61aa6e2d68d21b3546b5b418bf0e9c3 9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7 f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b Loading...

	211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.bundle.min.js	81 kB	2023-03-07	2024-05-04
Pretty URL 211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.bundle.min.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:49 Last Seen2024-05-04 11:00:49 Times Seen109 Hash 3648fa980c6623edee76d548305e5f8a 104f831ab6c9bf5de233378f822a225b00e97ab3 7c17230abe3611902ee2a60e37008710a0c22756ef1821d60bd7d8fa419722c1 Loading...

	211.253.37.111:9000/resources/jqueryui/printThis/printThis.js	14 kB	2023-04-10	2024-05-08
Pretty URL 211.253.37.111:9000/resources/jqueryui/printThis/printThis.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-10 06:35:26 Last Seen2024-05-08 21:06:33 Times Seen7 Hash cd73a1eb99743d647326020c7b9838f7 aca2b2c7b8a986011e1dce32a7c3ec2a81370ffa 5c766f53b9ea24ce0bb42be162c6b7a7ea74583ccb5eb5f7718cd16c5242f8bc Loading...

	211.253.37.111:9000/resources/tui/js/tui-code-snippet.js	165 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-code-snippet.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash 0b0cc0111321ac948ec84ad6bcf152d1 4839b755b1a4510e1ea0ebdc8038a77d1c37ee67 07489e87577156199b02f66249d0530fa8d2d678a1ea44b3a42f5c3e5cdd67b2 Loading...

	211.253.37.111:9000/resources/tui/js/tui-calendar.js	1.4 MB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-calendar.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash ce4ab7bd1d6b258c546cb20029de5ea9 21dc4968d6489b92be56bd2d3d57b34d33ea2ad0 51a0aba41d63a3568dd44d8e4f8c6303936b88d3a5a1d49502bc89e285a943f0 Loading...

	211.253.37.111:9000/resources/tui/js/tui-context-menu.js	117 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-context-menu.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash 461e1aa6e07d0ce3d83293c7760ecbd1 a6171f3f65a72cf7f58bebc79b28be1d48d33037 94dbc39c838c1a5b2d27f01c4e4448b82a7a1f37d7297106794e1b4d84069cf3 Loading...

	211.253.37.111:9000/resources/tui/js/toastui-chart.js	2.3 MB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/toastui-chart.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash 4b2a6f87b4040eae3fd1876a615fbc0d 745be34e26a48ea3c236cddef59b07cd48dec523 8cd5de8956dae0c847c1b6db03d9ea406ff736df9bdfd2a620c8158816ebea64 Loading...

	211.253.37.111:9000/resources/custom/js/global-custom.js	60 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/custom/js/global-custom.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash d04f14ea96526639efa2817c1b4d7a56 dafe8595752a427cf86356b3e77db47378f984ad 6f596107a73a0cd12d9e9f226b624a5252eb6611a1d0e3cdabe1a4ef0b8b4fd1 Loading...

	211.253.37.111:9000/resources/tui/js/tui-pagination.js	123 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-pagination.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash 339e23ca9d77911e8749f24b23e5b1c4 5af270d5784a292f30256a246689c6319d754887 57d4677dd3801146e8d438590a4ddee6dcd75d8abce21a8665cee919faae7904 Loading...

	211.253.37.111:9000/resources/tui/js/tui-date-picker.js	199 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-date-picker.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash 9f89de095958941a437b79a152e5779a bcb71cbb058f0243041af1222844400e5154db49 99f1f2ae6c5b4654ec43acd95012c8fa5dbe93dee49ffde95c6a0253c1c48244 Loading...

	211.253.37.111:9000/resources/tui/js/tui-grid.js	1.5 MB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/tui/js/tui-grid.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:48 Last Seen2024-05-04 11:00:49 Times Seen2 Hash 1d75128cce1512a5b00cc802b5417646 58f828c93611052c3529927819990254eb90a70c f21e55fac7df277de31ef6cbb649dac1b7448737e3aef9b4ca5a94e7f8dab816 Loading...

	cdnjs.cloudflare.com/ajax/libs/xlsx/0.14.3/xlsx.full.min.js	922 kB	2023-04-28	2024-05-04
Pretty URL cdnjs.cloudflare.com/ajax/libs/xlsx/0.14.3/xlsx.full.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-28 08:55:37 Last Seen2024-05-04 11:00:49 Times Seen16 Hash f6eccaec52a4a137f7ecb036ecbc876f 5783af055057205d24af8522a5099f29cc28b918 110cc61edb44e5c86884f3dc7d044a9aceb61ff50b021707ad9c393c5d7effd0 Loading...

	211.253.37.111:9000/resources/jqueryui/jquery-ui.js	539 kB	2024-05-04	2024-05-04
Pretty URL 211.253.37.111:9000/resources/jqueryui/jquery-ui.js IP 211.253.37.111 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 11:00:49 Last Seen2024-05-04 11:00:49 Times Seen2 Hash ba25ab460af11abe64b84c4516862b9e 0545173dfdf5abfe54c8c66caaa83110958c7ce0 52f10137bac099ab01e5ec2c0ec1802ca4fc426a85b59a94fff3f06748e765cc Loading...

HTTP Transactions (36)

URL IP Response Size

211.253.37.111:9000/login

211.253.37.111

200

13 kB

URL User Request GET HTTP/1.1
211.253.37.111:9000/login
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
13 kB (12716 bytes)
Hash
7aaa85424b2cdb94f7a6ac8288fb1af8
446b66533e2c47be1971a9bac7efadd322bb9eee
7e7c8f26ae3fce327fd1f20d4f7c77a2275eb211ab53b2ad5badfcecf18c3fee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Sat, 04 May 2024 09:00:08 GMT
Keep-Alive: timeout=60
Connection: keep-alive

cdnjs.cloudflare.com/ajax/libs/xlsx/0.14.3/xlsx.full.min.js

104.17.24.14

200 OK

212 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/xlsx/0.14.3/xlsx.full.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://211.253.37.111:9000/login
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
data
Size
212 kB (211960 bytes)
Hash
f6eccaec52a4a137f7ecb036ecbc876f
5783af055057205d24af8522a5099f29cc28b918
110cc61edb44e5c86884f3dc7d044a9aceb61ff50b021707ad9c393c5d7effd0

HTTP Headers

GET /ajax/libs/xlsx/0.14.3/xlsx.full.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 09:00:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 211960
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04034-e1314"
last-modified: Mon, 04 May 2020 16:17:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 213642
expires: Thu, 24 Apr 2025 09:00:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLIkXuRjmqfSgUdHuFKUMF1k955xHoGGFrwcoVW4Qp2iJ1y0aY1zebz1z7HHBcZivHYy4lQFhnAE48VFsJL%2BYbRqd%2BTRYjvcX7ihsFXjFISXt9ijqf6xxesBjTKqBM3hj5ZhprHr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e74c7cd9361bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/earlyaccess/nanumgothic.css

142.250.74.170

200 OK

70 kB

URL GET HTTP/1.1
fonts.googleapis.com/earlyaccess/nanumgothic.css
IP
142.250.74.170:80
ASN
#15169 GOOGLE

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (1146)
Size
70 kB (70100 bytes)
Hash
dac3e2a0344c9aab2470e7d85172090f
c2ad81a53d68ac3f5be7a4ba931403d81b22363f
dadfd03b2945d922c28acb531e5322d35eead6b8baccfdea592486ae8058095e

HTTP Headers

GET /earlyaccess/nanumgothic.css HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 04 May 2024 09:00:09 GMT
Date: Sat, 04 May 2024 09:00:09 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

211.253.37.111:9000/resources/custom/css/simple-sidebar.css

211.253.37.111

200

1.0 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/custom/css/simple-sidebar.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with CRLF line terminators
Size
1.0 kB (1014 bytes)
Hash
ee53ec226e8300d9d2bd67ffad980aea
b7b96aae7fb1b705e5f432afc6344cc878cf6ca6
b27aa385293f3f73e54e1a6f5165f4af8775525cd9a8ff3bd27adfd3baeb2a01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/custom/css/simple-sidebar.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 1014
Date: Sat, 04 May 2024 09:00:08 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/custom/css/global-custom.css

211.253.37.111

200

9.8 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/custom/css/global-custom.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
assembler source, Unicode text, UTF-8 text, with CRLF line terminators
Size
9.8 kB (9822 bytes)
Hash
1adb73d3f2f12642e880e6eb1e0ad304
6c67e3d3307bd58db80af50e1c314f048bf09723
bae09aa5592ecd3864d8a3c2762b94afa2038b5557a83d12c8b140bf0697eb11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/custom/css/global-custom.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 9822
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/tui-time-picker.css

211.253.37.111

200

11 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/tui-time-picker.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (4686), with CRLF line terminators
Size
11 kB (11355 bytes)
Hash
9d234091ad6757940d08af5c6e29d8ab
5e8bb5252f61d06303882c1f773667f7d8576555
6949d04c50a50530861c78672ba48415887c582769e4b5659029ca147eec6b06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/tui-time-picker.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 11355
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/tui-calendar.css

211.253.37.111

200

38 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/tui-calendar.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (530), with CRLF line terminators
Size
38 kB (38169 bytes)
Hash
f74fda9effca8a4ef384519e5e061a26
e8c9c72b0192165c2557312e4be2800551dbc9a0
3d782be443cd1de3a7736cf5efd3d0f7f1677faca2a66066b369559a46e49441

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/tui-calendar.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 38169
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/tui-date-picker.css

211.253.37.111

200

21 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/tui-date-picker.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (4686), with CRLF line terminators
Size
21 kB (21079 bytes)
Hash
9d3f537d1a9506140b6a3d8bdb558d1a
f7d9a882afebaabcadc5bdf723dd41f02ccf1623
5800285bd48af3f98e5ac666587eb21b77a9b989ed48e3b6d0a3bfecca8e4580

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/tui-date-picker.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 21079
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/custom/css/sidebar.css

211.253.37.111

200

11 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/custom/css/sidebar.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with CRLF line terminators
Size
11 kB (10605 bytes)
Hash
0bb69a71b027c9a116641e10e02123b2
f704906b0851f83a7e967307a8dffe02de6f1fb0
23afa214e1c8bcf20b4ec4520b74ad1a4ff4c4f16d2b00ee7e3cb34955ebf3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/custom/css/sidebar.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 10605
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/custom/css/pop-up.css

211.253.37.111

200

655 B

URL GET HTTP/1.1
211.253.37.111:9000/resources/custom/css/pop-up.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with CRLF line terminators
Size
655 B (655 bytes)
Hash
22bdf6d5512d19eae184fe045438beb4
96250cd225384392cd0757bf400f844223634ea1
42d03fe4024b0ee8b13a22a190cd653f79873af8c26f5b833722fb86219b8e7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/custom/css/pop-up.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 655
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/css/bootstrap.min.css

211.253.37.111

200

160 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/css/bootstrap.min.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (65319), with CRLF line terminators
Size
160 kB (160390 bytes)
Hash
9c7bb0d515a9a183da2d743feaed436c
6ca39b6cbe90a62a2a32662a6ae695a50818b4d4
17ba96aca27650de2b75418a19ebf08e367e4e95018edc05017cbdb7e44ec903

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/bootstrap/vendor/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 160390
Date: Sat, 04 May 2024 09:00:08 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/tui-grid.css

211.253.37.111

200

96 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/tui-grid.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (4243), with CRLF line terminators
Size
96 kB (96343 bytes)
Hash
a1b99fc65fed5550078e1004416c1c87
88d8fbe0685187d919d9e562ac9e479580160b08
3717c0331b11ffdb199204f1852874b4fa95ea21d37fa0976a871339da66fd10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/tui-grid.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 96343
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/tui-pagination.css

211.253.37.111

200

6.7 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/tui-pagination.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (2354), with CRLF line terminators
Size
6.7 kB (6744 bytes)
Hash
995946bf4f92781c492d7620d788120b
76f081fae71769c2645a0ced1d73dc7d92ab80bc
de980edb4cde87e2a5ec1369b9547dbc69b4d8c98a92624fea2b10ebfdde93eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/tui-pagination.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 6744
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/tui-context-menu.css

211.253.37.111

200

2.2 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/tui-context-menu.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with CRLF line terminators
Size
2.2 kB (2244 bytes)
Hash
1ef3519932435c73e6665d01bdc5dab9
59435fc0ca583795f1fc682bb62c9cc0df9c95ae
0c7c72ac8e7ccfaa35d10a8c2d2250af0230f1cb5f6e6720767f21693cf539ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/tui-context-menu.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 2244
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/css/toastui-chart.css

211.253.37.111

200

2.5 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/css/toastui-chart.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with CRLF line terminators
Size
2.5 kB (2539 bytes)
Hash
936cf5e3d58c3873cf2f58b730b6e783
c1735f48db55a4dc169681efe52b5a9db0cea89f
cb567076e0156578b8a9912ca2958ab3cba1833ea528efa6cfd8818055b6a7e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/css/toastui-chart.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 2539
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.min.js

211.253.37.111

200

60 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.min.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with very long lines (59893), with CRLF line terminators
Size
60 kB (60180 bytes)
Hash
63534c9e99f47f6ef78f918a2c045247
c49fcc7639bcb59147903caf71a4977c8fa19a67
c7390975fc3e41ad5ec9d1870edc3103f7c498dd82dce4bbaf22a9e7bba96b77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/bootstrap/vendor/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 60180
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/jqueryui/jquery-ui.css

211.253.37.111

200

20 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/jqueryui/jquery-ui.css
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
ASCII text, with very long lines (2363), with CRLF line terminators
Size
20 kB (19764 bytes)
Hash
9bb6e25494965827755dc73a89349ede
95bbfb9458002c4f60b140bfe6256584669ee546
cba7c85e28f3b99a95d1fe46ec0af5966890dc9907c105e9818025e7bd1c1795

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/jqueryui/jquery-ui.css HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/css
Content-Length: 19764
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/jqueryui/printThis/printThis.js

211.253.37.111

200

14 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/jqueryui/printThis/printThis.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
14 kB (14286 bytes)
Hash
cd73a1eb99743d647326020c7b9838f7
aca2b2c7b8a986011e1dce32a7c3ec2a81370ffa
5c766f53b9ea24ce0bb42be162c6b7a7ea74583ccb5eb5f7718cd16c5242f8bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/jqueryui/printThis/printThis.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 14286
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/custom/js/global-custom.js

211.253.37.111

200

60 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/custom/js/global-custom.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
60 kB (60024 bytes)
Hash
d04f14ea96526639efa2817c1b4d7a56
dafe8595752a427cf86356b3e77db47378f984ad
6f596107a73a0cd12d9e9f226b624a5252eb6611a1d0e3cdabe1a4ef0b8b4fd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/custom/js/global-custom.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 60024
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/bootstrap/vendor/jquery/jquery.min.js

211.253.37.111

200

90 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/bootstrap/vendor/jquery/jquery.min.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Size
90 kB (89478 bytes)
Hash
b61aa6e2d68d21b3546b5b418bf0e9c3
9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/bootstrap/vendor/jquery/jquery.min.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 89478
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.bundle.min.js

211.253.37.111

200

81 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/bootstrap/vendor/bootstrap/js/bootstrap.bundle.min.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with very long lines (65292), with CRLF line terminators
Size
81 kB (81090 bytes)
Hash
3648fa980c6623edee76d548305e5f8a
104f831ab6c9bf5de233378f822a225b00e97ab3
7c17230abe3611902ee2a60e37008710a0c22756ef1821d60bd7d8fa419722c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/bootstrap/vendor/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 81090
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-code-snippet.js

211.253.37.111

200

165 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-code-snippet.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
165 kB (165197 bytes)
Hash
0b0cc0111321ac948ec84ad6bcf152d1
4839b755b1a4510e1ea0ebdc8038a77d1c37ee67
07489e87577156199b02f66249d0530fa8d2d678a1ea44b3a42f5c3e5cdd67b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-code-snippet.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 165197
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-time-picker.js

211.253.37.111

200

152 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-time-picker.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
152 kB (152141 bytes)
Hash
dae51083cd47ce9bc5c5eaf659d5b8fe
02d7852bc605f227ccf0b1750f25a0b1e7ccd34b
b70ae361a55a4ccfe4b2e56acf1e9a2511a30462f9aa017aa732b29ef985fb8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-time-picker.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 152141
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-pagination.js

211.253.37.111

200

123 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-pagination.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
123 kB (122722 bytes)
Hash
339e23ca9d77911e8749f24b23e5b1c4
5af270d5784a292f30256a246689c6319d754887
57d4677dd3801146e8d438590a4ddee6dcd75d8abce21a8665cee919faae7904

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-pagination.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 122722
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-date-picker.js

211.253.37.111

200

199 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-date-picker.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
199 kB (199359 bytes)
Hash
9f89de095958941a437b79a152e5779a
bcb71cbb058f0243041af1222844400e5154db49
99f1f2ae6c5b4654ec43acd95012c8fa5dbe93dee49ffde95c6a0253c1c48244

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-date-picker.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 199359
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/jqueryui/jquery-ui.js

211.253.37.111

200

539 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/jqueryui/jquery-ui.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with very long lines (1002), with CRLF line terminators
Size
539 kB (539419 bytes)
Hash
ba25ab460af11abe64b84c4516862b9e
0545173dfdf5abfe54c8c66caaa83110958c7ce0
52f10137bac099ab01e5ec2c0ec1802ca4fc426a85b59a94fff3f06748e765cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/jqueryui/jquery-ui.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 539419
Date: Sat, 04 May 2024 09:00:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-context-menu.js

211.253.37.111

200

117 kB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-context-menu.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with very long lines (540), with CRLF line terminators
Size
117 kB (117009 bytes)
Hash
461e1aa6e07d0ce3d83293c7760ecbd1
a6171f3f65a72cf7f58bebc79b28be1d48d33037
94dbc39c838c1a5b2d27f01c4e4448b82a7a1f37d7297106794e1b4d84069cf3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-context-menu.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 117009
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-grid.js

211.253.37.111

200

1.5 MB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-grid.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.5 MB (1471946 bytes)
Hash
1d75128cce1512a5b00cc802b5417646
58f828c93611052c3529927819990254eb90a70c
f21e55fac7df277de31ef6cbb649dac1b7448737e3aef9b4ca5a94e7f8dab816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-grid.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 1471946
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/tui-calendar.js

211.253.37.111

200

1.4 MB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/tui-calendar.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with very long lines (7068), with CRLF line terminators
Size
1.4 MB (1419222 bytes)
Hash
ce4ab7bd1d6b258c546cb20029de5ea9
21dc4968d6489b92be56bd2d3d57b34d33ea2ad0
51a0aba41d63a3568dd44d8e4f8c6303936b88d3a5a1d49502bc89e285a943f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/tui-calendar.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 1419222
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

211.253.37.111:9000/resources/tui/js/toastui-chart.js

211.253.37.111

200

2.3 MB

URL GET HTTP/1.1
211.253.37.111:9000/resources/tui/js/toastui-chart.js
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
2.3 MB (2282044 bytes)
Hash
4b2a6f87b4040eae3fd1876a615fbc0d
745be34e26a48ea3c236cddef59b07cd48dec523
8cd5de8956dae0c847c1b6db03d9ea406ff736df9bdfd2a620c8158816ebea64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /resources/tui/js/toastui-chart.js HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 23 Apr 2024 08:54:47 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/javascript
Content-Length: 2282044
Date: Sat, 04 May 2024 09:00:10 GMT
Keep-Alive: timeout=60
Connection: keep-alive

fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.119.woff2

216.58.207.227

200 OK

12 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.119.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://211.253.37.111:9000/login

File type
Web Open Font Format (Version 2), TrueType, length 12316, version 1.0
Size
12 kB (12316 bytes)
Hash
3b067d25cb94009ae23abd4fe00a7dbc
1f1d3f89a8188104f63957712e75216a41e13af0
b0ad896039fdcd68f2b45bd389a8d394b65aa544f434626847c12394ca3e74d2

HTTP Headers

GET /s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.119.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://211.253.37.111:9000
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 12316
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 22:46:19 GMT
Expires: Fri, 02 May 2025 22:46:19 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 24 Aug 2023 18:14:28 GMT
Content-Type: font/woff2
Age: 123234

fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_D-dje.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_D-dje.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://211.253.37.111:9000/login

File type
Web Open Font Format (Version 2), TrueType, length 17108, version 1.0
Size
17 kB (17108 bytes)
Hash
01fe0d37c63c0cdc03b3745c03d01e2d
ffea61c3d4362b6ad9405e84b55458908201a0ad
08cf22bf32d06bb0425a7780a99c59a8ac6adf811868200f544c826873113bf4

HTTP Headers

GET /s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_D-dje.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://211.253.37.111:9000
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 17108
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 05:52:31 GMT
Expires: Fri, 02 May 2025 05:52:31 GMT
Cache-Control: public, max-age=31536000
Age: 184062
Last-Modified: Thu, 24 Aug 2023 17:50:44 GMT
Content-Type: font/woff2

fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.117.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.117.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://211.253.37.111:9000/login

File type
Web Open Font Format (Version 2), TrueType, length 20536, version 1.0
Size
20 kB (20536 bytes)
Hash
5028030faa614b473d57e4b58fba1a4c
1cef09c87e146fc4ac030b2af6a4820e5e57fd25
9e23820b7baadc6764496b12fc21e97b92381dc807645e87d58dfd241bea4e70

HTTP Headers

GET /s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.117.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://211.253.37.111:9000
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 20536
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 02:13:23 GMT
Expires: Fri, 02 May 2025 02:13:23 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 24 Aug 2023 17:55:48 GMT
Content-Type: font/woff2
Age: 197210

fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.118.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/1.1
fonts.gstatic.com/s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.118.woff2
IP
216.58.207.227:80
ASN
#15169 GOOGLE

Requested by
http://211.253.37.111:9000/login

File type
Web Open Font Format (Version 2), TrueType, length 18568, version 1.0
Size
19 kB (18568 bytes)
Hash
0f8573160bba1a05624eaa58fd188573
7316ee1a02df07420bd76ac51e949e907271025e
039f951d6366b6be3ffa909bea03c904182cfed9877855f1889fa7faac2138eb

HTTP Headers

GET /s/nanumgothic/v23/PN_3Rfi-oW3hYwmKDpxS7F_z-7rJxHVIsPV5MbNO2rV2_va-Nv6p.118.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://211.253.37.111:9000
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 18568
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 02:58:39 GMT
Expires: Fri, 02 May 2025 02:58:39 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 24 Aug 2023 18:14:29 GMT
Content-Type: font/woff2
Age: 194494

211.253.37.111:9000/favicon.ico

211.253.37.111

404

172 B

URL GET HTTP/1.1
211.253.37.111:9000/favicon.ico
IP
211.253.37.111:9000
ASN
#4766 Korea Telecom

Requested by
http://211.253.37.111:9000/login

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
172 B (172 bytes)
Hash
00480c48cacd332cf2554094b8364813
84be9b8a4bd9ae08573c2662509da7ec1ee15a1e
e41958571d30eda188dd36963ce9a5ba1b94834fc06a91651e088f65de4c2fec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 211.253.37.111:9000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/login
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Sat, 04 May 2024 09:00:13 GMT
Keep-Alive: timeout=60
Connection: keep-alive

l.incru.it/2017/05/1222222.jpg

0.0.0.0

0 B

URL GET
l.incru.it/2017/05/1222222.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
http://211.253.37.111:9000/login

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2017/05/1222222.jpg HTTP/1.1
Host: l.incru.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://211.253.37.111:9000/
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML