Report - 113.16.166.240:8088/login

Report Overview

Visited public
2024-06-14 09:23:06
Tags
URL
113.16.166.240:8088/login
Finishing URL
113.16.166.240:8088/login
IP / ASN
113.16.166.240
#4134 Chinanet
Title
系统登录-南宁商贸学校-智慧校园一体化应用平台

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
113.16.166.240:8088	unknown	unknown	No data	No data	11 kB	7.2 MB	113.16.166.240

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed
2024-06-14	medium	113.16.166.240	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	113.16.166.240:8088/ui/ext/element/js/element-ui.js?cache_id=72735582	ScriptElement	564 kB	2023-03-07	2025-04-23
Pretty URL 113.16.166.240:8088/ui/ext/element/js/element-ui.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40 Last Seen2025-04-23 01:30 Times Seen76 Hash f959655c9d7b7e1ae1a4820d4d444511 ce6556eab216e8e769746b67e7330d2cda5a9895 0345cbb432d52eedd20a2af82030a882e9764e5ca31d3ae5582213f1f3a92488 Loading...

	113.16.166.240:8088/ui/sys/security/auth/js/wxLogin.js?cache_id=72735582	ScriptElement	1.2 kB	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/sys/security/auth/js/wxLogin.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen3 Hash 90d0605735d909bd780c55bbe23a298c e973153074e7d98cd095134806834445a5f5a580 cc0a5b64158cd35bb52fc6b9dfe94c2ff0f978fbc5da5ce1d638224c6a0ac440 Loading...

	113.16.166.240:8088/ui/ext/vue/vue.min.js?cache_id=72735582	ScriptElement	94 kB	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/ext/vue/vue.min.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen3 Hash 62859c81e9bdf1597b81c1cc7e14a002 544dc1ce74cb8460f628e2ba2581f954ab47afe0 0b908426f23e1d5235c4ce979dbae35691961c3c4da5d9b8796168e5f20b3ac8 Loading...

	113.16.166.240:8088/ui/ext/jquery/jquery.min.js?cache_id=72735582	ScriptElement	90 kB	2023-03-07	2025-04-29
Pretty URL 113.16.166.240:8088/ui/ext/jquery/jquery.min.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-29 16:10 Times Seen3366 Hash 3e4bb227fb55271bfe9c9d4a09147bd8 156837f75f6600ccb602b4efcbd393636c33f35e ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127 Loading...

	113.16.166.240:8088/ui/ext/artDialog/dialog-plus.js?cache_id=72735582	ScriptElement	49 kB	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/ext/artDialog/dialog-plus.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen3 Hash eeaa10ca7492bbfe70d2f88ff017376c aa5c83f851613731cba1aaa2358391b88bfd1e1a 1ac0f279f48cea6689a072a309fd16a7317f190e95434ad72e84632f9ae73551 Loading...

	unknown	Function	27 kB	2024-08-19	2024-08-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-19 20:02 Last Seen2024-08-19 20:02 Times Seen1 Hash 324410a88f2415d602f075ccd1fa5310 b21c0dae053261f01a8df73844f917381a463341 6a5c949b92435077e2bf7462b05c8ed8c2ef1d7cf54620bceccb8e728c6ec306 Loading...

	113.16.166.240:8088/ui/ext/es6-promise/promise.min.js?cache_id=72735582	ScriptElement	2.9 kB	2023-07-02	2025-02-28
Pretty URL 113.16.166.240:8088/ui/ext/es6-promise/promise.min.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-02 08:26 Last Seen2025-02-28 17:43 Times Seen5 Hash 1f45ffcd5d5f4bb7bd60a1ddcb5b1352 265095fa9c629b39e9de9accf74387a3d1f9e1c1 604b5073f81204676da70c2afb3fb401e508048b1f0776fbd84e32a13518f576 Loading...

	113.16.166.240:8088/ui/common/js/tools.js?cache_id=72735582	ScriptElement	153 kB	2024-08-19	2024-08-19
Pretty URL 113.16.166.240:8088/ui/common/js/tools.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 20:02 Last Seen2024-08-19 20:02 Times Seen1 Hash b9d0c3943b6a870574105ac91d351e8b 759964dbe22b1ab22ea45222e976e64b679f13fb b354569d9267da4b41932de9754c4342b78bee339b4695906c8b1ca176127005 Loading...

	113.16.166.240:8088/ui/sys/security/auth/js/login.encrypt.common.js?cache_id=72735582	ScriptElement	503 B	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/sys/security/auth/js/login.encrypt.common.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen2 Hash 56f0d06aa9cdbe10476f008c1d8f2ee1 b93708588c60c70e396148d29c3c42b8e2c100e2 d988c19c409b9168e2d603f459f8613b26dfe8a7959bc4646b06ffca6a36b2a8 Loading...

	113.16.166.240:8088/login	ScriptElement	1.0 kB	2024-08-19	2024-08-19
Pretty URL 113.16.166.240:8088/login IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 20:02 Last Seen2024-08-19 20:02 Times Seen1 Hash dd5cee677c82af5480ebb0b43acb0467 177f2afcca8029ea884124b79ce04e5ab75ef897 405cf20de30abaa80c817216baad1adc3cd7cc7bcdf2b612c2c525487a7af752 Loading...

	113.16.166.240:8088/login	ScriptElement	1.7 kB	2024-08-19	2024-08-19
Pretty URL 113.16.166.240:8088/login IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 20:02 Last Seen2024-08-19 20:02 Times Seen1 Hash d3cc1af8b7f64461a8d0c03c653731d3 9e235a2acf9c9303923f4afa526b3e3702d20270 75b289c324175088ac2b6647f795c73d1a4e4427dfce40e143a5f04b9d212b63 Loading...

	113.16.166.240:8088/login	ScriptElement	708 B	2024-08-19	2024-08-19
Pretty URL 113.16.166.240:8088/login IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 20:02 Last Seen2024-08-19 20:02 Times Seen1 Hash 6cb76d005770e4c4d7509f1ef25778e9 4fba43523bae88e6a77566bbaaebf8f374444a4f c95c9c15fe15a1a2b8002939820f7ffbb563fc0cef5deb6dcf0d0e94d83412ad Loading...

	113.16.166.240:8088/ui/ext/axios/axios.min.js?cache_id=72735582	ScriptElement	13 kB	2023-03-14	2025-04-17
Pretty URL 113.16.166.240:8088/ui/ext/axios/axios.min.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 19:55 Last Seen2025-04-17 06:12 Times Seen34 Hash 330bd8ed153eab093c80f9572ba9d407 a2ae339bd204937fa171322642da2b2ea90c36d9 8b849e3f5952daf2c7404f61140ed4b275c1e3f01d9cbe6839d276a0a1f1ff94 Loading...

	113.16.166.240:8088/ui/common/js/base.js?cache_id=72735582	ScriptElement	35 kB	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/common/js/base.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen3 Hash 92e3a52c8d17feff49a8a3e5398ab4b5 9c4cb96d19dfdc99969c0311973d7e13b830616b 52fc1defb5c2a9e04fe67e911878f653ef1731dc0d7ac00bc8181f9fd6f1b3d9 Loading...

	113.16.166.240:8088/ui/sys/security/auth/js/wwLogin.js?cache_id=72735582	ScriptElement	972 B	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/sys/security/auth/js/wwLogin.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen3 Hash 121c4891e37beb57ccd36d019e9ea22b d068b2f7cb45a3d541cc92e82796a80df721ea8a fa60a1b970d6b48d2cb928b98e4f8797e34ff7b00f0fadd6794216a181739cf6 Loading...

	113.16.166.240:8088/ui/sys/security/auth/js/ddLogin.js?cache_id=72735582	ScriptElement	759 B	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/sys/security/auth/js/ddLogin.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 23:24 Times Seen3 Hash ce53abdd8610a205af42ea9a536ac242 1f1e5c55b085bd68ddda183d8f150c7a2e3d8ed6 4804e65651e25d20b7036a875f778c5d844ef36938e9febb0d8e013baf5d04ca Loading...

	113.16.166.240:8088/ui/sys/security/auth/js/login.js?cache_id=72735582	ScriptElement	35 kB	2023-07-17	2024-08-19
Pretty URL 113.16.166.240:8088/ui/sys/security/auth/js/login.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-17 10:53 Last Seen2024-08-19 20:02 Times Seen1 Hash 6f170cbff4a10a0cf7dd98aa832da57c 44c5326d86010161853056d777dc74c9ade06b48 df83b3e6f132e42fc89a8416f0b325b493e05e993bd9b305426fa6c60b58f4e6 Loading...

	113.16.166.240:8088/ui/ext/jsencrypt/jsencryptlong.min.js?cache_id=72735582	ScriptElement	56 kB	2023-07-15	2024-12-24
Pretty URL 113.16.166.240:8088/ui/ext/jsencrypt/jsencryptlong.min.js?cache_id=72735582 IP 113.16.166.240 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 13:40 Last Seen2024-12-24 04:25 Times Seen5 Hash c3a82394f0c5115e316c46a6448e45d4 7a3a46217e7a278ea4637d84a127c369ccf92bed 1ea9a9fe6dadc4b903be1aeff2a0ab3b82986b743abd4cc95698a1b3256523e1 Loading...

HTTP Transactions (25)

URL IP Response Size

113.16.166.240:8088/ui/ext/es6-promise/promise.min.js?cache_id=72735582

113.16.166.240

200

2.9 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/es6-promise/promise.min.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, ASCII text, with very long lines (524), with CRLF line terminators
Size
2.9 kB (2886 bytes)
Hash
1f45ffcd5d5f4bb7bd60a1ddcb5b1352
265095fa9c629b39e9de9accf74387a3d1f9e1c1
604b5073f81204676da70c2afb3fb401e508048b1f0776fbd84e32a13518f576

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/es6-promise/promise.min.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 2886
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/login

113.16.166.240

200

53 kB

URL User Request GET HTTP/1.1
113.16.166.240:8088/login
IP
113.16.166.240:8088
ASN
#4134 Chinanet

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
53 kB (53072 bytes)
Hash
b4d6838907d14c5f77d48ab9eb337c9c
b27d2e0319727f098f56a1c5fa8ff6f3aa9286da
0f8eaef4ba302e75ba1c3f01813b2a77d700ff106996a63a4a2e74284460a3c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Set-Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3; Path=/; HttpOnly
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/ui/ext/axios/axios.min.js?cache_id=72735582

113.16.166.240

200

13 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/axios/axios.min.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, ASCII text, with very long lines (9701), with CRLF line terminators
Size
13 kB (12949 bytes)
Hash
330bd8ed153eab093c80f9572ba9d407
a2ae339bd204937fa171322642da2b2ea90c36d9
8b849e3f5952daf2c7404f61140ed4b275c1e3f01d9cbe6839d276a0a1f1ff94

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/axios/axios.min.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 12949
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/ui/ext/jquery/jquery.min.js?cache_id=72735582

113.16.166.240

200

90 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/jquery/jquery.min.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators
Size
90 kB (89501 bytes)
Hash
3e4bb227fb55271bfe9c9d4a09147bd8
156837f75f6600ccb602b4efcbd393636c33f35e
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/jquery/jquery.min.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 89501
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/ui/ext/vue/vue.min.js?cache_id=72735582

113.16.166.240

200

94 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/vue/vue.min.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, ASCII text, with very long lines (65444), with CRLF line terminators
Size
94 kB (93679 bytes)
Hash
62859c81e9bdf1597b81c1cc7e14a002
544dc1ce74cb8460f628e2ba2581f954ab47afe0
0b908426f23e1d5235c4ce979dbae35691961c3c4da5d9b8796168e5f20b3ac8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/vue/vue.min.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 93679
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/ui/ext/artDialog/dialog-plus.js?cache_id=72735582

113.16.166.240

200

49 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/artDialog/dialog-plus.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, ASCII text, with very long lines (34876), with CRLF line terminators
Size
49 kB (49314 bytes)
Hash
eeaa10ca7492bbfe70d2f88ff017376c
aa5c83f851613731cba1aaa2358391b88bfd1e1a
1ac0f279f48cea6689a072a309fd16a7317f190e95434ad72e84632f9ae73551

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/artDialog/dialog-plus.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 49314
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/ui/common/style/common-theme.css?cache_id=72735582

113.16.166.240

200

63 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/common/style/common-theme.css?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
63 kB (62668 bytes)
Hash
c5c4b8b333ab51dc86b9ea12656f43d9
7dff5eabb1145d7eabf2c243aa651d8d9f868c6d
61a5261c6a986a8bfc764c2530852dd3026e9bbef28e215e385b6df60a87d3b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/common/style/common-theme.css?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 62668
Date: Fri, 14 Jun 2024 09:22:40 GMT

113.16.166.240:8088/ui/common/js/base.js?cache_id=72735582

113.16.166.240

200

35 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/common/js/base.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
35 kB (34931 bytes)
Hash
0759721aa17e87707f464f98ba367f4a
fc6f01d0494ecf9737dd767abca8a69579cbf36c
544952c47c0e5fa5b096c82378b013f32a68385ff698582cea0387ae1646e9eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/common/js/base.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 34931
Date: Fri, 14 Jun 2024 09:22:40 GMT

113.16.166.240:8088/ui/sys/security/auth/js/login.encrypt.common.js?cache_id=72735582

113.16.166.240

200

503 B

URL GET HTTP/1.1
113.16.166.240:8088/ui/sys/security/auth/js/login.encrypt.common.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
ASCII text, with very long lines (419), with CRLF line terminators
Size
503 B (503 bytes)
Hash
56f0d06aa9cdbe10476f008c1d8f2ee1
b93708588c60c70e396148d29c3c42b8e2c100e2
d988c19c409b9168e2d603f459f8613b26dfe8a7959bc4646b06ffca6a36b2a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/sys/security/auth/js/login.encrypt.common.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Wed, 06 Sep 2023 11:13:16 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 503
Date: Fri, 14 Jun 2024 09:22:40 GMT

113.16.166.240:8088/ui/common/js/tools.js?cache_id=72735582

113.16.166.240

200

153 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/common/js/tools.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
153 kB (152885 bytes)
Hash
b0e2fa7cbd37381a0c9016338814ef7c
cc0b95a9a41c6804469e7a7f87bd7c6084d8f7f4
41f307c1f2bb3981b67701c521112ee3e61351becca4ef849818cec534e0d322

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/common/js/tools.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 152885
Date: Fri, 14 Jun 2024 09:22:40 GMT

113.16.166.240:8088/ui/sys/security/auth/js/wwLogin.js?cache_id=72735582

113.16.166.240

200

972 B

URL GET HTTP/1.1
113.16.166.240:8088/ui/sys/security/auth/js/wwLogin.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
ASCII text, with CRLF line terminators
Size
972 B (972 bytes)
Hash
121c4891e37beb57ccd36d019e9ea22b
d068b2f7cb45a3d541cc92e82796a80df721ea8a
fa60a1b970d6b48d2cb928b98e4f8797e34ff7b00f0fadd6794216a181739cf6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/sys/security/auth/js/wwLogin.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Wed, 06 Sep 2023 11:13:16 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 972
Date: Fri, 14 Jun 2024 09:22:40 GMT

113.16.166.240:8088/ui/sys/security/auth/js/wxLogin.js?cache_id=72735582

113.16.166.240

200

1.2 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/sys/security/auth/js/wxLogin.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
ASCII text, with very long lines (335), with CRLF line terminators
Size
1.2 kB (1172 bytes)
Hash
90d0605735d909bd780c55bbe23a298c
e973153074e7d98cd095134806834445a5f5a580
cc0a5b64158cd35bb52fc6b9dfe94c2ff0f978fbc5da5ce1d638224c6a0ac440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/sys/security/auth/js/wxLogin.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Wed, 06 Sep 2023 11:13:16 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 1172
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/ui/ext/element/css/element-ui.css?cache_id=72735582

113.16.166.240

200

233 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/element/css/element-ui.css?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
ASCII text, with very long lines (65536), with no line terminators
Size
233 kB (232694 bytes)
Hash
b156c93b3792c208a43d643446f0d308
1ee68ab3ff034e3553c779fe94079bbd43436f67
913f0305e94e0c8cfea0ab62c4bbadbe86b52b5cd6893a1a3740d495a1005155

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/element/css/element-ui.css?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 232694
Date: Fri, 14 Jun 2024 09:22:40 GMT

113.16.166.240:8088/ui/sys/security/auth/js/ddLogin.js?cache_id=72735582

113.16.166.240

200

759 B

URL GET HTTP/1.1
113.16.166.240:8088/ui/sys/security/auth/js/ddLogin.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
ASCII text, with CRLF line terminators
Size
759 B (759 bytes)
Hash
ce53abdd8610a205af42ea9a536ac242
1f1e5c55b085bd68ddda183d8f150c7a2e3d8ed6
4804e65651e25d20b7036a875f778c5d844ef36938e9febb0d8e013baf5d04ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/sys/security/auth/js/ddLogin.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Wed, 06 Sep 2023 11:13:16 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 759
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/ui/sys/security/auth/style/login.css?cache_id=72735582

113.16.166.240

200

14 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/sys/security/auth/style/login.css?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
14 kB (13902 bytes)
Hash
1d6af138c948ea585a8eeb9e41aa95bd
04d50ae77cc053bbb7d247acf1dc8245d28a407f
fa809b5775e869e9abda4660b7253f59bfad6fcb24579ea91841cff652988727

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/sys/security/auth/style/login.css?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Wed, 06 Sep 2023 11:13:16 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 13902
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/ui/common/skin/blue/style/common-theme.css?cache_id=72735582

113.16.166.240

200

12 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/common/skin/blue/style/common-theme.css?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
12 kB (12442 bytes)
Hash
fa3c75df60389118fd6f364d6b996de1
6a8645052e13a80b09c48444d72b7f27fb2846b3
7a00cf23fffc6727dbaeefdcd3094b2eea4cd8e7dba8dd65a327d3da58299790

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/common/skin/blue/style/common-theme.css?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 12442
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/ui/ext/element/js/element-ui.js?cache_id=72735582

113.16.166.240

200

564 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/element/js/element-ui.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65121), with no line terminators
Size
564 kB (563790 bytes)
Hash
f959655c9d7b7e1ae1a4820d4d444511
ce6556eab216e8e769746b67e7330d2cda5a9895
0345cbb432d52eedd20a2af82030a882e9764e5ca31d3ae5582213f1f3a92488

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/element/js/element-ui.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 563790
Date: Fri, 14 Jun 2024 09:22:39 GMT

113.16.166.240:8088/ui/sys/security/auth/js/login.js?cache_id=72735582

113.16.166.240

200

35 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/sys/security/auth/js/login.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
35 kB (35381 bytes)
Hash
6f38ea0976dcdcc4963c137ee50fcbd2
79e0c90991e5429a8bc6c65d8f8107cc3caf779f
a509d18aa8667437f9e271551dbcd523474e296e0cf8ae87f070dc1fde066487

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/sys/security/auth/js/login.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Wed, 06 Sep 2023 11:13:16 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 35381
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/ui/ext/jsencrypt/jsencryptlong.min.js?cache_id=72735582

113.16.166.240

200

56 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/jsencrypt/jsencryptlong.min.js?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (56009), with no line terminators
Size
56 kB (56013 bytes)
Hash
c3a82394f0c5115e316c46a6448e45d4
7a3a46217e7a278ea4637d84a127c369ccf92bed
1ea9a9fe6dadc4b903be1aeff2a0ab3b82986b743abd4cc95698a1b3256523e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/jsencrypt/jsencryptlong.min.js?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 56013
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/ui/common/fonts/sys/iconfont.css?cache_id=72735582

113.16.166.240

200

5.3 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/common/fonts/sys/iconfont.css?cache_id=72735582
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
ASCII text, with CRLF line terminators
Size
5.3 kB (5319 bytes)
Hash
e54f851b7ccaf42f2e91b415d0dce649
0899ecc909bd3963141b9fee662028452978a927
cf97121b6ee17e4e14d52daf4e94253e942999d1234214550147697be7bcb98a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/common/fonts/sys/iconfont.css?cache_id=72735582 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 5319
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/login/imgView?fileId=16396188965841505239994392404560

113.16.166.240

200

44 kB

URL GET HTTP/1.1
113.16.166.240:8088/login/imgView?fileId=16396188965841505239994392404560
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
PNG image data, 887 x 80, 8-bit/color RGBA, non-interlaced
Size
44 kB (43875 bytes)
Hash
95e9ebd54d790236081e50127f15efda
0f9938f1a2461cf57385a32af9c2f450d8fb0e8c
1678d1014726e6c97c636af594524e678cfe3eb94d7fcc7921ca1192a757de27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/imgView?fileId=16396188965841505239994392404560 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Content-Disposition: attachment;filename=%E5%8D%97%E5%AE%81%E5%95%86%E8%B4%B8%E7%99%BB%E5%BD%95%E9%A1%B5LOGO.png
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: image/png
Content-Length: 43875
Date: Fri, 14 Jun 2024 09:22:41 GMT

113.16.166.240:8088/favicon.ico

113.16.166.240

200

946 B

URL GET HTTP/1.1
113.16.166.240:8088/favicon.ico
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
MS Windows icon resource - 1 icon, 16x13, 32 bits/pixel
Size
946 B (946 bytes)
Hash
0488faca4c19046b94d07c3ee83cf9d6
02fb8c5e4c3d113f310651a4d021aecc68f79d54
a3fe67e3549fdbc5819762b43c7efd93b1caea734f87a33c909a4e4b2ba4e32b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 27 Feb 2023 02:37:17 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: image/x-icon
Content-Length: 946
Date: Fri, 14 Jun 2024 09:22:42 GMT

113.16.166.240:8088/ui/ext/element/css/fonts/element-icons.woff

113.16.166.240

200

28 kB

URL GET HTTP/1.1
113.16.166.240:8088/ui/ext/element/css/fonts/element-icons.woff
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
Web Open Font Format, TrueType, length 28200, version 1.0
Size
28 kB (28200 bytes)
Hash
535877f50039c0cb49a6196a5b7517cd
0000c4e27d38f9f8bbe4e58b5ce2477e589507a7
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ui/ext/element/css/fonts/element-icons.woff HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/ui/ext/element/css/element-ui.css?cache_id=72735582
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Last-Modified: Mon, 29 Apr 2024 12:08:18 GMT
Accept-Ranges: bytes
Content-Type: application/font-woff
Content-Length: 28200
Date: Fri, 14 Jun 2024 09:22:42 GMT

113.16.166.240:8088/login/imgView?fileId=16396341152261505239918498029174

113.16.166.240

200

855 kB

URL GET HTTP/1.1
113.16.166.240:8088/login/imgView?fileId=16396341152261505239918498029174
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=16, height=3648, bps=206, PhotometricInterpretation=RGB, manufacturer=Canon, model=Canon EOS 70D, orientation=upper-left, width=5472], baseline, precision 8, 2400x1200, components 3
Size
855 kB (854620 bytes)
Hash
ab6c00dc725470178b3d2e7a97fce35e
78a977cf566d8b4ebd9ed028b9bceb35bc33c50f
99616b4365482393752a79784b4a79391826e911c6263ad204a0ae24962193a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/imgView?fileId=16396341152261505239918498029174 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Content-Disposition: attachment;filename=2.jpg
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: image/jpeg
Content-Length: 854620
Date: Fri, 14 Jun 2024 09:22:42 GMT

113.16.166.240:8088/login/imgView?fileId=16396339707871505239918424325328

113.16.166.240

200

4.7 MB

URL GET HTTP/1.1
113.16.166.240:8088/login/imgView?fileId=16396339707871505239918424325328
IP
113.16.166.240:8088
ASN
#4134 Chinanet

Requested by
http://113.16.166.240:8088/login

File type
PNG image data, 2500 x 1200, 8-bit/color RGB, non-interlaced
Size
4.7 MB (4747684 bytes)
Hash
1845eca0d607cc35e24dc9ad6bab146b
1b99ea7028f959dd4d5f9e45d67358564c34d7c4
59d3a38365edd7c97311dbe58a41cf837d2531d6896ef0caedc1f80bca675940

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login/imgView?fileId=16396339707871505239918424325328 HTTP/1.1
Host: 113.16.166.240:8088
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://113.16.166.240:8088/login
Cookie: SESSION=MTM0Njk5ZDYtZWVmNy00ZDNmLThmNDktODlhOWU3Yjk0YTg3
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Content-Disposition: attachment;filename=%E6%9C%AA%E6%A0%87%E9%A2%98-1.png
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: image/png
Content-Length: 4747684
Date: Fri, 14 Jun 2024 09:22:42 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash