Report - ezsil.163.com.mhzxbt.top/

Report Overview

Submitted URL
ezsil.163.com.mhzxbt.top/
IP
45.146.235.45
ASN
#8100 ASN-QUADRANET-GLOBAL
Submitted
2024-04-18 10:27:16
Access
public
Website Title
WWW_PBB7_COM_WWWPBB7COM_人人首頁
Final URL
wap.kesywoi.icu/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ia.51.la	59607	2005-01-17	2017-10-31	2024-04-18	1.0 kB	302 B	203.107.86.226
sdk.51.la	88367	2005-01-17	2021-03-08	2024-04-17	403 B	35 kB	47.246.44.242
www.lelifi.com	unknown	2015-11-26	2020-05-02	2024-04-18	846 B	9.6 kB	104.21.46.15
js.users.51.la	53024	2005-01-17	2012-05-30	2024-04-18	402 B	5.5 kB	47.246.44.239
ezsil.163.com.mhzxbt.top	unknown	unknown	No data	No data	670 B	442 B	45.146.235.45
wap.kesywoi.icu	unknown	unknown	No data	No data	6.9 kB	698 kB	172.67.148.161
collect-v6.51.la	91421	2005-01-17	2021-03-08	2024-04-17	457 B	488 B	203.107.86.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 10:26:52	medium	Client IP	45.146.235.45	ET INFO HTTP Request to a *.top domain
2024-04-18 10:26:54	medium	Client IP	172.67.148.161	ET INFO Suspicious Domain (*.icu) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed
2024-04-18	medium	kesywoi.icu	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	unknown	788 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:27:22 Last Seen2024-04-18 12:27:22 Times Seen1 Hash fc061ebcb523e86300a68854bff76d10 8090921319b9189481d7aac1eca374626766469e 45d4b7cc9729565ac7e388e89dbef6229a02172c82a28187a553dd80b3fe30ca Loading...

	sdk.51.la/js-sdk-pro.min.js	34 kB	2023-04-05	2024-05-01
Pretty URL sdk.51.la/js-sdk-pro.min.js IP 47.246.44.242 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:31:50 Last Seen2024-05-01 05:36:30 Times Seen14423 Hash 8fc0b01d35300e8398d6e957987c01e7 f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4 Loading...

	wap.kesywoi.icu/Aquery.js	540 B	2023-04-19	2024-05-01
Pretty URL wap.kesywoi.icu/Aquery.js IP 172.67.148.161 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-19 08:29:48 Last Seen2024-05-01 04:56:21 Times Seen368 Hash f6b7afcc4a01363d039ba7138ac342f2 13d5b83bef56227c24f19d38a57a6849bec94945 e6d112f55c1cb75702e1b5abd7634c6e1a97ce467f6cf51e8946d54f4d9bde81 Loading...

	www.lelifi.com/app/app.js?t=shang&c=google&mb=1	4.0 kB	2024-04-18	2024-05-01
Pretty URL www.lelifi.com/app/app.js?t=shang&c=google&mb=1 IP 104.21.46.15 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 09:30:26 Last Seen2024-05-01 04:56:22 Times Seen22 Hash c05d24e915a484f17846a3e4439e9889 74d4704effd793730975184a1d4c1349da0c4376 fcd21023540b2560a62a75fdd6560bd2097ea5c23f788c40ec7d1c2299be902f Loading...

	wap.kesywoi.icu/Baidu.js	650 B	2023-08-11	2024-04-29
Pretty URL wap.kesywoi.icu/Baidu.js IP 172.67.148.161 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-11 11:25:11 Last Seen2024-04-29 18:04:52 Times Seen16 Hash d16fa859fcb505acd637cb3250e095c7 da612f1ad8b82044ad3ea68760af07734b424a0b 70253a64c2149ac46f4a522d1b56285db4748ab40e7bb43bddfbf07603c530fb Loading...

	js.users.51.la/21586809.js	4.9 kB	2023-06-07	2024-04-29
Pretty URL js.users.51.la/21586809.js IP 47.246.44.239 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 07:40:46 Last Seen2024-04-29 18:04:53 Times Seen19 Hash 5dbf5bec0a341d966e9c9f54b6054492 baa45db89ee97c0758e2bda7f6651ea976fd55ba 8af086f2426c3b3df3b285aad99f532bc76cca6a4d1e24a03994994b73d966df Loading...

		Size	First Seen	Last Seen
	#1 Eval - dc3a1051aa2ba934cd62b5d757a7c6e5	196 B	2023-03-07	2024-05-01
Pretty Observations First Seen2023-03-07 13:50:09 Last Seen2024-05-01 04:56:21 Times Seen330 Hash dc3a1051aa2ba934cd62b5d757a7c6e5 a464c2307e5e740dad89fdc9fa3400adc498efad bd5aeb37068d06e56b6d1cf0fe66f8e8d22456fdc32fe65c767c200c456e4322 Loading...

		Size	First Seen	Last Seen
	#1 Write - 51772793ebecc704e9e0e86e6e2ce9be	79 B	2023-03-07	2024-05-01
Pretty Observations First Seen2023-03-07 13:50:09 Last Seen2024-05-01 04:56:22 Times Seen299 Hash 51772793ebecc704e9e0e86e6e2ce9be 3da0e353c7ad33e25ff3748452a6c0595bc3eaf5 b4830d355ac6ef649ad71c2e4c55dbb5ed68f89d348b337f65471b48360a75fd Loading...

	#2 Write - a3019cd92bd80a5f16a3dfba4cafe210	79 B	2023-03-07	2024-05-01
Pretty Observations First Seen2023-03-07 13:50:09 Last Seen2024-05-01 04:56:22 Times Seen299 Hash a3019cd92bd80a5f16a3dfba4cafe210 b5134581876849ce1285db5bd03abc7b9df22366 dfdc1ca42f286d643fedd269f3d04bbcbf9338937003f4071c6c9a3652f28f22 Loading...

	#3 Write - 658396bcee23958c05dc31fba8a8d002	508 B	2023-05-23	2024-05-01
Pretty Observations First Seen2023-05-23 04:58:41 Last Seen2024-05-01 04:56:22 Times Seen72 Hash 658396bcee23958c05dc31fba8a8d002 1e6a54d189e0b5ff18022b4a9a890554f76b4aab 9b1f5859694ddac3ac43b1e613084519e41132db3359ec5c1b8ae0c28a3456ce Loading...

	#4 Write - 75fb3f92e68356f9c9acf4cc54a431ec	75 B	2023-06-07	2024-04-29
Pretty Observations First Seen2023-06-07 07:40:46 Last Seen2024-04-29 18:04:52 Times Seen12 Hash 75fb3f92e68356f9c9acf4cc54a431ec 05b4acf436841f05d856c692c6aa7d8ab1bfd4ad 50248655dd88287e71b897d879e4e49c1a71cfb3aae1f20b548d854f754dde31 Loading...

HTTP Transactions (22)

URL IP Response Size

ezsil.163.com.mhzxbt.top/

45.146.235.45

21 B

URL User Request GET
ezsil.163.com.mhzxbt.top/
IP
45.146.235.45:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text, with no line terminators
Size
21 B (21 bytes)
Hash
17fca6c023a702d175522a59d98b044c
f384e57166238525ae0eaece46fd7a3c325c92a6
a9082fbd7371ad3aedddf095f604cb666c8e4084e9f96a10906d95ebf27209aa

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: ezsil.163.com.mhzxbt.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 10:26:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://jbjhl.top/

ezsil.163.com.mhzxbt.top/

45.146.235.45

27 B

URL User Request GET
ezsil.163.com.mhzxbt.top/
IP
45.146.235.45:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text, with no line terminators
Size
27 B (27 bytes)
Hash
d8a93efc852bac8adf606baba857f4f3
179f6ed4f10dda1b34f55160f1d3c146a7e8b08c
a5fb5e7bd91bffd052a6ecf4aab526a05fd7e239d5e9c5c5b58cfb7e10dd6f56

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: ezsil.163.com.mhzxbt.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 10:26:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://wap.kesywoi.icu/

wap.kesywoi.icu/template/2227/assets/images/logo.png

172.67.148.161

200 OK

17 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/images/logo.png
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
PNG image data, 158 x 40, 8-bit/color RGBA, non-interlaced
Size
17 kB (17033 bytes)
Hash
51abc825bb276946febd9ce7bd3a127a
cd86fe715d4f3628a26dcb861db6e31a5fba41e1
593605b2702e683a0484681e0f512ba7e25862e92112a04bd693b6c7e2042136

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/images/logo.png HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: image/png
content-length: 17033
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
etag: "5da57920-4289"
expires: Sat, 18 May 2024 10:26:56 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7FV0GViuQcnoZl2yWZzvxiZw6VB15r5U4APFvDzHWHUn9f8h5I8b7L6Pi2ESSirTDTLntIt23a1IfKf77PCHZjgv5OR8wCWRjF0K9fUSZjrg4rnWtUXgOo5EyAlobWvmQZs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f59a3f20b505-OSL
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/images/person_2.png

172.67.148.161

200 OK

43 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/images/person_2.png
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
43 kB (42593 bytes)
Hash
b365fd2d9d9d13086d796b76029663f1
69f0a693eaaa460ea67139a59c047af7e2cbd9a9
e836128ad5864ba548f5aeeeed035f806038262d6da63b7d13596e51f8162ab6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/images/person_2.png HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: image/png
content-length: 42593
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
etag: "5da57920-a661"
expires: Sat, 18 May 2024 10:26:56 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j3ZIkHtdPLaLeBpyDE3m8jQvi8YBrRXqw6EMXFIVeWGyTwZBkoQvHw%2Bmi%2Fro2%2F0T92mZuBfU9C%2BKYP3QleKIge5d4MgoJfbgPP2gpshJ%2B25T7hB2%2FAqri9zsPqxSrbYfoZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f59a3f2ab505-OSL
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/images/person_3.png

172.67.148.161

200 OK

56 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/images/person_3.png
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
56 kB (55986 bytes)
Hash
2576b0bb69ab05bc117ea972ef382c0e
8c041c7af5421a13ed840d4d5be07f9ea2e82a19
25633cc7533f6af64659e123263bb719272cd6dc46eed8a402d81f63a62f12df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/images/person_3.png HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:57 GMT
content-type: image/png
content-length: 55986
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
etag: "5da57920-dab2"
expires: Sat, 18 May 2024 10:26:56 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8gTgK2X6r1XprYTP8ortdBALJPFCssj3tlo4dtY62pIeR%2FK6HMAToJyXvgpC1rSn93jnBB4V%2BVCcWw20nCXXs%2Frsc1mjdVFi5bf%2Fn19dX6%2BWt1ritW%2BQ05QAc3P13r41%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f59a3f33b505-OSL
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/images/person_1.png

172.67.148.161

200 OK

49 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/images/person_1.png
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
49 kB (49239 bytes)
Hash
e6aa48baed6408c1407b711f6cb79a9a
c05b7a342fb83a315e8e4b43c9a6a4ab7a3660c6
c8361823a15d42f80fddda5065329335ea415d72e4a40245141ec60337e6d73d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/images/person_1.png HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:57 GMT
content-type: image/png
content-length: 49239
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
etag: "5da57920-c057"
expires: Sat, 18 May 2024 10:26:56 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFTlEBxSOIF8s1%2FMoZrN8AFrk%2FrY5SdPvDOpiR02bme0wCVPT%2BH2mhLbTv45T3hmQSn55Em9q5H3s52qk7u1V33r571hVMCa9CujWkYjepxWTt2KhME6pWio1n2wKXAez4g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f59a3f25b505-OSL
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/css/style.css

172.67.148.161

200 OK

4.1 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/css/style.css
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
4.1 kB (4143 bytes)
Hash
1caa364257ed8343bd0bbf72aab4a0c1
872f30f933351a869660dc953b2bc5996a0de625
44d4b955bb4070b13462295bbfecbd89ea93f1e33ce5de146f2ca47520b9ac15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/css/style.css HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
vary: Accept-Encoding
etag: W/"5da57920-286e"
expires: Thu, 18 Apr 2024 22:26:56 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TvnWI%2BY13SIpjFpk1kXPSdtzl%2FeG3xoprQNmGpEHh4nOJ7F8zf6bMTt%2BkjAnLCIywfh303yILGBbgFFMwNUXGx4Qz9k9TR0eioAADZbQSGHbVtzJ%2FdObPiPTCKbSzQ9aKJU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f59a2f17b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/css/bootstrap.min.css

172.67.148.161

200 OK

31 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/css/bootstrap.min.css
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
31 kB (31350 bytes)
Hash
27c0cb9b307182ee4f95c0d1761587a2
5f853109f2acace8a97bf089733af1932cc9a2d4
dc4f9a84aaa46ad3108b48a617235131773cc2858860d654b12f4e85df1957c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/css/bootstrap.min.css HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
vary: Accept-Encoding
etag: W/"5da57920-18095"
expires: Thu, 18 Apr 2024 22:26:56 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWjEJ12bPiGUwEvBnX8IxdNZRNADxAuG%2BIQf%2BE%2FjPI5AcKLaYSf1O6WVu8N1kpN7s1XqXPXrW1lxYdS04hi%2FoRaacm2nW3vap2U1jboh06E3oRurYdxLpSlD9S7ackN4XE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f59a2f07b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/css/da-slider.css

172.67.148.161

200 OK

41 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/css/da-slider.css
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
ASCII text, with CRLF, LF line terminators
Size
41 kB (40809 bytes)
Hash
386402f2ae1b2cda68a8eaab1a5b0a72
b928db5c853392f48056b47563cc20d4a1fc2c08
6ae154bc2fbd070590843057d147be99d48d0daed1ea9c8b6ccb767fedca31a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/css/da-slider.css HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
vary: Accept-Encoding
etag: W/"5da57920-4514"
expires: Thu, 18 Apr 2024 22:26:56 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CBksv4kMRsHEYimy72u7HyFWtoI2ICnIoGtFCo9FWOoZm0ZrpyH2VZyGjFFURhggiLkzByAC1ZHSEmk4CWDF0NwQyixBvPD3VgSQPbKGyUA7nWlIs%2FHI47N3XP7G1fBeJOE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f59a2f13b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/template/2227/assets/css/bootstrap-theme.css

172.67.148.161

200 OK

7.2 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/css/bootstrap-theme.css
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (410)
Size
7.2 kB (7162 bytes)
Hash
6cce0efd72901232d18fb1f4f85e4640
c678bb0d7252cdaffce064b42d13f69ee619abc8
9e6a0417b7f04c661c9d0ad647de7882eda68fe0e6f2f944bcc4089a1c38e124

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/css/bootstrap-theme.css HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
vary: Accept-Encoding
etag: W/"5da57920-132d"
expires: Thu, 18 Apr 2024 22:26:56 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FAlWIkw%2F80k8lBb8wYLUHpcs%2Bt3CgkYmPwClAOSFOAI%2BYO4FikFAbD346nHsrdeU6v3ywUKXb9%2BpZzgJQm8ef7kcyRKZd5Y9QNYA0A%2BXOD3BvvDg6AUn3GZa3%2FaeUG36%2F5s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f59a2f0db505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/Baidu.js

172.67.148.161

200 OK

10 kB

URL GET HTTP/3
wap.kesywoi.icu/Baidu.js
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (554)
Size
10 kB (10173 bytes)
Hash
d16fa859fcb505acd637cb3250e095c7
da612f1ad8b82044ad3ea68760af07734b424a0b
70253a64c2149ac46f4a522d1b56285db4748ab40e7bb43bddfbf07603c530fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Baidu.js HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: application/javascript
last-modified: Tue, 08 Aug 2023 02:09:30 GMT
etag: W/"64d1a3da-28a"
expires: Thu, 18 Apr 2024 22:26:56 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FTNaovvjJdd%2BAZytBdSo3hNHa3o5nxBpIRC9NmYb5yNi9EcxbWP%2Fof4n7LceP0V0BzMnIbewuttroh29JRoAufOlBRUv7MZoGF1wb%2FBeih%2BrW0e2b36RNF5pTyChmCYehq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f59b7999b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

collect-v6.51.la/v6/collect?dt=4

203.107.86.226

403

0 B

URL POST HTTP/1.1
collect-v6.51.la/v6/collect?dt=4
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 359
Origin: https://wap.kesywoi.icu
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 
Date: Thu, 18 Apr 2024 10:26:58 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=e4c2016bcd7301ba3870de96e27dd18f2d3141e902aef95abae8c519e08be737; Path=/; HttpOnly
acw_tc=ac11000117134360187315585e2e2a4d1b80e2bf1c9e1696dd5ef04c614183;path=/;HttpOnly;Max-Age=1800
Server: nginx
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://wap.kesywoi.icu
Access-Control-Allow-Credentials: true

ia.51.la/go1?id=21586809&rt=1713436018010&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25EF%25BB%25BF%25E6%2595%25AC%25E5%2591%258A%253A%25E6%259C%25AA%25E6%25BB%25BF18%25E5%25B2%2581%25E8%2580%2585%25E8%25AB%258B%25E5%258B%25BF%25E9%2580%25B2%25E5%2585%25A5WWW_PBB7_COM_WWW&ing=1&ekc=&sid=1713436018010&tt=WWW_PBB7_COM_WWWPBB7COM_%25E4%25BA%25BA%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&kw=%25EF%25BB%25BFWWW_PBB7_COM_WWWPBB7COM%252C%25E7%259C%258B%25E7%2589%2587X%25E5%258C%25BA%252C%25E6%2588%2590%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&cu=https%253A%252F%252Fwap.kesywoi.icu%252F&pu=

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21586809&rt=1713436018010&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25EF%25BB%25BF%25E6%2595%25AC%25E5%2591%258A%253A%25E6%259C%25AA%25E6%25BB%25BF18%25E5%25B2%2581%25E8%2580%2585%25E8%25AB%258B%25E5%258B%25BF%25E9%2580%25B2%25E5%2585%25A5WWW_PBB7_COM_WWW&ing=1&ekc=&sid=1713436018010&tt=WWW_PBB7_COM_WWWPBB7COM_%25E4%25BA%25BA%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&kw=%25EF%25BB%25BFWWW_PBB7_COM_WWWPBB7COM%252C%25E7%259C%258B%25E7%2589%2587X%25E5%258C%25BA%252C%25E6%2588%2590%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&cu=https%253A%252F%252Fwap.kesywoi.icu%252F&pu=
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21586809&rt=1713436018010&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25EF%25BB%25BF%25E6%2595%25AC%25E5%2591%258A%253A%25E6%259C%25AA%25E6%25BB%25BF18%25E5%25B2%2581%25E8%2580%2585%25E8%25AB%258B%25E5%258B%25BF%25E9%2580%25B2%25E5%2585%25A5WWW_PBB7_COM_WWW&ing=1&ekc=&sid=1713436018010&tt=WWW_PBB7_COM_WWWPBB7COM_%25E4%25BA%25BA%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&kw=%25EF%25BB%25BFWWW_PBB7_COM_WWWPBB7COM%252C%25E7%259C%258B%25E7%2589%2587X%25E5%258C%25BA%252C%25E6%2588%2590%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&cu=https%253A%252F%252Fwap.kesywoi.icu%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 18 Apr 2024 10:27:02 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=f86df6a05639bcb45556bb6c59d6f90558e18d21d6744e170d4920524813dcd7; Path=/; HttpOnly
acw_tc=ac11000117134360190957528eed15f3ae42475bec92caf5a316c2ee22c3e4;path=/;HttpOnly;Max-Age=1800

wap.kesywoi.icu/

172.67.148.161

200 OK

387 kB

URL User Request GET HTTP/2
wap.kesywoi.icu/
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type

Size
387 kB (387178 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:26:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=7200
cf-cache-status: MISS
last-modified: Thu, 18 Apr 2024 10:26:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vyhw1m9CE3LAReb0flgEWLN9XHK%2B8vHJoj3MMiu8PT3ZwWIIf3V%2B%2Fc8NC7AVxRWizKseSLYyKrPkBsGwbzfxbRcxZLaIPspThFJJt2VgZytU3UzIKjSqadw1U0BWMkOegzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f5926c70b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sdk.51.la/js-sdk-pro.min.js

47.246.44.242

200 OK

34 kB

URL GET HTTP/2
sdk.51.la/js-sdk-pro.min.js
IP
47.246.44.242:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
34 kB (34330 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 12846
date: Mon, 15 Apr 2024 18:22:53 GMT
x-oss-request-id: 661D707DDDD87E393288449D
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
content-md5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 3
ali-swift-global-savetime: 1713205373
via: cache15.l2de2[0,0,304-0,H], cache6.l2de2[0,0], ens-cache18.se2[0,0,200-0,H], ens-cache6.se2[1,0]
vary: Accept-Encoding
last-modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
content-encoding: gzip
age: 230644
x-cache: HIT TCP_MEM_HIT dirn:6:7882094
x-swift-savetime: Mon, 15 Apr 2024 18:23:21 GMT
x-swift-cachetime: 1295972
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 2ff62c9a17134360176786574e
X-Firefox-Spdy: h2

wap.kesywoi.icu/template/2227/assets/images/arrows.png

172.67.148.161

200 OK

1.5 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/images/arrows.png
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
PNG image data, 55 x 37, 8-bit/color RGBA, interlaced
Size
1.5 kB (1475 bytes)
Hash
0b5b984ffc38bec86f2ca5771190ded7
0d075b9e209918fac07f87fb61a0ca1d0d74418b
8c990e62c610a666d2ae367171eaebe32941e537f7fe459c74fd9a3733dd7f1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/images/arrows.png HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/template/2227/assets/css/da-slider.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:57 GMT
content-type: image/png
content-length: 1475
last-modified: Tue, 15 Oct 2019 07:45:36 GMT
etag: "5da57920-5c3"
expires: Sat, 18 May 2024 10:26:57 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R5UsKaJRTgyRqDCxVpwsTr3mx%2F65SrhHp5Kvworoh%2Fu694DLJlRkrz9PLtJv3s%2BPeCdoX7oPWuVI2qtLFOHVLBb8xJ%2B1vNnbwRA%2FsdGBKo%2Fm0rtBnjt%2FGLJiPNIIhzkPGy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f5a3df5db505-OSL
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/favicon.ico

172.67.148.161

200 OK

1.2 kB

URL GET HTTP/3
wap.kesywoi.icu/favicon.ico
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
591676289e8a2b06c3fc31137810d2c0
f53c4f56f983f6b96198806a60624ba16741a156
2cab8e512dc07af44384a4e2c0e7020b04e03331affaa96aa54d489d6274e4de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Cookie: __vtins__K4aEPHJP2O3KBajx=%7B%22sid%22%3A%20%22866bdb25-2d6c-58b1-a9aa-15dc0d3b0b0a%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201713437817748%2C%20%22ct%22%3A%201713436017748%7D; __51uvsct__K4aEPHJP2O3KBajx=1; __51vcke__K4aEPHJP2O3KBajx=72990a2d-58c2-57c5-8a76-37e4b77afc7a; __51vuft__K4aEPHJP2O3KBajx=1713436017753; __tins__21586809=%7B%22sid%22%3A%201713436018010%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713437818010%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:58 GMT
content-type: image/x-icon
last-modified: Thu, 17 Oct 2019 11:19:32 GMT
etag: W/"5da84e44-47e"
cache-control: max-age=7200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8LAAwb015LblpnVy40krv%2F5tW2fIXO44Ix%2F2YjmDgQQ%2F2NfVZieoQ%2BA06sg1kjlDdYv5M2ZcnxO%2Fx2dEHC8R7p7Jx0IfTm6DGW8%2FmgyHQYVc7QPh2pnm1X9xgQ1ke1H9qEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f5a9e819b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wap.kesywoi.icu/Aquery.js

172.67.148.161

200 OK

540 B

URL GET HTTP/3
wap.kesywoi.icu/Aquery.js
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (556), with no line terminators
Size
540 B (540 bytes)
Hash
9988d60d2af7295734e3bd6d7acd296e
3e98c7ac2dde441b5fe9ab4666c2f206a15aebf1
553ac2cc49df373a2e138fb5d962a306250472c5785d33ec91de2957d188c976

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Aquery.js HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:56 GMT
content-type: application/javascript
last-modified: Tue, 08 Aug 2023 02:09:29 GMT
etag: W/"64d1a3d9-21c"
expires: Thu, 18 Apr 2024 22:26:56 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z3mGYrnvm6mRjGZEsTf%2F6Zcw3g1MjGC9vgVmCdb9qwU2QGaNN5s6bcMcXFrh6luq%2BIswXbfCgdnEkhoHqbgz0VzmI%2FrOGhwNwf2m4H7keuYogDCUoVwFOrkehEKtFui1%2FVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f59a2f1bb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1

104.21.46.15

200 OK

4.0 kB

URL GET HTTP/2
www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1
IP
104.21.46.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA7:86:67:95:65:3F:9F:95:2C:EB:56:1E:31:DA:D9:C2:31:58:79:9F
ValidityWed, 24 May 2023 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4206), with no line terminators
Size
4.0 kB (4038 bytes)
Hash
46af1d8cf3d73f56cf6f6fbb87c33ea3
617094c4b5ab23cf3afa59194e3d6881e79b40f1
c2aee5c8d0f92da4667b82f4ba15ca0c74f7101e0477354a3d7807ea677954f3

HTTP Headers

GET /app/app.js?t=xia&c=googleee&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:26:57 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2024 11:15:30 GMT
vary: Accept-Encoding
etag: W/"660e8bd2-fc6"
expires: Thu, 18 Apr 2024 22:26:57 GMT
cache-control: max-age=43200
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xm1XhyZ%2FnOvDgeA3YDTh0ZZsWEw5h23ZXnqbpiC910SD3tZ3URBO%2B0UNL%2BaW6MTNPy5p3ZlJaXDaTTGPGTr47Aw7XBSgSwnilzmAcCxAkXGARLblBk05OXKp0AaHSXxjQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f5a0fb3d569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.users.51.la/21586809.js

47.246.44.239

200 OK

4.9 kB

URL GET HTTP/1.1
js.users.51.la/21586809.js
IP
47.246.44.239:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerGlobalSign nv-sa
Subject*.users.51.la
Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39
ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5147), with no line terminators
Size
4.9 kB (4898 bytes)
Hash
155d0c6085a3ac45652809af01214bee
70e042f13fd1e1d034aa0f068bd56dd64633107f
97d892bc2fedf8d1bc01079be67ab91fd8f03c01f73891b43540b47670dcd05e

HTTP Headers

GET /21586809.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 18 Apr 2024 10:26:57 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1713436017
Via: cache12.l2fr1[326,326,200-0,M], cache10.l2fr1[327,0], ens-cache3.se2[365,364,200-0,M], ens-cache4.se2[366,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 18 Apr 2024 10:26:57 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9817134360175443837e

wap.kesywoi.icu/template/2227/assets/images/bg_header.jpg

172.67.148.161

200 OK

39 kB

URL GET HTTP/3
wap.kesywoi.icu/template/2227/assets/images/bg_header.jpg
IP
172.67.148.161:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint31:F3:A3:1F:49:5A:B0:89:3F:F7:49:2B:26:EB:CC:EF:11:33:80:4B
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2000x920, components 3
Size
39 kB (38882 bytes)
Hash
4fc8c16fe0bba2b632a5680cee0cfc74
714f8f8d1417e9a422883a676f79f6de5caed7fa
48478ac1b2f9f7893e60492ca11722a677a98246400d29389ec5e40b9575a471

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2227/assets/images/bg_header.jpg HTTP/1.1
Host: wap.kesywoi.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/template/2227/assets/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:26:57 GMT
content-type: image/jpeg
content-length: 38882
last-modified: Wed, 16 Oct 2019 06:04:26 GMT
etag: "5da6b2ea-97e2"
expires: Sat, 18 May 2024 10:26:57 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BcaiXjo%2FsXLH9Uwk1Q4xuQYOuvlgQ9uPo08I1%2FGPUBdgyh4f1uSyaU2U8764L2qW4gTGcPcZcHDJBtkkoLiVpi68voQgi0%2BUQL3BZy9Oo9hhesFsX%2B77%2FEdbxr0ia0pob8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763f5a3df57b505-OSL
alt-svc: h3=":443"; ma=86400

www.lelifi.com/app/app.js?t=shang&c=google&mb=1

104.21.46.15

200 OK

4.0 kB

URL GET HTTP/2
www.lelifi.com/app/app.js?t=shang&c=google&mb=1
IP
104.21.46.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wap.kesywoi.icu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA7:86:67:95:65:3F:9F:95:2C:EB:56:1E:31:DA:D9:C2:31:58:79:9F
ValidityWed, 24 May 2023 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4206), with no line terminators
Size
4.0 kB (4038 bytes)
Hash
46af1d8cf3d73f56cf6f6fbb87c33ea3
617094c4b5ab23cf3afa59194e3d6881e79b40f1
c2aee5c8d0f92da4667b82f4ba15ca0c74f7101e0477354a3d7807ea677954f3

HTTP Headers

GET /app/app.js?t=shang&c=google&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wap.kesywoi.icu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:26:57 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2024 11:15:30 GMT
vary: Accept-Encoding
etag: W/"660e8bd2-fc6"
expires: Thu, 18 Apr 2024 22:26:57 GMT
cache-control: max-age=43200
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1NiutXIOZ7J6BMPrM5b7MX%2Bb1UcLP56hdhd8n7NbRtAOZ9bf1Nrzqa0WlTG%2BXYxW0sGObV5M%2Fi6U9%2B52PzWqE0y%2Bs7VXQfuGO93ImlR60bsnahI6BwXan5VbzL96eav%2BbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763f5a0fb3a569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (22)

URL User Request GET

IP

ASN

File type