Report - www.xnbeta.com/Nowprep/ver.txt

Report Overview

Submitted URL
www.xnbeta.com/Nowprep/ver.txt
IP
23.224.62.178
ASN
#40065 CNSERVERS
Submitted
2024-04-19 08:56:38
Access
public
Website Title
xnbeta.com/Nowprep/ver.txt
Final URL
www.xnbeta.com/Nowprep/ver.txt
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.xnbeta.com	unknown	2017-03-05	2013-02-11	2023-11-22	2.2 kB	34 kB	23.224.62.178
sdk.51.la	88367	unknown	2021-03-08	2024-04-18	358 B	14 kB	47.246.44.241

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-19 08:56:15	high	23.224.62.178	Client IP	ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	www.xnbeta.com/lala/20240413.fgcript	66 kB	2024-04-19	2024-04-19
Pretty URL www.xnbeta.com/lala/20240413.fgcript IP 23.224.62.178 ASN #40065 CNSERVERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 10:56:39 Last Seen2024-04-19 10:56:40 Times Seen2 Hash 9f3fbf9d3422f657b5ee809e8fe5fa46 16479c0de4677eef61738d878fde7fafe60c3172 8b3a47f5ec493ed0ae8fe4446f1c5c88acddb528b944259c707beae662c9f05e Loading...

		Size	First Seen	Last Seen
	#1 Write - da49a9a98e80a85c6fde1395d7415cf0	316 B	2024-02-05	2024-04-19
Pretty Observations First Seen2024-02-05 09:27:59 Last Seen2024-04-19 10:56:39 Times Seen4 Hash da49a9a98e80a85c6fde1395d7415cf0 4394a45908c428ce3c07677fe8bb5a56af807fc8 65518c39154c67003c35a1b6beaf85256e909dacbca5c89310d754c4ba12a421 Loading...

	#2 Write - d34e338a731b686e8de1c7a2c11593b0	81 B	2023-08-10	2024-04-19
Pretty Observations First Seen2023-08-10 21:56:17 Last Seen2024-04-19 10:56:39 Times Seen12 Hash d34e338a731b686e8de1c7a2c11593b0 7f6c427cabf22c9a71bc4999e4d78bc39b20e5cb f87429492fca51637f05d295520c211ae95fb5c2b992e2f33a20c07762798c9e Loading...

HTTP Transactions (7)

URL IP Response Size

www.xnbeta.com/Nowprep/ver.txt

23.224.62.178

200 OK

617 B

URL User Request GET HTTP/1.1
www.xnbeta.com/Nowprep/ver.txt
IP
23.224.62.178:80
ASN
#40065 CNSERVERS

File type
HTML document, Unicode text, UTF-8 text, with very long lines (916), with no line terminators
Size
617 B (617 bytes)
Hash
416f050f734573b47b58baf9eccad57c
706deea8b99d68b666b93085381e578ed93eef65
18a86f5353fd2a84c2bb4e2b809b913356e2e09cbc3677b3f8fa2116aafbbc03

HTTP Headers

GET /Nowprep/ver.txt HTTP/1.1
Host: www.xnbeta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 08:56:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-transform
Content-Encoding: gzip

sdk.51.la/js-sdk-pro.min.js?id=K9pUqF39LQNK0LhG&ck=K9pUqF39LQNK0LhG

47.246.44.241

200 OK

13 kB

URL GET HTTP/1.1
sdk.51.la/js-sdk-pro.min.js?id=K9pUqF39LQNK0LhG&ck=K9pUqF39LQNK0LhG
IP
47.246.44.241:80
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://www.xnbeta.com/Nowprep/ver.txt

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34110)
Size
13 kB (13076 bytes)
Hash
24bb520e9517f2ed3ed987b46aeaf723
846723563d7dd2bff3954f93633b11af0103adc8
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27

HTTP Headers

GET /js-sdk-pro.min.js?id=K9pUqF39LQNK0LhG&ck=K9pUqF39LQNK0LhG HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.xnbeta.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Apr 2024 20:05:23 GMT
x-oss-request-id: 661EDA038A5A143534580394
x-oss-cdn-auth: success
x-oss-object-type: Normal
x-oss-storage-class: Standard
Content-MD5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 2
Ali-Swift-Global-Savetime: 1713297923
Via: cache26.l2de2[0,0,304-0,H], cache25.l2de2[2,0], ens-cache17.se2[0,0,200-0,H], ens-cache6.se2[0,0]
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"24BB520E9517F2ED3ED987B46AEAF723"
Last-Modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
Age: 219052
X-Cache: HIT TCP_MEM_HIT dirn:7:725268867
X-Swift-SaveTime: Wed, 17 Apr 2024 22:26:18 GMT
X-Swift-CacheTime: 1201145
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62c9a17135169751234460e
Content-Encoding: gzip

www.xnbeta.com/qifei/20240413.script

23.224.62.178

200 OK

850 B

URL GET HTTP/1.1
www.xnbeta.com/qifei/20240413.script
IP
23.224.62.178:80
ASN
#40065 CNSERVERS

Requested by
http://www.xnbeta.com/Nowprep/ver.txt

File type
HTML document, ASCII text, with very long lines (452)
Size
850 B (850 bytes)
Hash
8498f07c1e4773bcefe51295c7bf57c5
ffcc8fe1ad7df9fbb9ddad99e9e6cb25fded97e7
67bad5e8bdb3f173a89b22b7137284bcacff10fddae2c4f235e2099665a2abe5

HTTP Headers

GET /qifei/20240413.script HTTP/1.1
Host: www.xnbeta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.xnbeta.com/Nowprep/ver.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 08:56:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-transform
Content-Encoding: gzip

www.xnbeta.com/lala/20240413.fgcript

23.224.62.178

200 OK

22 kB

URL GET HTTP/1.1
www.xnbeta.com/lala/20240413.fgcript
IP
23.224.62.178:80
ASN
#40065 CNSERVERS

Requested by
http://www.xnbeta.com/Nowprep/ver.txt

File type
JavaScript source, ASCII text, with very long lines (65515)
Size
22 kB (22414 bytes)
Hash
9f3fbf9d3422f657b5ee809e8fe5fa46
16479c0de4677eef61738d878fde7fafe60c3172
8b3a47f5ec493ed0ae8fe4446f1c5c88acddb528b944259c707beae662c9f05e

Detections

NIDS	Severity	Alert
suricata	high	ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016

HTTP Headers

GET /lala/20240413.fgcript HTTP/1.1
Host: www.xnbeta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.xnbeta.com/Nowprep/ver.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 08:56:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-transform
Content-Encoding: gzip

www.xnbeta.com/fn404.html

23.224.62.178

200 OK

3.6 kB

URL GET HTTP/1.1
www.xnbeta.com/fn404.html
IP
23.224.62.178:80
ASN
#40065 CNSERVERS

Requested by
http://www.xnbeta.com/Nowprep/ver.txt

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1217)
Size
3.6 kB (3558 bytes)
Hash
adc077fe3a292d1773869f25d3ac163a
eaebcbffa8147cbf896ebb44e67606be61fa54a6
5e9e10974c250255141afe9f22245f3e3d93259fa6c492c15cc8fd3905b8bef9

HTTP Headers

GET /fn404.html HTTP/1.1
Host: www.xnbeta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.xnbeta.com/Nowprep/ver.txt
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 08:56:15 GMT
Content-Type: text/html
Last-Modified: Mon, 12 Feb 2024 05:59:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65c9b3c3-2a5b"
Content-Encoding: gzip

www.xnbeta.com/back.jpg

23.224.62.178

200 OK

617 B

URL GET HTTP/1.1
www.xnbeta.com/back.jpg
IP
23.224.62.178:80
ASN
#40065 CNSERVERS

Requested by
http://www.xnbeta.com/fn404.html

File type
HTML document, Unicode text, UTF-8 text, with very long lines (916), with no line terminators
Size
617 B (617 bytes)
Hash
416f050f734573b47b58baf9eccad57c
706deea8b99d68b666b93085381e578ed93eef65
18a86f5353fd2a84c2bb4e2b809b913356e2e09cbc3677b3f8fa2116aafbbc03

HTTP Headers

GET /back.jpg HTTP/1.1
Host: www.xnbeta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.xnbeta.com/fn404.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 08:56:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-transform
Content-Encoding: gzip

www.xnbeta.com/favicon.ico

23.224.62.178

200 OK

4.3 kB

URL GET HTTP/1.1
www.xnbeta.com/favicon.ico
IP
23.224.62.178:80
ASN
#40065 CNSERVERS

Requested by
http://www.xnbeta.com/Nowprep/ver.txt

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
f2d2896c488493e18c1b112cdd9bb1d9
9566a02d9d66bbeaea16df206ea4d9add214826f
2681561eb24e7435fea1acf26f3af95e4efc9f7d451587b58bef62f030f337e9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.xnbeta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.xnbeta.com/Nowprep/ver.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 08:56:16 GMT
Content-Type: image/x-icon
Content-Length: 4286
Last-Modified: Thu, 14 Sep 2023 09:38:55 GMT
Connection: keep-alive
ETag: "6502d4af-10be"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (7)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP