{"report_id":"33b20121-9217-4311-a9bc-35786432aa6a","version":0,"status":"done","tags":[],"date":"2026-06-21T00:23:38Z","url":{"schema":"http","addr":"new.radwoodfilms.com/ap/signin","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"ip":{"addr":"173.232.202.50","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"new.radwoodfilms.com/ap/signin","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"title":"57365z线路检测中心(中国)有限公司","dom":{"size":485,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"0268e7b3d7bd60fe253e581416294202","sha1":"8ba252a692c62b140eadd4f5f31693612b545077","sha256":"10f3c14046215255aa7f78ec9cb50f5e15fd5b8438722c0d77a31afd21d3d948","sha512":"a3a764c77fdf03cab984ddfcdbe6993ddcfb0c0e9f5ed59b53ab9259f9abeca46ad230fc543fa7a26a5015a4a4514de1a2f9eb37e962c7c7c91c0d131a8cc999","ssdeep":"","tlshash":"23f0979f6c04842ba2508ee0a5f2f808c090ba61e108c888c1e034de48d1be88946aa1","dom_hash":"domhashd0c231bf27deb973c770c049e72bbcec","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"new.radwoodfilms.com/ap/signin","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"ip":{"addr":"173.232.202.50","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-26T00:23:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-21","alert":"Sinkholed","trigger":"new.radwoodfilms.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"new.radwoodfilms.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-01-27","domain_rank":0,"first_seen":"2026-06-21T00:23:38.557094Z","last_seen":"2026-06-21T00:23:38.557094Z","alert_count":3,"request_count":3,"received_data":5325,"sent_data":1285,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2026-06-19T23:21:21.706303Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":475,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"new.radwoodfilms.com/jquery.min.js","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"68b068ff7c5333949099b79c6656e109","sha1":"62f57648bd0e9188d15c097362d248953bad3d09","sha256":"874bd0609dbe273f557e23b67e01f24b37315f7c32088ad829eb23fa7da5d1a1","sha512":"d58663cff0b86009f066ba143c7b9e522ea2be506e5187970ddf730cf5e84d43f10a19ae422f23e7b1c5659ffabd4056474c506d53c667b853ecbb37bece86a6","ssdeep":"","tlshash":"0b014be887c4d85baecc5d43ea15deca21b2813b97d87283831cfa8c01ad256c49c45a","size":722,"data":"","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-06-21T21:36:21.223985Z","times_seen":365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"new.radwoodfilms.com/ap/signin","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-21T00:23:16.299Z","timestamp":1782001396299,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ap/signin HTTP/1.1\r\nHost: new.radwoodfilms.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T02:29:52.920518Z","times_seen":16623839,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-21","alert":"Sinkholed","trigger":"new.radwoodfilms.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"new.radwoodfilms.com/ap/signin","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"ip":{"addr":"173.232.202.50","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-21T00:23:16.464Z","timestamp":1782001396464,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /ap/signin HTTP/1.1\r\nHost: new.radwoodfilms.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 21 Jun 2026 00:23:16 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4055,"size_decoded":2260,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (835)","md5":"c47183bdcef1e754161da3c9826bbb17","sha1":"24798c3c2c71f6d16219acb91e4d3079652619d2","sha256":"d95914a401e810174b6a8113f6c29b7dc19aaff859457591a68d04b472d068c8","sha512":"c8d679ed8fb42cb2f4cced8e1abbbb6fb638854627121b8adc9ec984fa9096a8b115cc45677080ca4fefb5e2da78b7435598a21ad10cbbe786381171eb883aa6","ssdeep":"","tlshash":"3481d725a5c7213db23384f2a8a3b55cb081856ba5019b79d1febae2cf866de6123540","first_seen":"2026-06-21T00:23:41.935036Z","last_seen":"2026-06-21T02:16:59.456756Z","times_seen":2,"resource_available":true,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":4,"connect":145,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-21","alert":"Sinkholed","trigger":"new.radwoodfilms.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"new.radwoodfilms.com/jquery.min.js","fqdn":"new.radwoodfilms.com","domain":"radwoodfilms.com","tld":"com"},"ip":{"addr":"173.232.202.50","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://new.radwoodfilms.com/ap/signin","date":"2026-06-21T00:23:17.072Z","timestamp":1782001397072,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: new.radwoodfilms.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://new.radwoodfilms.com/ap/signin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 21 Jun 2026 00:23:17 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 722\r\nLast-Modified: Tue, 05 May 2026 13:37:00 GMT\r\nConnection: keep-alive\r\nETag: \"69f9f27c-2d2\"\r\nExpires: Sun, 21 Jun 2026 01:23:17 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":722,"size_decoded":1035,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (721)","md5":"68b068ff7c5333949099b79c6656e109","sha1":"62f57648bd0e9188d15c097362d248953bad3d09","sha256":"874bd0609dbe273f557e23b67e01f24b37315f7c32088ad829eb23fa7da5d1a1","sha512":"d58663cff0b86009f066ba143c7b9e522ea2be506e5187970ddf730cf5e84d43f10a19ae422f23e7b1c5659ffabd4056474c506d53c667b853ecbb37bece86a6","ssdeep":"","tlshash":"0b014be887c4d85baecc5d43ea15deca21b2813b97d87283831cfa8c01ad256c49c45a","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-06-21T21:36:21.223985Z","times_seen":365,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-21","alert":"Sinkholed","trigger":"new.radwoodfilms.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/3366/api/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://new.radwoodfilms.com/ap/signin","date":"2026-06-21T00:23:17.491Z","timestamp":1782001397491,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /3366/api/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://new.radwoodfilms.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T02:29:52.920518Z","times_seen":16623839,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}