| www.filseclab-us.com/ | 154.218.71.244 | | 638 B |
IP154.218.71.244:0 ASN#134548 DXTL Tseung Kwan O Service
File typeJavaScript source, ISO-8859 text, with CRLF line terminators Hash16baf7bb1d199ae79260bce999a3045b 698f70940a73c6c7c0a7e7a1885c7ce04455d9b2 f542e1ca522ae999e01409b8d5bb81c56358f1204dfc6717a0132d16e364754a
GET / HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| www.filseclab-us.com/update/twister_update_en_app.exe | 154.218.71.244 | 200 OK | 638 B |
URL User Request GET HTTP/1.1www.filseclab-us.com/update/twister_update_en_app.exe IP154.218.71.244:80 ASN#134548 DXTL Tseung Kwan O Service
File typeJavaScript source, ISO-8859 text, with CRLF line terminators Hash16baf7bb1d199ae79260bce999a3045b 698f70940a73c6c7c0a7e7a1885c7ce04455d9b2 f542e1ca522ae999e01409b8d5bb81c56358f1204dfc6717a0132d16e364754a
GET /update/twister_update_en_app.exe HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| www.filseclab-us.com/common.js | 154.218.71.244 | 200 OK | 1.2 kB |
URL GET HTTP/1.1www.filseclab-us.com/common.js IP154.218.71.244:80 ASN#134548 DXTL Tseung Kwan O Service
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
File typeJavaScript source, ASCII text, with very long lines (643), with CRLF line terminators Hash1f1cfd3033d3e8ff4dc624fa07787b80 d9df7879234093111559416ae1ffa340a72765d6 b5a6e85ea34b260c55650471e238690e3644b5bdd8bf10cfa3443f6270e17418
GET /common.js HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/update/twister_update_en_app.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:59 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| www.filseclab-us.com/tj.js | 154.218.71.244 | 200 OK | 258 B |
URL GET HTTP/1.1www.filseclab-us.com/tj.js IP154.218.71.244:80 ASN#134548 DXTL Tseung Kwan O Service
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
File typeJavaScript source, ASCII text, with CRLF line terminators Hashd91e34e1687849a3a3fe48a3137daf2f 0f6d976f86bc87ee9cf4fecac51d28ceef074da8 deb3c35b8d8b4b43804204688685480c75572dab96908416ed11a28665d286b2
GET /tj.js HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/update/twister_update_en_app.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:59 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive
|
|
| 156.248.56.117/xinshijie.php | 156.248.56.117 | 200 OK | 32 B |
URL GET HTTP/1.1156.248.56.117/xinshijie.php IP156.248.56.117:80 ASN#136950 Hong Kong FireLine Network LTD
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
Hash1e5c951ff426244931414a7ec39268ee 5f0eb173c7fad4316ae82affea86218348fe09ad 35f8b06f2bb3c0d16ab5e0f41e95f10cd2bb76bdb709700ec7acfa9836e7c009
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /xinshijie.php HTTP/1.1
Host: 156.248.56.117
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.filseclab-us.com
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:00:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
|
|
| push.zhanzhang.baidu.com/push.js | 180.101.212.103 | 200 OK | 227 B |
URL GET HTTP/1.1push.zhanzhang.baidu.com/push.js IP180.101.212.103:80 ASN#134770 CHINANET Jiangsu province Suzhou taihu IDC network
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
File typeASCII text, with no line terminators Hash1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Tue, 07 May 2024 09:00:00 GMT
Etag: "4078521116"
Expires: Wed, 07 May 2025 09:00:00 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=0C52CAC20F1AABD34E810AA207C858D9:FG=1; max-age=31536000; expires=Wed, 07-May-25 09:00:00 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
|
|
| 156.248.56.117/fwq/243-42.js | 156.248.56.117 | 200 OK | 257 B |
URL GET HTTP/1.1156.248.56.117/fwq/243-42.js IP156.248.56.117:80 ASN#136950 Hong Kong FireLine Network LTD
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
File typeASCII text, with no line terminators Hashb083d51a023cfb4294cd4c4357cc9e48 a78a7e12825cb15ba215f8d497e67315c9da4e06 d5a71d14ce7e151c9db166c3e4fbeb9b55d00e5b4b1e07d389e73f782ebe3594
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /fwq/243-42.js HTTP/1.1
Host: 156.248.56.117
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:00:00 GMT
Content-Type: application/javascript
Content-Length: 257
Last-Modified: Mon, 06 May 2024 05:59:52 GMT
Connection: keep-alive
ETag: "663871d8-101"
Expires: Tue, 07 May 2024 21:00:00 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
|
|
| api.share.baidu.com/s.gif?l=http://www.filseclab-us.com/update/twister_update_en_app.exe | 180.101.212.103 | 200 OK | 0 B |
URL GET HTTP/1.1api.share.baidu.com/s.gif?l=http://www.filseclab-us.com/update/twister_update_en_app.exe IP180.101.212.103:80 ASN#134770 CHINANET Jiangsu province Suzhou taihu IDC network
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.filseclab-us.com/update/twister_update_en_app.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Tue, 07 May 2024 09:00:00 GMT
|
|
| api.cgyx.tv:66/tj/tongji.js?v=2.08 | 51.222.244.150 | 200 OK | 22 kB |
URL GET HTTP/1.1api.cgyx.tv:66/tj/tongji.js?v=2.08 IP51.222.244.150:66
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe CertificateIssuerSectigo Limited Subjectapi.cgyx.tv Fingerprint2F:9C:40:0D:F6:94:56:3E:C5:4B:78:9F:6C:4A:1F:FD:09:77:EC:0A ValidityThu, 20 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (55849) Hashfa00dac6cb1f53857d52d27b3b248201 64c9ea7c0d6773d71b9683fa359ba02ff3968269 c251a0dd3558c8b0c6296b471b95b8415c593b5a4adda3ac5ae3b525fb7126cb
GET /tj/tongji.js?v=2.08 HTTP/1.1
Host: api.cgyx.tv:66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 09:00:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 16:31:03 GMT
Vary: Accept-Encoding
ETag: W/"661ff947-da35"
Expires: Tue, 07 May 2024 18:08:50 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: nginx
X-Cache-Status: HIT
|
|
| www.filseclab-us.com/favicon.ico | 154.218.71.244 | 200 OK | 638 B |
URL GET HTTP/1.1www.filseclab-us.com/favicon.ico IP154.218.71.244:80 ASN#134548 DXTL Tseung Kwan O Service
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
File typeJavaScript source, ISO-8859 text, with CRLF line terminators Hash16baf7bb1d199ae79260bce999a3045b 698f70940a73c6c7c0a7e7a1885c7ce04455d9b2 f542e1ca522ae999e01409b8d5bb81c56358f1204dfc6717a0132d16e364754a
GET /favicon.ico HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/update/twister_update_en_app.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:00:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| api.cgyx.tv:66/api/v1/api2/statistics/start?s=1d0c1aa35dc8b82605809234ac7782e7&d=VWFPcHpiVmpPYW9nMWEwblovY0JHbzJnNkw1R3piNWUxcXkxY3pvYXZWd0s3ckxOREVLM3dKdUNBU0VTaFg1UEhJZmswYzNvRk9YdkhwNm54V0RtdEt1Y0pzQUNLMjJ6Q09lQ05BNi9lQURRa0J6Zkl5S3Yrb3h5Zm53clBlWWdKRXcvZUI2aU92bjUyb3hvOUUwc2N2TEQxK3NDRVZTTFdYWG01SFYyYVkwQ3dGRWdFNjdkdjBTUC9DUnVnczdRckpMNHAwU1VJcGQ5ZUpKMnRuWTFVM2ViMEhHRVM4Q2dNWWI1Rmg3d1RlYWRheHBhQ3dTdzN4RThSR3FaaGVJTzJzSkVhWHBCWWVlVVJMWXhBa2huK1NVS1lDOFlaWU5scjkrOUZKV0x4a0NKTVcxMDNPdjNBVzBmZDRVQzBQbnphMXEzK0ora2ZGYTg0a2M0S21uWk1yTnhGY3RaUFhFSEhJMDdoV3FsTWJzPQ==&t=1715072401518 | 51.222.244.150 | 200 OK | 102 B |
URL GET HTTP/1.1api.cgyx.tv:66/api/v1/api2/statistics/start?s=1d0c1aa35dc8b82605809234ac7782e7&d=VWFPcHpiVmpPYW9nMWEwblovY0JHbzJnNkw1R3piNWUxcXkxY3pvYXZWd0s3ckxOREVLM3dKdUNBU0VTaFg1UEhJZmswYzNvRk9YdkhwNm54V0RtdEt1Y0pzQUNLMjJ6Q09lQ05BNi9lQURRa0J6Zkl5S3Yrb3h5Zm53clBlWWdKRXcvZUI2aU92bjUyb3hvOUUwc2N2TEQxK3NDRVZTTFdYWG01SFYyYVkwQ3dGRWdFNjdkdjBTUC9DUnVnczdRckpMNHAwU1VJcGQ5ZUpKMnRuWTFVM2ViMEhHRVM4Q2dNWWI1Rmg3d1RlYWRheHBhQ3dTdzN4RThSR3FaaGVJTzJzSkVhWHBCWWVlVVJMWXhBa2huK1NVS1lDOFlaWU5scjkrOUZKV0x4a0NKTVcxMDNPdjNBVzBmZDRVQzBQbnphMXEzK0ora2ZGYTg0a2M0S21uWk1yTnhGY3RaUFhFSEhJMDdoV3FsTWJzPQ==&t=1715072401518 IP51.222.244.150:66
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe CertificateIssuerSectigo Limited Subjectapi.cgyx.tv Fingerprint2F:9C:40:0D:F6:94:56:3E:C5:4B:78:9F:6C:4A:1F:FD:09:77:EC:0A ValidityThu, 20 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT
Hash84ec894df505c491420a4b540080da3c b00c0700f53cddfcfede00e6628db3ac8e73b6af 60bf79a6daeb46a52f76e61c0aa2fd7cd55cd54ac6b649d1a81309d9e9d050c4
GET /api/v1/api2/statistics/start?s=1d0c1aa35dc8b82605809234ac7782e7&d=VWFPcHpiVmpPYW9nMWEwblovY0JHbzJnNkw1R3piNWUxcXkxY3pvYXZWd0s3ckxOREVLM3dKdUNBU0VTaFg1UEhJZmswYzNvRk9YdkhwNm54V0RtdEt1Y0pzQUNLMjJ6Q09lQ05BNi9lQURRa0J6Zkl5S3Yrb3h5Zm53clBlWWdKRXcvZUI2aU92bjUyb3hvOUUwc2N2TEQxK3NDRVZTTFdYWG01SFYyYVkwQ3dGRWdFNjdkdjBTUC9DUnVnczdRckpMNHAwU1VJcGQ5ZUpKMnRuWTFVM2ViMEhHRVM4Q2dNWWI1Rmg3d1RlYWRheHBhQ3dTdzN4RThSR3FaaGVJTzJzSkVhWHBCWWVlVVJMWXhBa2huK1NVS1lDOFlaWU5scjkrOUZKV0x4a0NKTVcxMDNPdjNBVzBmZDRVQzBQbnphMXEzK0ora2ZGYTg0a2M0S21uWk1yTnhGY3RaUFhFSEhJMDdoV3FsTWJzPQ==&t=1715072401518 HTTP/1.1
Host: api.cgyx.tv:66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.filseclab-us.com
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 09:00:01 GMT
Content-Type: application/json
Content-Length: 102
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: http://www.filseclab-us.com
Access-Control-Allow-Methods: POST,GET,DELETE,OPTIONS,HEAD
Access-Control-Allow-Headers: lang,signature,key,timestamp,secret,Content-Type,form-type,Content-Length,Accept-Encoding,X-Requested-with, x-token,x_token,x-user-id,x-c,x-xsrf-token, Origin, Authorization
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 10080
Set-Cookie: HWIDHASH=160375a7e1db9b57f91a9b63b2d9bc59; expires=Wed, 01-Apr-2026 19:39:01 GMT; path=/; httponly
Strict-Transport-Security: max-age=31536000
Server: nginx
|
|
| hm.baidu.com/hm.js?d1661f128ae9cf4099d9b05a700d8ad1 | 183.240.98.228 | 200 OK | 0 B |
URL GET HTTP/1.1hm.baidu.com/hm.js?d1661f128ae9cf4099d9b05a700d8ad1 IP183.240.98.228:443 ASN#56040 China Mobile communications corporation
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe CertificateIssuerGlobalSign nv-sa Subjectbaidu.com Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hm.js?d1661f128ae9cf4099d9b05a700d8ad1 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Date: Tue, 07 May 2024 09:00:01 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8
|
|
| xsj143.xyz/ | 0.0.0.0 | | 0 B |
IP0.0.0.0:0
Requested byhttp://www.filseclab-us.com/update/twister_update_en_app.exe
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: xsj143.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|