Report - www.filseclab-us.com/update/twister_update_en

Report Overview

Submitted URL
www.filseclab-us.com/update/twister_update_en_app.exe
IP
154.218.71.244
ASN
#134548 DXTL Tseung Kwan O Service
Submitted
2024-05-07 09:00:04
Access
public
Website Title
铜仁品净餐饮管理有限公司
Final URL
www.filseclab-us.com/update/twister_update_en_app.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-05-06	429 B	173 B	183.240.98.228
xsj143.xyz	unknown	unknown	No data	No data	504 B	0 B	0.0.0.0
www.filseclab-us.com	unknown	unknown	No data	No data	1.8 kB	4.3 kB	154.218.71.244
156.248.56.117	unknown	unknown	No data	No data	687 B	801 B	156.248.56.117
push.zhanzhang.baidu.com	57139	1999-10-11	2015-07-22	2024-04-29	329 B	750 B	180.101.212.103
api.share.baidu.com	44629	1999-10-11	2013-04-25	2024-04-25	407 B	114 B	180.101.212.103
	unknown				1.4 kB	23 kB	51.222.244.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	156.248.56.117	Sinkholed
2024-05-07	medium	156.248.56.117	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-05-19
Pretty URL push.zhanzhang.baidu.com/push.js IP 180.101.212.103 ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-05-19 16:20:10 Times Seen19595 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	156.248.56.117/fwq/243-42.js	257 B	2024-05-07	2024-05-07
Pretty URL 156.248.56.117/fwq/243-42.js IP 156.248.56.117 ASN #136950 Hong Kong FireLine Network LTD Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 11:00:13 Last Seen2024-05-07 11:00:14 Times Seen2 Hash b083d51a023cfb4294cd4c4357cc9e48 a78a7e12825cb15ba215f8d497e67315c9da4e06 d5a71d14ce7e151c9db166c3e4fbeb9b55d00e5b4b1e07d389e73f782ebe3594 Loading...

	www.filseclab-us.com/tj.js	258 B	2023-11-16	2024-05-07
Pretty URL www.filseclab-us.com/tj.js IP 154.218.71.244 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 01:40:55 Last Seen2024-05-07 11:00:14 Times Seen12 Hash d91e34e1687849a3a3fe48a3137daf2f 0f6d976f86bc87ee9cf4fecac51d28ceef074da8 deb3c35b8d8b4b43804204688685480c75572dab96908416ed11a28665d286b2 Loading...

	hm.baidu.com/hm.js?d1661f128ae9cf4099d9b05a700d8ad1	0 B	2023-03-07	2024-05-19
Pretty URL hm.baidu.com/hm.js?d1661f128ae9cf4099d9b05a700d8ad1 IP 183.240.98.228 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 17:27:14 Times Seen37836273 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.filseclab-us.com/update/twister_update_en_app.exe	54 B	2024-05-07	2024-05-07
Pretty URL www.filseclab-us.com/update/twister_update_en_app.exe IP 154.218.71.244 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 11:00:13 Last Seen2024-05-07 11:00:13 Times Seen1 Hash 339d4008fca65eb540fa6c70616a5023 c8589b4f4d4a055cc3a12508698b0495c6a8ecd6 1dcebf5e3a8c132e4505e213cd9ead2c1bf9a1655255a8fd365df408ea7af0e6 Loading...

	api.cgyx.tv:66/tj/tongji.js?v=2.08	56 kB	2024-04-24	2024-05-15
Pretty URL api.cgyx.tv:66/tj/tongji.js?v=2.08 IP 51.222.244.150 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 15:52:47 Last Seen2024-05-15 20:34:51 Times Seen33 Hash fa00dac6cb1f53857d52d27b3b248201 64c9ea7c0d6773d71b9683fa359ba02ff3968269 c251a0dd3558c8b0c6296b471b95b8415c593b5a4adda3ac5ae3b525fb7126cb Loading...

	www.filseclab-us.com/update/twister_update_en_app.exe	0 B	2023-03-07	2024-05-19
Pretty URL www.filseclab-us.com/update/twister_update_en_app.exe IP 154.218.71.244 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 17:27:14 Times Seen37836273 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.filseclab-us.com/common.js	2.2 kB	2024-05-05	2024-05-07
Pretty URL www.filseclab-us.com/common.js IP 154.218.71.244 ASN #134548 DXTL Tseung Kwan O Service Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 16:15:11 Last Seen2024-05-07 11:00:14 Times Seen4 Hash 1f1cfd3033d3e8ff4dc624fa07787b80 d9df7879234093111559416ae1ffa340a72765d6 b5a6e85ea34b260c55650471e238690e3644b5bdd8bf10cfa3443f6270e17418 Loading...

		Size	First Seen	Last Seen
	#1 Eval - efe330ba07d9365be7fc267d8857e436	455 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 11:00:13 Last Seen2024-05-07 11:00:13 Times Seen1 Hash efe330ba07d9365be7fc267d8857e436 31743350c327d22f3ee1558c4cc015aecb4c4a35 4157f247a155c35db20c3a58a3636d3e08a682485f74d6a8e62a96691def5f05 Loading...

	#2 Eval - 8e3a06ce00d5e1aa738eb4392637d8aa	323 B	2024-05-01	2024-05-07
Pretty Observations First Seen2024-05-01 03:50:56 Last Seen2024-05-07 11:00:13 Times Seen3 Hash 8e3a06ce00d5e1aa738eb4392637d8aa d6e66405efd483f3e6ca8683b4a0e5d4cd2e18f5 d13dc7f14ef6cbc2474a9f180ef5621adbc61b1c561a688aa2d4f02e76969cc3 Loading...

		Size	First Seen	Last Seen
	#1 Write - bd38b8cc7f5702eafd2be23d35984779	104 B	2024-05-05	2024-05-07
Pretty Observations First Seen2024-05-05 16:15:12 Last Seen2024-05-07 11:00:13 Times Seen2 Hash bd38b8cc7f5702eafd2be23d35984779 3bf15b220d1e1de593fa470d03be8a1e8b226944 014a8ad08cd00f9c4faad2f28ae130bfa66562bb72d0b55b11d6f9ac1d5250d0 Loading...

	#2 Write - b6799102bf9f397b080ec68b08c351ac	436 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 11:00:13 Last Seen2024-05-07 11:00:14 Times Seen1 Hash b6799102bf9f397b080ec68b08c351ac b5b885076c35b7d42a4777562c88ac124de59d54 e91f4eb335dec95e1b06afdb6475d5b063e905041dbee370002188dc27957a17 Loading...

HTTP Transactions (13)

URL IP Response Size

www.filseclab-us.com/

154.218.71.244

638 B

URL
www.filseclab-us.com/
IP
154.218.71.244:0
ASN
#134548 DXTL Tseung Kwan O Service

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
638 B (638 bytes)
Hash
16baf7bb1d199ae79260bce999a3045b
698f70940a73c6c7c0a7e7a1885c7ce04455d9b2
f542e1ca522ae999e01409b8d5bb81c56358f1204dfc6717a0132d16e364754a

HTTP Headers

GET / HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.filseclab-us.com/update/twister_update_en_app.exe

154.218.71.244

200 OK

638 B

URL User Request GET HTTP/1.1
www.filseclab-us.com/update/twister_update_en_app.exe
IP
154.218.71.244:80
ASN
#134548 DXTL Tseung Kwan O Service

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
638 B (638 bytes)
Hash
16baf7bb1d199ae79260bce999a3045b
698f70940a73c6c7c0a7e7a1885c7ce04455d9b2
f542e1ca522ae999e01409b8d5bb81c56358f1204dfc6717a0132d16e364754a

HTTP Headers

GET /update/twister_update_en_app.exe HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.filseclab-us.com/common.js

154.218.71.244

200 OK

1.2 kB

URL GET HTTP/1.1
www.filseclab-us.com/common.js
IP
154.218.71.244:80
ASN
#134548 DXTL Tseung Kwan O Service

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type
JavaScript source, ASCII text, with very long lines (643), with CRLF line terminators
Size
1.2 kB (1171 bytes)
Hash
1f1cfd3033d3e8ff4dc624fa07787b80
d9df7879234093111559416ae1ffa340a72765d6
b5a6e85ea34b260c55650471e238690e3644b5bdd8bf10cfa3443f6270e17418

HTTP Headers

GET /common.js HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/update/twister_update_en_app.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:59 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.filseclab-us.com/tj.js

154.218.71.244

200 OK

258 B

URL GET HTTP/1.1
www.filseclab-us.com/tj.js
IP
154.218.71.244:80
ASN
#134548 DXTL Tseung Kwan O Service

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
258 B (258 bytes)
Hash
d91e34e1687849a3a3fe48a3137daf2f
0f6d976f86bc87ee9cf4fecac51d28ceef074da8
deb3c35b8d8b4b43804204688685480c75572dab96908416ed11a28665d286b2

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/update/twister_update_en_app.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 08:59:59 GMT
Content-Type: application/x-javascript
Content-Length: 258
Connection: keep-alive

156.248.56.117/xinshijie.php

156.248.56.117

200 OK

32 B

URL GET HTTP/1.1
156.248.56.117/xinshijie.php
IP
156.248.56.117:80
ASN
#136950 Hong Kong FireLine Network LTD

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type
JSON text data
Size
32 B (32 bytes)
Hash
1e5c951ff426244931414a7ec39268ee
5f0eb173c7fad4316ae82affea86218348fe09ad
35f8b06f2bb3c0d16ab5e0f41e95f10cd2bb76bdb709700ec7acfa9836e7c009

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /xinshijie.php HTTP/1.1
Host: 156.248.56.117
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.filseclab-us.com
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:00:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *

push.zhanzhang.baidu.com/push.js

180.101.212.103

200 OK

227 B

URL GET HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
180.101.212.103:80
ASN
#134770 CHINANET Jiangsu province Suzhou taihu IDC network

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Tue, 07 May 2024 09:00:00 GMT
Etag: "4078521116"
Expires: Wed, 07 May 2025 09:00:00 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=0C52CAC20F1AABD34E810AA207C858D9:FG=1; max-age=31536000; expires=Wed, 07-May-25 09:00:00 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

156.248.56.117/fwq/243-42.js

156.248.56.117

200 OK

257 B

URL GET HTTP/1.1
156.248.56.117/fwq/243-42.js
IP
156.248.56.117:80
ASN
#136950 Hong Kong FireLine Network LTD

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type
ASCII text, with no line terminators
Size
257 B (257 bytes)
Hash
b083d51a023cfb4294cd4c4357cc9e48
a78a7e12825cb15ba215f8d497e67315c9da4e06
d5a71d14ce7e151c9db166c3e4fbeb9b55d00e5b4b1e07d389e73f782ebe3594

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fwq/243-42.js HTTP/1.1
Host: 156.248.56.117
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:00:00 GMT
Content-Type: application/javascript
Content-Length: 257
Last-Modified: Mon, 06 May 2024 05:59:52 GMT
Connection: keep-alive
ETag: "663871d8-101"
Expires: Tue, 07 May 2024 21:00:00 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

api.share.baidu.com/s.gif?l=http://www.filseclab-us.com/update/twister_update_en_app.exe

180.101.212.103

200 OK

0 B

URL GET HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.filseclab-us.com/update/twister_update_en_app.exe
IP
180.101.212.103:80
ASN
#134770 CHINANET Jiangsu province Suzhou taihu IDC network

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.filseclab-us.com/update/twister_update_en_app.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Tue, 07 May 2024 09:00:00 GMT

api.cgyx.tv:66/tj/tongji.js?v=2.08

51.222.244.150

200 OK

22 kB

URL GET HTTP/1.1
api.cgyx.tv:66/tj/tongji.js?v=2.08
IP
51.222.244.150:66
ASN
#16276 OVH SAS

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe
Certificate
IssuerSectigo Limited
Subjectapi.cgyx.tv
Fingerprint2F:9C:40:0D:F6:94:56:3E:C5:4B:78:9F:6C:4A:1F:FD:09:77:EC:0A
ValidityThu, 20 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (55849)
Size
22 kB (22158 bytes)
Hash
fa00dac6cb1f53857d52d27b3b248201
64c9ea7c0d6773d71b9683fa359ba02ff3968269
c251a0dd3558c8b0c6296b471b95b8415c593b5a4adda3ac5ae3b525fb7126cb

HTTP Headers

GET /tj/tongji.js?v=2.08 HTTP/1.1
Host: api.cgyx.tv:66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 09:00:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 16:31:03 GMT
Vary: Accept-Encoding
ETag: W/"661ff947-da35"
Expires: Tue, 07 May 2024 18:08:50 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: nginx
X-Cache-Status: HIT

www.filseclab-us.com/favicon.ico

154.218.71.244

200 OK

638 B

URL GET HTTP/1.1
www.filseclab-us.com/favicon.ico
IP
154.218.71.244:80
ASN
#134548 DXTL Tseung Kwan O Service

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
638 B (638 bytes)
Hash
16baf7bb1d199ae79260bce999a3045b
698f70940a73c6c7c0a7e7a1885c7ce04455d9b2
f542e1ca522ae999e01409b8d5bb81c56358f1204dfc6717a0132d16e364754a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.filseclab-us.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/update/twister_update_en_app.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:00:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

api.cgyx.tv:66/api/v1/api2/statistics/start?s=1d0c1aa35dc8b82605809234ac7782e7&d=VWFPcHpiVmpPYW9nMWEwblovY0JHbzJnNkw1R3piNWUxcXkxY3pvYXZWd0s3ckxOREVLM3dKdUNBU0VTaFg1UEhJZmswYzNvRk9YdkhwNm54V0RtdEt1Y0pzQUNLMjJ6Q09lQ05BNi9lQURRa0J6Zkl5S3Yrb3h5Zm53clBlWWdKRXcvZUI2aU92bjUyb3hvOUUwc2N2TEQxK3NDRVZTTFdYWG01SFYyYVkwQ3dGRWdFNjdkdjBTUC9DUnVnczdRckpMNHAwU1VJcGQ5ZUpKMnRuWTFVM2ViMEhHRVM4Q2dNWWI1Rmg3d1RlYWRheHBhQ3dTdzN4RThSR3FaaGVJTzJzSkVhWHBCWWVlVVJMWXhBa2huK1NVS1lDOFlaWU5scjkrOUZKV0x4a0NKTVcxMDNPdjNBVzBmZDRVQzBQbnphMXEzK0ora2ZGYTg0a2M0S21uWk1yTnhGY3RaUFhFSEhJMDdoV3FsTWJzPQ==&t=1715072401518

51.222.244.150

200 OK

102 B

URL GET HTTP/1.1
api.cgyx.tv:66/api/v1/api2/statistics/start?s=1d0c1aa35dc8b82605809234ac7782e7&d=VWFPcHpiVmpPYW9nMWEwblovY0JHbzJnNkw1R3piNWUxcXkxY3pvYXZWd0s3ckxOREVLM3dKdUNBU0VTaFg1UEhJZmswYzNvRk9YdkhwNm54V0RtdEt1Y0pzQUNLMjJ6Q09lQ05BNi9lQURRa0J6Zkl5S3Yrb3h5Zm53clBlWWdKRXcvZUI2aU92bjUyb3hvOUUwc2N2TEQxK3NDRVZTTFdYWG01SFYyYVkwQ3dGRWdFNjdkdjBTUC9DUnVnczdRckpMNHAwU1VJcGQ5ZUpKMnRuWTFVM2ViMEhHRVM4Q2dNWWI1Rmg3d1RlYWRheHBhQ3dTdzN4RThSR3FaaGVJTzJzSkVhWHBCWWVlVVJMWXhBa2huK1NVS1lDOFlaWU5scjkrOUZKV0x4a0NKTVcxMDNPdjNBVzBmZDRVQzBQbnphMXEzK0ora2ZGYTg0a2M0S21uWk1yTnhGY3RaUFhFSEhJMDdoV3FsTWJzPQ==&t=1715072401518
IP
51.222.244.150:66
ASN
#16276 OVH SAS

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe
Certificate
IssuerSectigo Limited
Subjectapi.cgyx.tv
Fingerprint2F:9C:40:0D:F6:94:56:3E:C5:4B:78:9F:6C:4A:1F:FD:09:77:EC:0A
ValidityThu, 20 Jul 2023 00:00:00 GMT - Fri, 19 Jul 2024 23:59:59 GMT

File type
JSON text data
Size
102 B (102 bytes)
Hash
84ec894df505c491420a4b540080da3c
b00c0700f53cddfcfede00e6628db3ac8e73b6af
60bf79a6daeb46a52f76e61c0aa2fd7cd55cd54ac6b649d1a81309d9e9d050c4

HTTP Headers

GET /api/v1/api2/statistics/start?s=1d0c1aa35dc8b82605809234ac7782e7&d=VWFPcHpiVmpPYW9nMWEwblovY0JHbzJnNkw1R3piNWUxcXkxY3pvYXZWd0s3ckxOREVLM3dKdUNBU0VTaFg1UEhJZmswYzNvRk9YdkhwNm54V0RtdEt1Y0pzQUNLMjJ6Q09lQ05BNi9lQURRa0J6Zkl5S3Yrb3h5Zm53clBlWWdKRXcvZUI2aU92bjUyb3hvOUUwc2N2TEQxK3NDRVZTTFdYWG01SFYyYVkwQ3dGRWdFNjdkdjBTUC9DUnVnczdRckpMNHAwU1VJcGQ5ZUpKMnRuWTFVM2ViMEhHRVM4Q2dNWWI1Rmg3d1RlYWRheHBhQ3dTdzN4RThSR3FaaGVJTzJzSkVhWHBCWWVlVVJMWXhBa2huK1NVS1lDOFlaWU5scjkrOUZKV0x4a0NKTVcxMDNPdjNBVzBmZDRVQzBQbnphMXEzK0ora2ZGYTg0a2M0S21uWk1yTnhGY3RaUFhFSEhJMDdoV3FsTWJzPQ==&t=1715072401518 HTTP/1.1
Host: api.cgyx.tv:66
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.filseclab-us.com
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 09:00:01 GMT
Content-Type: application/json
Content-Length: 102
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: http://www.filseclab-us.com
Access-Control-Allow-Methods: POST,GET,DELETE,OPTIONS,HEAD
Access-Control-Allow-Headers: lang,signature,key,timestamp,secret,Content-Type,form-type,Content-Length,Accept-Encoding,X-Requested-with, x-token,x_token,x-user-id,x-c,x-xsrf-token, Origin, Authorization
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 10080
Set-Cookie: HWIDHASH=160375a7e1db9b57f91a9b63b2d9bc59; expires=Wed, 01-Apr-2026 19:39:01 GMT; path=/; httponly
Strict-Transport-Security: max-age=31536000
Server: nginx

hm.baidu.com/hm.js?d1661f128ae9cf4099d9b05a700d8ad1

183.240.98.228

200 OK

0 B

URL GET HTTP/1.1
hm.baidu.com/hm.js?d1661f128ae9cf4099d9b05a700d8ad1
IP
183.240.98.228:443
ASN
#56040 China Mobile communications corporation

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /hm.js?d1661f128ae9cf4099d9b05a700d8ad1 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Date: Tue, 07 May 2024 09:00:01 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8

xsj143.xyz/

0.0.0.0

0 B

URL GET
xsj143.xyz/
IP
0.0.0.0:0
ASN
#0

Requested by
http://www.filseclab-us.com/update/twister_update_en_app.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: xsj143.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.filseclab-us.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML