Report - git.tvwitmubvheb.com/e/3/OSM03B78

Report Overview

Visitedpublic

2024-01-21 03:47:44

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
git.tvwitmubvheb.com	unknown	2023-06-28	2023-12-22 08:43:09	2024-01-18 06:57:36	908 B	5.6 kB	203.107.63.249
ot.eqi3m0r3bslp.top	unknown	2024-01-05	2024-01-17 08:04:11	2024-01-17 08:04:11	1.3 kB	15 kB	16.162.33.164
uqkklx39td.top	unknown	2023-09-21	2023-09-23 01:38:10	2023-12-24 01:10:51	946 B	22 MB	143.204.55.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-01-21 03:47:16	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-01-21	medium	eqi3m0r3bslp.top	Sinkholed
2024-01-21	medium	eqi3m0r3bslp.top	Sinkholed
2024-01-21	medium	eqi3m0r3bslp.top	Sinkholed
2024-01-21	medium	uqkklx39td.top	Sinkholed
2024-01-21	medium	uqkklx39td.top	Sinkholed

ThreatFox

No alerts detected

File detected

URL

uqkklx39td.top/case/mm3/OSM03B78/OSM03B78.apk?sig=1705808837347473079

IP / ASN

143.204.55.7

#16509 AMAZON-02

File Overview

File TypeZip archive data, at least v0.0 to extract, compression method=store

Size22 MB (22418404 bytes)

MD5af5b4a459eaf42183d7d1b5e2e500a5b

SHA17be9c9734a8edf5d636746efd1ca6bc0f5e655ce

SHA25654430c3f02b5d27c04ef73e1830f36b51d160cd95e056fc80e50374d06d9b361

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200	ScriptElement	0 B	0001-01-01	2025-08-02
URL ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200 IP / ASN 16.162.33.164 #16509 AMAZON-02 Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5606766 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

HTTP Transactions (7)

URL IP Response Size

git.tvwitmubvheb.com/e/3/OSM03B78

203.107.63.249

464 B

URL

git.tvwitmubvheb.com/e/3/OSM03B78

IP / ASN

203.107.63.249

#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size464 B (464 bytes)

MD51524f37b286ead482c07b06bbc716ba9

SHA10b5b2c430a48147e3e0a53920ae28a16140be4fc

SHA2561ad8ecedff4dc95fee903fb949eb56a9df1ba1ef21d3d8e8ac031bada157aae8

HTTP Headers

GET /e/3/OSM03B78 HTTP/1.1
Host: git.tvwitmubvheb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: NgxFence
date: Sun, 21 Jan 2024 03:47:16 GMT
content-type: text/html; charset=utf-8
content-length: 464
content-encoding: br
vary: Accept-Encoding
cache-control: no-cache
x-cache: DYNAMIC
strict-transport-security: max-age=31536000; includeSubdomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

git.tvwitmubvheb.com/static/images/favicon.ico

203.107.63.249

4.5 kB

URL

git.tvwitmubvheb.com/static/images/favicon.ico

IP / ASN

203.107.63.249

#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested byN/A

Resource Info

File typeMS Windows icon resource - 1 icon, 48x48, 32 bits/pixel

First Seen2023-12-10

Last Seen2024-08-20

Times Seen5

Size4.5 kB (4485 bytes)

MD5dcde8d05b7997f17acc24d92ab322112

SHA1f1cf838bf5628edc7d455d63b75b6d9e36347aa1

SHA256623a3caf8994005d9b1ff733f9e48626b3fd48bf8f24001ee3a85af8ac54acc6

HTTP Headers

GET /static/images/favicon.ico HTTP/1.1
Host: git.tvwitmubvheb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: NgxFence
date: Sun, 21 Jan 2024 03:47:16 GMT
content-type: image/x-icon
last-modified: Sat, 10 Jun 2023 08:18:37 GMT
etag: W/"648431dd-25be"
x-cache: HIT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
X-Firefox-Spdy: h2

GET ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200

16.162.33.164

200 OK

1.7 kB

URL

ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200

IP / ASN

16.162.33.164

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size1.7 kB (1669 bytes)

MD5900202d628ba1f69d07e9214a17bedd1

SHA10fd540103fba9936af9c8d951ec0fe28fa6d8e3e

SHA256c6a5aa9439f7c59742107ef89a5a38aa4fe313634e83f8acb663b2acc3339426

Certificate Info

IssuerLet's Encrypt

Subjectot.211uacjnxze6.top

Fingerprint59:59:72:24:C5:C2:CB:F5:A4:5B:10:B0:57:4C:AB:1D:62:25:72:42

ValidityWed, 17 Jan 2024 06:03:26 GMT - Tue, 16 Apr 2024 06:03:25 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a/mm3/OSM03B78?sig=1705808835491530200 HTTP/1.1
Host: ot.eqi3m0r3bslp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 21 Jan 2024 03:47:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1669
Connection: keep-alive
Content-Encoding: br
Vary: Accept-Encoding
Cache-Control: no-cache

GET ot.eqi3m0r3bslp.top/static/images/icon.png

16.162.33.164

200 OK

2.8 kB

URL

ot.eqi3m0r3bslp.top/static/images/icon.png

IP / ASN

16.162.33.164

#16509 AMAZON-02

Requested byhttps://ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200

Resource Info

File typePNG image data, 91 x 104, 8-bit/color RGB, non-interlaced

First Seen2023-12-10

Last Seen2024-08-20

Times Seen3

Size2.8 kB (2752 bytes)

MD500cb7673232390f1f8abd9c84c23e9aa

SHA18e6b0b242aa6c06380eeed70640d831230c00f44

SHA25623de966846d57cb7ba2420f1129211748b55260dccba4722f961479106fbcc92

Certificate Info

IssuerLet's Encrypt

Subjectot.211uacjnxze6.top

Fingerprint59:59:72:24:C5:C2:CB:F5:A4:5B:10:B0:57:4C:AB:1D:62:25:72:42

ValidityWed, 17 Jan 2024 06:03:26 GMT - Tue, 16 Apr 2024 06:03:25 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/images/icon.png HTTP/1.1
Host: ot.eqi3m0r3bslp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 21 Jan 2024 03:47:17 GMT
Content-Type: image/png
Content-Length: 2752
Last-Modified: Thu, 10 Aug 2023 05:26:14 GMT
Connection: keep-alive
ETag: "64d474f6-ac0"
Accept-Ranges: bytes

GET ot.eqi3m0r3bslp.top/static/images/favicon.ico

16.162.33.164

200 OK

9.7 kB

URL

ot.eqi3m0r3bslp.top/static/images/favicon.ico

IP / ASN

16.162.33.164

#16509 AMAZON-02

Requested byhttps://ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200

Resource Info

File typeMS Windows icon resource - 1 icon, 48x48, 32 bits/pixel

First Seen2023-12-10

Last Seen2024-08-20

Times Seen5

Size9.7 kB (9662 bytes)

MD5dcde8d05b7997f17acc24d92ab322112

SHA1f1cf838bf5628edc7d455d63b75b6d9e36347aa1

SHA256623a3caf8994005d9b1ff733f9e48626b3fd48bf8f24001ee3a85af8ac54acc6

Certificate Info

IssuerLet's Encrypt

Subjectot.211uacjnxze6.top

Fingerprint59:59:72:24:C5:C2:CB:F5:A4:5B:10:B0:57:4C:AB:1D:62:25:72:42

ValidityWed, 17 Jan 2024 06:03:26 GMT - Tue, 16 Apr 2024 06:03:25 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/images/favicon.ico HTTP/1.1
Host: ot.eqi3m0r3bslp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 21 Jan 2024 03:47:17 GMT
Content-Type: image/x-icon
Content-Length: 9662
Last-Modified: Thu, 10 Aug 2023 05:26:14 GMT
Connection: keep-alive
ETag: "64d474f6-25be"
Accept-Ranges: bytes

GET uqkklx39td.top/case/cdn.txt?sig=1705808837347473847

143.204.55.5

200 OK

112 B

URL

uqkklx39td.top/case/cdn.txt?sig=1705808837347473847

IP / ASN

143.204.55.5

#16509 AMAZON-02

Requested byhttps://ot.eqi3m0r3bslp.top/a/mm3/OSM03B78?sig=1705808835491530200

Resource Info

File typePython script, ASCII text executable

First Seen2023-12-10

Last Seen2024-08-20

Times Seen5

Size112 B (112 bytes)

MD543b77349b54e96788672fc301fd8aa55

SHA162367c60703e0efb3746f40a091d1ea51f49ff3c

SHA256a26bbe8f7773a70d87fc24dceb31ab91de5a66f435f37af553335004cb598256

Certificate Info

IssuerAmazon

Subjectuqkklx39td.top

Fingerprint62:49:A6:A3:91:A1:E4:23:93:78:51:D6:28:5D:21:7F:F5:E2:D4:ED

ValidityTue, 26 Sep 2023 00:00:00 GMT - Thu, 24 Oct 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /case/cdn.txt?sig=1705808837347473847 HTTP/1.1
Host: uqkklx39td.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ot.eqi3m0r3bslp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 112
date: Sun, 21 Jan 2024 03:47:19 GMT
last-modified: Tue, 12 Sep 2023 08:37:49 GMT
etag: "43b77349b54e96788672fc301fd8aa55"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iOTPeTa8ah2ksABbCUHfjA8WK8K48zZjiDHgU5_VkWhyDKOUiMkq6w==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

GET uqkklx39td.top/case/mm3/OSM03B78/OSM03B78.apk?sig=1705808837347473079

143.204.55.7

200 OK

22 MB

URL

uqkklx39td.top/case/mm3/OSM03B78/OSM03B78.apk?sig=1705808837347473079

IP / ASN

143.204.55.7

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeZip archive data, at least v0.0 to extract, compression method=store

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size22 MB (22418404 bytes)

MD5af5b4a459eaf42183d7d1b5e2e500a5b

SHA17be9c9734a8edf5d636746efd1ca6bc0f5e655ce

SHA25654430c3f02b5d27c04ef73e1830f36b51d160cd95e056fc80e50374d06d9b361

Certificate Info

IssuerAmazon

Subjectuqkklx39td.top

Fingerprint62:49:A6:A3:91:A1:E4:23:93:78:51:D6:28:5D:21:7F:F5:E2:D4:ED

ValidityTue, 26 Sep 2023 00:00:00 GMT - Thu, 24 Oct 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /case/mm3/OSM03B78/OSM03B78.apk?sig=1705808837347473079 HTTP/1.1
Host: uqkklx39td.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/vnd.android.package-archive
content-length: 22418404
date: Sun, 21 Jan 2024 03:47:20 GMT
last-modified: Sat, 20 Jan 2024 19:38:32 GMT
etag: "af5b4a459eaf42183d7d1b5e2e500a5b"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ihaxs2B2wERMtNoPL-OmJGq6GBXbtB-TLM1SprsPtTGORSQeJGBx6w==
vary: Origin
X-Firefox-Spdy: h2