Report - fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt

Report Overview

Visited public
2024-11-04 02:30:46
Tags
URL
fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt
Finishing URL
fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt
IP / ASN
36.158.208.171
#56047 China Mobile communications corporation
Title
fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fs-im-kefu.7moor-fs1.com	815236	2019-10-25	2020-12-21	2024-11-03	1.3 kB	398 kB	58.19.48.175

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-11-04	medium	fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt	Detects suspicious XORed MSDOS stub message
2024-11-04	medium	fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt	meth_get_eip

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

fs-im-kefu.7moor-fs1.com/

58.19.48.175

404 Not Found

30 B

URL
fs-im-kefu.7moor-fs1.com/
IP
58.19.48.175:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
JSON text data
Size
30 B (30 bytes)
Hash
dae2f3dd9baf239b45dd8bc1408e67de
5e415fd3ee90548957bb73ce748eca52a65a01b3
63f167d2adce5d2b33fc90c8a437615e605ac1ab3dd8b6e028dbc502da3b663e

HTTP Headers

GET / HTTP/1.1
Host: fs-im-kefu.7moor-fs1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Byte-nginx
Content-Type: application/json
Content-Length: 30
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Date: Mon, 04 Nov 2024 02:30:24 GMT
Via: cache01.jswxmp,cache10.hbxiangyang-cu04
X-Bdcdn-Cache-Status: TCP_MISS,TCP_MISS
X-Log: X-Log
X-M-Log: QNM:yzh155;SRCPROXY:yzh152;SRC:3/404;SRCPROXY:4/404;QNM3:4/404
X-M-Reqid: 8vkAAFNquAcLowQY
X-Qnm-Cache: Miss
X-Reqid: i4kAAACH0AcLowQY
X-Request-Id: e1cde42ba4bd16bdb0c3d23955b892a3
X-Request-Ip: 91.90.42.154
X-Response-Cache: miss
X-Response-Cinfo: 91.90.42.154
X-Svr: IO
X-Tt-Trace-Tag: id=5

fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt

58.19.48.175

200 OK

395 kB

URL User Request GET HTTP/2
fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt
IP
58.19.48.175:443
ASN
#4837 CHINA UNICOM China169 Backbone

Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.7moor.com
FingerprintB5:03:E5:53:51:06:41:2C:B7:FD:E1:F4:89:35:C4:9F:DA:91:6C:C1
ValidityTue, 29 Oct 2024 00:00:00 GMT - Thu, 27 Nov 2025 23:59:59 GMT

File type
data
Size
395 kB (395241 bytes)
Hash
f52844ab92882594fe9749bec0ea7cc2
9607fc44b4d0fa8453dd8cd29ba8edcd23534376
0b13fa90b677020bcb3d18fb480030e4852f2801b99dc486f6cf6517bbd6874d

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious XORed MSDOS stub message
YARAhub by abuse.ch	malware	meth_get_eip

HTTP Headers

GET /ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt HTTP/1.1
Host: fs-im-kefu.7moor-fs1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Byte-nginx
content-type: text/plain
content-length: 395241
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
age: 393836
cache-control: public, max-age=31536000
content-disposition: inline; filename="jj.txt"; filename*=utf-8''jj.txt
content-encoding: gzip
content-md5: 9ShEq5KIJZT+l0m+wOp8wg==
content-transfer-encoding: binary
etag: "FpYH_ES00PqEU92M0puo7c0jU0N2.gz"
last-modified: Wed, 30 Oct 2024 05:03:06 GMT
vary: Accept-Encoding
x-bdcdn-cache-status: TCP_HIT
x-log: X-Log
x-m-log: QNM:xs1164;SRCPROXY:xs1751;SRC:29;SRCPROXY:29;QNM3:36
x-m-reqid: Iw0AAItrrDfaPAMY
x-qiniu-zone: 0
x-qnm-cache: Miss
x-reqid: V6MAAADOzzbaPAMY
x-request-id: deab76dc91f6e557922a27a380e46073
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-svr: IO
x-tt-trace-tag: id=5
date: Mon, 04 Nov 2024 02:30:24 GMT
via: cache09.hbxiangyang-cu04
X-Firefox-Spdy: h2

fs-im-kefu.7moor-fs1.com/favicon.ico

58.19.48.175

404 Not Found

30 B

URL GET HTTP/2
fs-im-kefu.7moor-fs1.com/favicon.ico
IP
58.19.48.175:443
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.7moor.com
FingerprintB5:03:E5:53:51:06:41:2C:B7:FD:E1:F4:89:35:C4:9F:DA:91:6C:C1
ValidityTue, 29 Oct 2024 00:00:00 GMT - Thu, 27 Nov 2025 23:59:59 GMT

File type
JSON text data
Size
30 B (30 bytes)
Hash
dae2f3dd9baf239b45dd8bc1408e67de
5e415fd3ee90548957bb73ce748eca52a65a01b3
63f167d2adce5d2b33fc90c8a437615e605ac1ab3dd8b6e028dbc502da3b663e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fs-im-kefu.7moor-fs1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fs-im-kefu.7moor-fs1.com/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1730264585371/jj.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: Byte-nginx
content-type: application/json
content-length: 30
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
date: Mon, 04 Nov 2024 02:30:26 GMT
via: cache69.tzmp,cache09.hbxiangyang-cu04
x-bdcdn-cache-status: TCP_MISS,TCP_MISS
x-log: X-Log
x-m-log: QNM:cz18;QNM3/404
x-m-reqid: 1N8AADXqmHQLowQY
x-qnm-cache: Hit
x-reqid: yVUAAABEi0MLowQY
x-request-id: 5e303a94616e85fadb29ad5572458802
x-request-ip: 91.90.42.154
x-response-cache: miss
x-response-cinfo: 91.90.42.154
x-svr: IO
x-tt-trace-tag: id=5
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers