IOC Report
https://www.xxfj168.com/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 46
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 47
HTML document, ASCII text
downloaded
Chrome Cache Entry: 48
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 49
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 50
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 51
ASCII text, with very long lines (6275)
downloaded
Chrome Cache Entry: 52
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 53
ASCII text
downloaded
Chrome Cache Entry: 54
JSON data
downloaded
Chrome Cache Entry: 55
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 56
JSON data
dropped
Chrome Cache Entry: 57
ASCII text, with very long lines (1005), with CRLF, LF line terminators
downloaded
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,14988252462584480448,9839023817784272560,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.xxfj168.com/"

URLs

Name
IP
Malicious
https://www.xxfj168.com/
https://github.com/axios/axios/issues/201)
unknown
https://feross.org
unknown
https://github.com/davidchambers/Base64.js
unknown
https://www.yononess.cyou/click/queryIpClick
134.122.205.226
https://nodejs.org/api/http.html#http_message_headers
unknown
https://www.tfteleknteqd888.com//index.php
121.127.245.109
https://ip.useragentinfo.com/json
unknown
https://www.xxfj168.com/
https://www.xxfj168.com/static/js/axios.js
103.158.37.203
https://www.xxfj168.com/static/js/jquery-ui.js
103.158.37.203
http://jqueryui.com
unknown
http://www.google.com)
unknown
https://www.xxfj168.com/favicon.ico
103.158.37.203
http://url.spec.whatwg.org/#urlutils
unknown
https://entry11.bk.mufg.jp/ibg/dfw/APLIN/loginib/login?_TRANID=AG004_001&link_id=kojin_top_direct_lo
unknown
https://www.xxfj168.com/ResourceConfig/urlConfig.json?t=1
103.158.37.203
https://www.yononess.cyou
unknown
https://www.xxfj168.com/static/js/it.js
103.158.37.203
https://www.xxfj168.com/static/css/common.css
103.158.37.203
https://www.yononess.cyou/websocket/2e03a3b3a61971bd375aac43fcf616cd
134.122.205.226
https://www.xxfj168.com/sanling_index/spa_loader.css
103.158.37.203
https://www.xxfj168.com/static/js/ResourceRedConfig.js
103.158.37.203
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
www.xxfj168.com
103.158.37.203
www.tfteleknteqd888.com
121.127.245.109
www.yononess.cyou
134.122.205.226
www.google.com
74.125.138.103
fp2e7a.wpc.phicdn.net
192.229.211.108

IPs

IP
Domain
Country
Malicious
74.125.138.103
www.google.com
United States
103.158.37.203
www.xxfj168.com
unknown
239.255.255.250
unknown
Reserved
121.127.245.109
www.tfteleknteqd888.com
Hong Kong
192.168.2.4
unknown
unknown
134.122.205.226
www.yononess.cyou
United States

DOM / HTML

URL
Malicious
https://www.xxfj168.com/