IOC Report
http://sa013.com/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 116
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 117
ASCII text, with very long lines (2179), with no line terminators
downloaded
Chrome Cache Entry: 118
gzip compressed data, from Unix, original size modulo 2^32 119
dropped
Chrome Cache Entry: 119
Unicode text, UTF-8 text, with very long lines (39989), with no line terminators
downloaded
Chrome Cache Entry: 120
gzip compressed data, from Unix, original size modulo 2^32 5161
downloaded
Chrome Cache Entry: 121
JSON data
dropped
Chrome Cache Entry: 122
Unicode text, UTF-8 text, with very long lines (5084), with no line terminators
downloaded
Chrome Cache Entry: 123
JSON data
dropped
Chrome Cache Entry: 124
Unicode text, UTF-8 text, with very long lines (5084), with no line terminators
dropped
Chrome Cache Entry: 125
gzip compressed data, from Unix, original size modulo 2^32 119
downloaded
Chrome Cache Entry: 126
Unicode text, UTF-8 text, with very long lines (39989), with no line terminators
dropped
Chrome Cache Entry: 127
Unicode text, UTF-8 text, with very long lines (5721), with no line terminators
dropped
Chrome Cache Entry: 128
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 129
Unicode text, UTF-8 text, with very long lines (5721), with no line terminators
downloaded
Chrome Cache Entry: 130
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (622)
downloaded
Chrome Cache Entry: 132
Unicode text, UTF-8 text, with very long lines (24209)
dropped
Chrome Cache Entry: 133
Unicode text, UTF-8 text, with very long lines (24209)
downloaded
There are 9 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2240,i,12652489363998795942,16803406881193305079,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sa013.com/"

URLs

Name
IP
Malicious
http://sa013.com/
https://image.uc.cn/s/uae/g/3o/berg/static/
unknown
https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
47.246.23.251
https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
47.246.23.251
http://px.effirst.com/api/v1/jssdk/upload?wpk-header=app%3Dberg-download%26cp%3Dnone%26de%3D4%26seq%3D1728425762904%26tm%3D1728425762%26ud%3De865f426-9485-47d5-915b-7a2cd0c7fe82%26ver%3D2.42.1%26type%3Dflow%26sver%3D1.2.7%26sign%3D9bf8a190ef82c5049df7b199c599c45b
111.63.205.165
http://sa013.com/
https://hm.baidu.com/hm.js?42296466acbd6a1e84224ab1433a06cc
111.45.3.198
http://px-intl.ucweb.com/api/v1/jssdk/upload
unknown
https://goutong.baidu.com/site/
unknown
https://px.wpk.quark.cn/api/v1/jconfig
unknown
https://down2.uc.cn/ucbrowser/v2/down.php?pub=__LAXIN_SRC_CH__&id=145&model=androidv8&brand=android&
unknown
https://hmcdn.baidu.com/static/tongji/plugins/
unknown
https://track.uc.cn/collect
unknown
http://px.effirst.com/api/v1/jconfig
unknown
https://px-intl.ucweb.com/api/v1/jssdk/upload
unknown
https://download.uc.cn/download/quark?ch=__LAXIN_SRC_CH__
unknown
https://fclog.baidu.com/log/ocpcagl?type=behavior&emd=euc
unknown
http://px-itrace.xuexi.cn/api/v1/jconfig
unknown
http://down2.uc.cn/quark/down.php?id=3300&pub=kk
unknown
https://px.wpk.quark.cn/api/v1/jssdk/upload
unknown
https://px.effirst.com/api/v1/jssdk/upload
unknown
https://hmcdn.baidu.com/static
unknown
https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js
163.181.92.234
http://px.effirst.com/api/v1/jconfig?wpk-header=app%3Dberg-download%26tm%3D1728425758%26ud%3Dd5874e71-c374-49e4-3851-6b7d5df58dd2%26sver%3D1.2.7%26sign%3Dc41e43c828c16c16a6eb1c9c1e68e8ce
111.63.205.165
http://px.wpk.quark.cn/api/v1/jssdk/upload
unknown
http://sa013.com/favicon.ico
35.241.58.71
http://px-itrace.xuexi.cn/api/v1/jssdk/upload
unknown
https://union.uc.cn/public/icl.php?ch=__LAXIN_SRC_CH__&appid=586871187
unknown
http://tongji.baidu.com/hm-web/welcome/ico
unknown
https://px-itrace.xuexi.cn/api/v1/jssdk/upload
unknown
http://px.effirst.com/api/v1/jssdk/upload
unknown
http://px.effirst.com/api/v1/jssdk/upload?wpk-header=app%3Dberg-download%26cp%3Dnone%26de%3D4%26seq%3D1728425762939%26tm%3D1728425762%26ud%3De865f426-9485-47d5-915b-7a2cd0c7fe82%26ver%3D2.42.1%26type%3Djsfsperf%26sver%3D1.2.7%26sign%3D9bf8a190ef82c5049df7b199c599c45b
111.63.205.165
http://px.wpk.quark.cn/api/v1/jconfig
unknown
https://track.uc.cn/collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_first&page_h5=page_loading_first&lt=pageview&c_lt=pageview&event_id=2001&keyword=&referrer=&host=sa013.com&url=http%3A%2F%2Fsa013.com%2F&cookie=__wpkreporterwid_%3De865f426-9485-47d5-915b-7a2cd0c7fe82&time=1728425758430&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F117.0.0.0+Safari%2F537.36&isUC=false&isQuark=false&is_duannei=false&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv
123.182.51.196
https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
47.246.23.251
https://px-intl.ucweb.com/api/v1/jconfig
unknown
https://download.uc.cn/download/ucbrowser?ch=__LAXIN_SRC_CH__
unknown
https://px-itrace.xuexi.cn/api/v1/jconfig
unknown
https://track.uc.cn/collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_cn&page_h5=page_loading_cn&keyword=&referrer=&host=sa013.com&url=http%3A%2F%2Fsa013.com%2F&cookie=__wpkreporterwid_%3De865f426-9485-47d5-915b-7a2cd0c7fe82&time=1728425759419&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F117.0.0.0+Safari%2F537.36&isUC=false&isQuark=false&is_duannei=false&lt=pageview&c_lt=pageview&event_id=2001&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv
123.182.51.196
https://hm.baidu.com/hm.gif?hca=EBEA6351BEA35281&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=166084807&si=42296466acbd6a1e84224ab1433a06cc&v=1.3.2&lv=1&sn=5671&r=0&ww=1280&u=http%3A%2F%2Fsa013.com%2F&tt=sa013.com
111.45.3.198
http://px-intl.ucweb.com/api/v1/jconfig
unknown
https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css
163.181.92.234
https://px.effirst.com/api/v1/jconfig
unknown
There are 32 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
wpk-hb3c-lbg-2.ude.effirst.com
111.63.205.165
g.alicdn.com.danuoyi.alicdn.com
47.246.23.251
image.uc.cn.w.alikunlun.com
163.181.92.234
www.google.com
142.250.74.196
sa013.com
35.241.58.71
hm.e.shifen.com
111.45.3.198
track.ucdns.uc.cn
123.182.51.196
image.uc.cn
unknown
px.effirst.com
unknown
track.uc.cn
unknown
g.alicdn.com
unknown
hm.baidu.com
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
35.241.58.71
sa013.com
United States
111.45.3.198
hm.e.shifen.com
China
192.168.2.7
unknown
unknown
163.181.92.228
unknown
United States
192.168.2.4
unknown
unknown
163.181.92.234
image.uc.cn.w.alikunlun.com
United States
216.58.206.68
unknown
United States
111.63.205.165
wpk-hb3c-lbg-2.ude.effirst.com
China
123.182.50.159
unknown
China
239.255.255.250
unknown
Reserved
47.246.23.251
g.alicdn.com.danuoyi.alicdn.com
United States
163.181.131.243
unknown
United States
123.182.51.196
track.ucdns.uc.cn
China
142.250.74.196
www.google.com
United States
There are 4 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
http://sa013.com/
http://sa013.com/