Overview

URLdfnq74uwhoid6.cloudfront.net/2015/11/4/gb-update.exe
IP52.85.74.214
ASNUnknown
Location United States
Report completed2017-03-20 15:41:04 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-03-202dfnq74uwhoid6.cloudfront.net/2015/11/4/gb-update.exeMalware
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 52.85.74.214

Date UQ / IDS / BL URL IP
2017-03-21 00:21:000 - 0 - 1file.market.xiaomi.com/download/AppStore/0422fd5eb789843f91c200cbe19ff772a9f5972a1/~P (...)52.85.74.214
2017-03-21 00:19:060 - 0 - 1f5.market.xiaomi.com/download/appstore/075fa84bcbf7b4797153ac9fbd79fd41474550d7d/@KKK (...)52.85.74.214
2017-03-21 00:18:150 - 0 - 1f3.market.xiaomi.com/download/AppStore/065b857126b8327be9887b038007830d8e3430eae/P_50 (...)52.85.74.214
2017-03-05 00:53:020 - 0 - 1d3oxtn1x3b8d7i.cloudfront.net/binsis/get_pre_offering_checks?uid=C64E86590B0D429C9425 (...)52.85.74.214

Last 6 reports on ASN: Unknown

Date UQ / IDS / BL URL IP
2017-03-30 04:36:360 - 0 - 0besttilbud.no107.154.156.83
2017-03-30 04:36:280 - 0 - 1s3.amazonaws.com/download_zone_repo/2015/refreshpc.exe52.216.226.115
2017-03-30 04:36:150 - 0 - 0www.wullum.no52.206.163.161
2017-03-30 04:35:460 - 0 - 0community.kabam.com/forums/showthread.php?780727-Tap-Sports-Baseball-2017-Hack-Tool-Unlimited-g (...)52.53.80.219
2017-03-30 04:35:180 - 0 - 1url.222bz.com/down/potplayer%E6%92%AD%E6%94%BE%E5%99%A8%E4%B8%AD%E6%96%87%E7%89%88@411_12150.ex (...)114.55.188.114
2017-03-30 04:34:440 - 0 - 0www.proim.no52.206.163.161

Last 6 reports on domain: dfnq74uwhoid6.cloudfront.net

Date UQ / IDS / BL URL IP
2017-03-30 02:40:080 - 0 - 1dfnq74uwhoid6.cloudfront.net/2015/12/31/rt-update.exe52.84.246.191
2017-03-29 22:45:260 - 0 - 1dfnq74uwhoid6.cloudfront.net/2017/3/23/rt-update.exe52.84.246.127
2017-03-29 22:42:450 - 0 - 1dfnq74uwhoid6.cloudfront.net/2015/12/1/rt-update.exe52.84.246.154
2017-03-29 22:10:200 - 0 - 1dfnq74uwhoid6.cloudfront.net/2015/12/20/rt-update.exe52.84.246.6
2017-03-29 22:06:590 - 0 - 1dfnq74uwhoid6.cloudfront.net/2015/11/27/gb-update.exe52.84.246.76
2017-03-29 22:03:020 - 0 - 1dfnq74uwhoid6.cloudfront.net/2015/12/7/gb-update.exe52.84.246.127



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
GET /2015/11/4/gb-update.exe HTTP/1.1

Host: dfnq74uwhoid6.cloudfront.net

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 52.85.74.203
HTTP/1.1 200 OK
Content-Type: application/exename
Content-Length: 7147824
Connection: keep-alive
Cache-Control: private
Content-Disposition: attachment; filename=gb-update.exe
Date: Mon, 20 Mar 2017 14:40:14 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
X-Cache: Miss from cloudfront
Via: 1.1 28e1bd291bf9b996c8d272e4eb691366.cloudfront.net (CloudFront)
X-Amz-Cf-Id: j8_sUVqN1ZAkA5qxL8Pu1tNbyC_ZissHQ0r0061W9o1oUrJhNAoEWQ==