Overview

URLwww.zlf1688.com/download/soft/cjmex_sp.exe
IP120.24.14.76
ASNAS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Location China
Report completed2017-03-21 02:48:11 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-03-212www.zlf1688.com/download/soft/cjmex_sp.exeMalware
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 3 reports on IP: 120.24.14.76

Date UQ / IDS / BL URL IP
2017-03-23 07:36:570 - 0 - 1www.zlf1688.com/download/soft/cjmex_sp.exe120.24.14.76
2017-03-17 04:42:320 - 0 - 1www.zlf1688.com/download/soft/cjmex_sp.exe120.24.14.76
2017-03-11 05:03:010 - 0 - 1zlf1688.com/download/soft/cjmex_sp.exe120.24.14.76

Last 6 reports on ASN: AS37963 Hangzhou Alibaba Advertising Co.,Ltd.

Date UQ / IDS / BL URL IP
2017-03-30 04:34:270 - 0 - 1url.tudown.com/down/%E9%85%B7%E7%8B%97%E6%B6%88%E9%99%A4%E5%8E%9F%E9%9F%B3%E6%8F%92%E4%BB%B6@25 (...)112.74.68.204
2017-03-30 04:32:220 - 0 - 3down.xiazai2.net/cx/8/%E3%80%8A%E8%A5%BF%E8%A5%BF%E9%87%8C%E7%9A%84%E7%BE%8E%E4%B8%BD%E4%BC%A0% (...)121.41.10.159
2017-03-30 04:32:210 - 0 - 3down.xiazai2.net/cx/8/%E5%88%B7Q%E5%B8%81%E8%BD%AF%E4%BB%B62014%E7%A0%B4%E8%A7%A3%E7%89%88@39_E (...)121.41.10.159
2017-03-30 04:32:180 - 0 - 3down.xiazai2.net/cx/8/%C3%A8%C2%A7%C2%A6%C3%A5%C2%AE%C2%9D%C3%A7%E2%80%9D%CE%BC%C3%A8%20%CC%84% (...)121.41.10.159
2017-03-30 03:57:470 - 0 - 1www.cnhedge.cn/js/index.htm?http://us.battle.net/login/en/?ref=http://wgaloheus.battle.net/d3/e (...)115.29.190.178
2017-03-30 03:43:140 - 0 - 2qiuhao.com/QhDev10K/7287.htm121.40.42.143

Last 2 reports on domain: www.zlf1688.com

Date UQ / IDS / BL URL IP
2017-03-23 07:36:570 - 0 - 1www.zlf1688.com/download/soft/cjmex_sp.exe120.24.14.76
2017-03-17 04:42:320 - 0 - 1www.zlf1688.com/download/soft/cjmex_sp.exe120.24.14.76



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
GET /download/soft/cjmex_sp.exe HTTP/1.1

Host: www.zlf1688.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 120.24.14.76
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Server: kangle/3.5.4
Date: Tue, 21 Mar 2017 01:46:09 GMT
Last-Modified: Thu, 15 Oct 2015 08:47:25 GMT
Content-Length: 5588613
Connection: keep-alive