Overview

URLwww.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe
IP220.73.162.3
ASNAS4766 Korea Telecom
Location Korea, Republic of
Report completed2017-03-21 03:00:54 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-03-212www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exeMalware
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 220.73.162.3

Date UQ / IDS / BL URL IP
2017-04-24 13:58:550 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-04-24 11:23:090 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-04-21 19:13:000 - 0 - 1loadform.co.kr/DOWNLOAD/MICROLABCON.EXE220.73.162.3
2017-04-19 14:39:060 - 0 - 1www.loadform.co.kr/Download/WinCtrProc.exe220.73.162.3
2017-04-19 12:11:370 - 0 - 1upgradefile.com/Download/DreamApp/3359/DrtCorp.exe220.73.162.3
2017-04-18 12:22:520 - 0 - 1upgradefile.com/Download/DreamApp/3359/DrtCorp.exe220.73.162.3

Last 6 reports on ASN: AS4766 Korea Telecom

Date UQ / IDS / BL URL IP
2017-04-25 02:45:090 - 0 - 1fuckyou.x-y.net/zb/icon/_images/nyc-erotic-massge/embarrass-my-slave-sex.html222.122.60.176
2017-04-25 02:01:130 - 0 - 28yav.com/view/index33333.html101.55.88.66
2017-04-25 01:57:500 - 0 - 2jlk-inspection.com/112.175.184.151
2017-04-25 01:32:180 - 0 - 1hans-clean.com/183.111.161.199
2017-04-25 01:22:150 - 0 - 1wizutil.com/down2/file_down.php?u=20-11420_A?AAA?AA?AAA?AAA?A%218.146.254.33
2017-04-25 00:34:560 - 0 - 1www.dtoptool.com/images/launcher/launcher.swf222.122.179.206

Last 6 reports on domain: www.filesave.co.kr

Date UQ / IDS / BL URL IP
2017-04-24 13:58:550 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-04-24 11:23:090 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-03-23 07:49:560 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-03-23 07:49:560 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-03-21 03:00:550 - 0 - 1www.filesave.co.kr/download/dreamapp/3247/DrtLauncher.exe220.73.162.3
2017-03-16 12:26:330 - 0 - 1www.filesave.co.kr/download/DreamApp/3247/CorpDrt.exe220.73.162.3



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
GET /download/dreamapp/3247/DrtLauncher.exe HTTP/1.1

Host: www.filesave.co.kr

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 220.73.162.3
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Mon, 20 Mar 2017 23:16:29 GMT
Accept-Ranges: bytes
Etag: "5a924c1d0a1d21:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 21 Mar 2017 02:00:01 GMT
Content-Length: 823968