Overview

URLxiazai.xiazaijia.cc/cx/160105/1/ufffd%28win7????ufffdufffd?ufffdufffd)32ufffdufffd@11_55640.exe
IP59.45.79.75
ASNAS4134 Chinanet
Location China
Report completed2017-04-21 09:40:44 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-04-212xiazai.xiazaijia.cc/cx/160105/1/ufffd%28win7????ufffdufffd?ufffdufffd)32ufffdufffd@11_55640.exeMalware
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 59.45.79.75

Date UQ / IDS / BL URL IP
2017-05-23 15:36:000 - 0 - 1down04985148.xiazaijia.net/cx/160624/16/1080p-hd?????????????????????-iqiyi@288_1_5.e (...)59.45.79.75
2017-05-23 14:07:070 - 0 - 1down.xiazaidown.com/cx/160624/2/myeclipse2016ci@85_21581.exe59.45.79.75
2017-05-23 13:31:170 - 0 - 1down.xiazaidown.com/cx/160624/2/myeclipse2016ci%E7%A0%B4%E8%A7%A3%E7%89%88@85_21581.e (...)59.45.79.75
2017-05-23 12:54:350 - 0 - 1down.xiazaidown.com/cx/160624/2/zidogxsdsv2.0@2243_96612.exe59.45.79.75
2017-05-23 12:46:170 - 0 - 1down04981611.xiazaijia.net/cx/160624/16/10@19_334265DV9.9.0.8@84_11005.exe59.45.79.75
2017-05-23 12:19:090 - 0 - 1down04981893.xiazaijia.net/cx/160624/16/%E6%9C%89%E5%B7%A5%E4%BD%96%C2%83%C2%A0%E6%99 (...)59.45.79.75

Last 6 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2017-05-23 16:45:260 - 0 - 1soft1-09.yxdown.cn/AdobeAuditionCC2016.rar218.75.153.38
2017-05-23 16:44:110 - 0 - 1dx.qqtn.com/qq4/wldsw.zip61.132.13.189
2017-05-23 16:44:090 - 0 - 1d1.paopaoche.net/x1/lianliankanheji.rar222.241.7.191
2017-05-23 16:44:020 - 0 - 1dx.qqtn.com/qq3/mcbqyxfz.zip61.132.13.189
2017-05-23 16:44:010 - 0 - 1dx.qqtn.com/qq2/bqyxlxfz.zip61.132.13.189
2017-05-23 16:44:000 - 0 - 1dx.qqtn.com/qq2/dnfmklianfa.zip61.132.13.189

Last 6 reports on domain: xiazai.xiazaijia.cc

Date UQ / IDS / BL URL IP
2017-05-23 12:00:010 - 0 - 1xiazai.xiazaijia.cc/cx/4/corelpaic2%C2%BF%C3%A9%C2%B0%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF (...)59.45.79.75
2017-05-23 07:35:360 - 0 - 1xiazai.xiazaijia.cc/cx/160225/1/????????????????????????@118_2122.exe59.45.79.75
2017-05-23 04:02:010 - 0 - 1xiazai.xiazaijia.cc/cx/160225/1/????????????????????????@118_2122.exe59.45.79.75
2017-05-23 02:15:030 - 0 - 1xiazai.xiazaijia.cc/cx/160225/2/vst3.1.0@84_33833.exe59.45.79.75
2017-05-23 01:49:020 - 0 - 1xiazai.xiazaijia.cc/cx/160225/2/vst%E5%85%A8%E8%81%9A%E5%90%88%E7%94%B5%E8%84%91%E7%89%883.1.0@ (...)59.45.79.75
2017-05-22 23:09:010 - 0 - 1xiazai.xiazaijia.cc/cx/160225/1/verycd??easymule@899_1063.exe59.45.79.75



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
GET /cx/160105/1/ufffd%28win7????ufffdufffd?ufffdufffd)32ufffdufffd@11_55640.exe HTTP/1.1

Host: xiazai.xiazaijia.cc

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 59.45.79.75
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=utf-8
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.28, ASP.NET
Accept-Length: 288064
Content-Disposition: attachment; filename=ufffd(win7.exe
Date: Fri, 21 Apr 2017 07:39:38 GMT
Content-Length: 288064