Overview

URLdown11326.yzzzn.com/?/91155/pconline1/iTunes64
IP121.41.10.159
ASNAS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Location China
Report completed2017-04-21 15:56:11 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-04-212down11326.yzzzn.com/?/91155/pconline1/iTunes64Malware
2017-04-212down04975943.xiazai3.net/cx/160624/15/iTues64@193_91155.exeMalware
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 121.41.10.159

Date UQ / IDS / BL URL IP
2017-05-24 09:09:140 - 0 - 2down.xiazaidc.com/?/360947/pconline/?��pdf??��1.5������.exe121.41.10.159
2017-05-24 08:34:490 - 0 - 2down5963.wtn5.com/?/125537/pc61/???????.exe121.41.10.159
2017-05-24 06:04:380 - 0 - 1down.dxiaz.com/cx/160624/2/7-zip@696_307_2.exe121.41.10.159
2017-05-24 05:02:420 - 0 - 2down5923.tkg5.com/?/2816/pc61/ipu52a0u901fu5668.exe121.41.10.159
2017-05-24 04:42:260 - 0 - 1down.xiazaidc.com/cx/160624/3/ie8.0%E6%B5%8F%E8%A7%88%E5%99%A8@899_2909.exe121.41.10.159
2017-05-24 04:25:550 - 0 - 2down5923.tkg5.com/?/2816/pc61/ip加速器.exe121.41.10.159

Last 6 reports on ASN: AS37963 Hangzhou Alibaba Advertising Co.,Ltd.

Date UQ / IDS / BL URL IP
2017-05-24 11:32:010 - 0 - 1jjzx.me/101.201.104.203
2017-05-24 11:23:000 - 0 - 2maochiyu.com/114.215.95.225
2017-05-24 11:17:200 - 0 - 14ohweonline.com/139.196.114.1
2017-05-24 11:04:030 - 0 - 2gj-ms.cn/123.56.93.249
2017-05-24 11:01:050 - 0 - 2gj-ms.com/123.56.93.249
2017-05-24 10:53:000 - 0 - 0ss.modw1.com120.55.80.151

Last 6 reports on domain: down11326.yzzzn.com

Date UQ / IDS / BL URL IP
2017-04-28 13:07:430 - 0 - 2down11326.yzzzn.com/?/91155/pconline1/iTunes64λ12.6.4.3ٷ.exe121.41.10.159
2017-04-26 19:33:020 - 0 - 2down11326.yzzzn.com/?/91155/pconline1/iTunes64121.41.10.159
2017-04-26 12:49:410 - 0 - 2down11326.yzzzn.com/?/91155/pconline1/iTunes64λ12.6.4.3ٷ.exe121.43.97.175
2017-04-25 12:19:280 - 0 - 2down11326.yzzzn.com/?/91155/pconline1/iTunes64λ12.6.4.3ٷ.exe121.43.97.175
2017-04-24 12:28:420 - 0 - 2down11326.yzzzn.com/?/91155/pconline1/iTunes64λ12.6.4.3ٷ.exe121.43.97.175
2017-04-23 14:59:520 - 0 - 2down11326.yzzzn.com/?/91155/pconline1/iTunes64λ12.6.4.3ٷ.exe121.41.10.159



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (2)


Request Response
GET /?/91155/pconline1/iTunes64 HTTP/1.1

Host: down11326.yzzzn.com

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 121.41.10.159
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: http://down04975943.xiazai3.net/cx/160624/15/iTues64@193_91155.exe
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.28, ASP.NET
Set-Cookie: PHPSESSID=61667c955cdf1949b412e987f782052d8ASCE; expires=Fri, 21-Apr-2017 16:55:17 GMT
Date: Fri, 21 Apr 2017 13:55:17 GMT
Content-Length: 192
GET /cx/160624/15/iTues64@193_91155.exe HTTP/1.1

Host: down04975943.xiazai3.net

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive