Overview

URL lei8yxh.apimguxy.cn/l104629ei/2017%E5%B9%B42017%E5%B9%B4%E5%89%A7%E6%83%85%E5%8E%86%E5%8F%B2%E5%BB%BA%E5%86%9B%E5%A4%A7%E4%B8%9ABD%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97%E8%BF%85%E9%9B%B7_idianying-1080_r9v
IP122.228.248.120
ASNAS4134 Chinanet
Location China
Report completed2017-10-13 04:13:42 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-13 04:13:00 CEST 3  122.228.248.120 Client IP ET INFO EXE - Served Attached HTTP
2017-10-13 04:13:00 CEST 1  122.228.248.120 Client IP ET POLICY PE EXE or DLL Windows file download HTTP
2017-10-13 04:13:07 CEST 1  122.228.248.120 Client IP ETPRO EXPLOIT ATMFD.DLL Privilege Elevation Vuln (CVE-2016-3220)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 122.228.248.120

Date UQ / IDS / BL URL IP
2018-09-23 05:06:13 +0200
0 - 3 - 0 lei80210ggo.asoyhmje.cn/au106309r/ansys17.064 (...) 122.228.248.120
2018-07-11 07:10:33 +0200
0 - 3 - 0 lei80219kel.asoyhmje.cn/aur106298/2017%E5%B9% (...) 122.228.248.120
2018-07-06 23:45:35 +0200
0 - 3 - 0 lei80220wgo.asoyhmje.cn/106290aur/2018%E5%B9% (...) 122.228.248.120
2018-07-05 05:08:22 +0200
0 - 3 - 0 lei80219kbt.asoyhmje.cn/au106293r/setup_z812_233 122.228.248.120
2018-07-04 09:48:45 +0200
0 - 3 - 0 nv2i832.asoyhmje.cn/gm106285/game_gamer-1480_17t 122.228.248.120
2018-07-04 09:48:25 +0200
0 - 3 - 0 nv2rc4o.asoyhmje.cn/106286gm/game_gamer-1480_3r8 122.228.248.120
2017-12-11 12:33:41 +0100
0 - 2 - 1 iel8x7k.edvekfit.cn/cn104072k/AppScan%E5%AE%98 122.228.248.120
2017-11-27 01:58:59 +0100
0 - 0 - 1 hzeq.aptixpvp.cn/104880pyui 122.228.248.120
2017-11-27 01:58:50 +0100
0 - 0 - 1 lei8zo4.aptixpvp.cn/le104869i 122.228.248.120
2017-11-21 05:00:47 +0100
0 - 2 - 0 lei8zjn.aptixpvp.cn/lei104828/%E6%8B%B3%E7%9A (...) 122.228.248.120

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2018-09-23 06:47:40 +0200
0 - 0 - 1 azyx2.charrem.com/bingguomengemengxiaozsjbwxx (...) 218.92.227.208
2018-09-23 06:42:30 +0200
0 - 0 - 1 zj.downxia.com/down/cfleishen.rar?vspublic=46 (...) 60.190.119.11
2018-09-23 06:39:57 +0200
0 - 0 - 1 down.263209.com/cx/180619/37/setup@14_14091.exe 113.113.96.42
2018-09-23 06:30:13 +0200
0 - 1 - 1 c.img001.com/re58/girlshow_20140032449.exe 218.92.219.100
2018-09-23 06:24:33 +0200
0 - 0 - 1 down23.869v.com/down/setup_364qwab.exe 221.234.40.46
2018-09-23 06:20:55 +0200
0 - 1 - 9 clearall.com.cn/a/lianxiwomen/diliweizhi 202.96.154.22
2018-09-23 06:13:27 +0200
0 - 1 - 1 c.img001.com/re58/girlshow_20300027293.exe 61.147.234.60
2018-09-23 06:12:26 +0200
0 - 0 - 1 xiazai.xiazaijia.cc/cx/1507069/SecureCRT@57_2 (...) 59.47.232.75
2018-09-23 06:10:32 +0200
0 - 1 - 1 c.img001.com/re58/pingguo_23133405405.exe 180.101.56.166
2018-09-23 06:09:56 +0200
0 - 2 - 1 c2.72zx.com/download/origin8.0%E4%B8%AD%E6%96 (...) 218.6.23.43

No other reports on domain: apimguxy.cn



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /l104629ei/2017%E5%B9%B42017%E5%B9%B4%E5%89%A7%E6%83%85%E5%8E%86%E5%8F%B2%E5%BB%BA%E5%86%9B%E5%A4%A7%E4%B8%9ABD%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97%E8%BF%85%E9%9B%B7_idianying-1080_r9v HTTP/1.1 
Host: lei8yxh.apimguxy.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         122.228.248.120
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: nginx/1.4.2
Date: Fri, 13 Oct 2017 02:06:47 GMT
Content-Length: 3383448
Last-Modified: Fri, 13 Oct 2017 01:30:12 GMT
Connection: keep-alive
Etag: "59e01724-33a098"
Content-Disposition: attachment; filename=2017%e5%b9%b42017%e5%b9%b4%e5%89%a7%e6%83%85%e5%8e%86%e5%8f%b2%e5%bb%ba%e5%86%9b%e5%a4%a7%e4%b8%9aBD%e5%9b%bd%e8%af%ad%e4%b8%ad%e5%ad%97%e8%bf%85%e9%9b%b7_idianying-1080_r9v.exe; filename*=utf-8''2017%e5%b9%b42017%e5%b9%b4%e5%89%a7%e6%83%85%e5%8e%86%e5%8f%b2%e5%bb%ba%e5%86%9b%e5%a4%a7%e4%b8%9aBD%e5%9b%bd%e8%af%ad%e4%b8%ad%e5%ad%97%e8%bf%85%e9%9b%b7_idianying-1080_r9v.exe
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   3383448
Md5:    d94bce1bd39d77f454e9bf3f649959f4
Sha1:   7b76accbd073f74d612492bd3255801cb1490f1f
Sha256: e56b7586a1a992dc7b8d0d818c10511cef1aad476a079f62a53ba51f160737ca

Alerts:
  IDS:
    - ET INFO EXE - Served Attached HTTP
    - ET POLICY PE EXE or DLL Windows file download HTTP
    - ETPRO EXPLOIT ATMFD.DLL Privilege Elevation Vuln (CVE-2016-3220)