Overview

URL https://agkdowm.shizhiduxie.com.cn/hmdf74a/hm_40ed1dcc_v6.7.8.apk
IP1.189.213.64
ASNAS4837 CNCGROUP China169 Backbone
Location China
Report completed2018-12-06 16:20:56 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-06 2 agkdowm.shizhiduxie.com.cn/hmdf74a/hm_40ed1dcc_v6.7.8.apk Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 1.189.213.64

Date UQ / IDS / BL URL IP
2018-12-05 06:56:19 +0100
0 - 0 - 2 6tion.cn/t/10033sharelink.apk 1.189.213.64
2018-12-04 16:21:58 +0100
0 - 0 - 1 zl.ktg-foods.com.cn/PA/PA_dz162.apk 1.189.213.64
2018-11-27 03:11:26 +0100
0 - 0 - 1 www21.yujinning.com/Thelight-wd.exe 1.189.213.64
2018-11-09 01:04:43 +0100
0 - 0 - 1 https://1363482.dispatch.spcdntip.com/ 1.189.213.64
2018-11-05 11:35:29 +0100
0 - 0 - 1 dfsd.2208ap.com/jkm/80003.apk 1.189.213.64
2018-10-13 00:54:53 +0200
0 - 0 - 1 feiche.lineee.cn/ziyuan/meihua/rytq 1.189.213.64
2018-10-11 11:12:40 +0200
0 - 0 - 1 dfsd.2208ap.com/1/44003.apk 1.189.213.64
2018-10-05 23:34:22 +0200
0 - 0 - 1 dfsd.2208ap.com/jkm/84003.apk 1.189.213.64
2018-10-05 23:17:44 +0200
0 - 0 - 1 https://hgfhfgervf.jnlianshi.cn/jkm/42063.apk 1.189.213.64
2018-10-05 19:43:33 +0200
0 - 0 - 1 https://dfsd.2208ap.com/jkm/44062.apk 1.189.213.64

Last 10 reports on ASN: AS4837 CNCGROUP China169 Backbone

Date UQ / IDS / BL URL IP
2018-12-09 22:54:02 +0100
0 - 1 - 0 down.sandai.net/xljiasu/XLjiasu.exe 122.143.5.46
2018-12-09 22:27:34 +0100
0 - 0 - 1 www.jixunjsq.com/download/jixuninstall_dKGnxj.exe 221.204.166.70
2018-12-09 22:22:07 +0100
0 - 1 - 0 download.duba.net/2011/KPrivacySetup/KPrivacy (...) 42.54.2.17
2018-12-09 22:15:56 +0100
0 - 2 - 0 res.jzwl.52xiyou.com/ly/duowan/launcher/jzwld (...) 122.136.32.6
2018-12-09 22:09:39 +0100
0 - 1 - 1 downza.down.gsxzq.com/download/word2013_158@3 (...) 113.200.16.32
2018-12-09 21:45:14 +0100
0 - 0 - 1 cl.urndf.com/ 113.200.16.30
2018-12-09 21:41:41 +0100
0 - 0 - 1 m.anjian.com/help/jiaoben/yxfwaj.apk 124.161.253.19
2018-12-09 20:45:56 +0100
0 - 1 - 0 download.duba.net/2011/KPrivacySetup/KPrivacy (...) 42.54.2.16
2018-12-09 19:59:58 +0100
0 - 0 - 1 azyx6.197784.com/shenmi.apk 42.48.120.121
2018-12-09 19:19:54 +0100
0 - 0 - 1 csgo233-1251130179.file.myqcloud.com/Loader.exe 218.11.8.12

No other reports on domain: shizhiduxie.com.cn



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (3)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp2.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=166904
Date: Thu, 06 Dec 2018 15:18:33 GMT
Etag: "5c0926c1-1d7"
Expires: Sat, 08 Dec 2018 13:40:17 GMT
Last-Modified: Thu, 06 Dec 2018 13:40:17 GMT
Server: nginx
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    340f7ed425c7c962fdbc89190fbc7345
Sha1:   05df7719016062e45bf55c377ce462b785ed9a2f
Sha256: 6ea396347249f359cc2e4ce74ee2c2da4c93d978dce1c7db98d1a256031d69e2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=88209
Date: Thu, 06 Dec 2018 15:18:33 GMT
Etag: "5c07de9c-1d7"
Expires: Fri, 07 Dec 2018 15:48:42 GMT
Last-Modified: Wed, 05 Dec 2018 14:20:12 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    b720fc7e51997f08aff16b77b35d926c
Sha1:   451aa2e03459d64878265c09b13434000fc57edd
Sha256: 0deff8db7b5e023e81156187997deb7a716fcc2ac67ff49959bde560bb820a35
                                        
                                            GET /hmdf74a/hm_40ed1dcc_v6.7.8.apk HTTP/1.1 
Host: agkdowm.shizhiduxie.com.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         182.118.11.126
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: NWSs
Date: Thu, 06 Dec 2018 15:18:34 GMT
Content-Length: 20632963
Connection: keep-alive
Cache-Control: max-age=600
Expires: Thu, 06 Dec 2018 15:28:34 GMT
Last-Modified: Thu, 29 Nov 2018 10:24:50 GMT
X-NWS-UUID-VERIFY: fab68d65ab2bd6a3cecca11bf00782a2
X-NWS-LOG-UUID: 56147254-d17a-4d34-8a72-28b3cc420535
X-Cache-Lookup: Hit From Disktank3
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  Zip archive data, at least v2.0 to extract
Size:   20632963
Md5:    a3423188dbde5a9afb710c30ecd925a2
Sha1:   6335356998ddb23d211f6079c02b7c6f36cd6824
Sha256: 43bbf13479bc4040faa2f85dca3cd1192e43637a36f022a5cff77fc8d3e0a901

Alerts:
  Blacklists:
    - fortinet: Phishing