Overview

URL https://agkdowm.shizhiduxie.com.cn/hmdf74a/hm_40ed1dcc_v6.7.8.apk
IP1.189.213.64
ASNAS4837 CNCGROUP China169 Backbone
Location China
Report completed2018-12-06 16:20:56 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-06 2 agkdowm.shizhiduxie.com.cn/hmdf74a/hm_40ed1dcc_v6.7.8.apk Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 1.189.213.64

Date UQ / IDS / BL URL IP
2019-02-06 00:36:14 +0100
0 - 0 - 1 cki.credityou.cn/HVC/HVC_qq7.apk 1.189.213.64
2019-02-02 21:11:24 +0100
0 - 0 - 1 dfsd.actfans.com/jkm/40008.apk 1.189.213.64
2019-02-02 17:08:55 +0100
0 - 0 - 1 tx.win-team.cn/TB/TB_dz3.apk 1.189.213.64
2019-01-27 11:29:32 +0100
0 - 0 - 1 abc.jplxy.com/updata.rar 1.189.213.64
2019-01-24 15:48:49 +0100
0 - 0 - 1 tx.win-team.cn/PA/PA_dz195.apk 1.189.213.64
2019-01-21 19:03:04 +0100
0 - 0 - 1 d.988wan.com/baidu/flord_baidu_01.apk 1.189.213.64
2018-12-15 15:03:51 +0100
0 - 0 - 1 dfsd.actfans.com/jkm/44027.apk 1.189.213.64
2018-12-13 15:35:26 +0100
0 - 0 - 1 saop.hbjimin.com/hdoyjt/%E6%9C%BA%E5%8A%A8%E6 (...) 1.189.213.64
2018-12-05 06:56:19 +0100
0 - 0 - 2 6tion.cn/t/10033sharelink.apk 1.189.213.64
2018-12-04 16:21:58 +0100
0 - 0 - 1 zl.ktg-foods.com.cn/PA/PA_dz162.apk 1.189.213.64

Last 10 reports on ASN: AS4837 CNCGROUP China169 Backbone

Date UQ / IDS / BL URL IP
2019-02-16 03:40:20 +0100
0 - 0 - 1 dn.tcdbcc.com/dnfile/wmp/AB520190128.jar 60.211.204.236
2019-02-16 03:39:33 +0100
0 - 3 - 0 down10.zol.com.cn/zoldownload/mplayer_2011030 (...) 122.143.23.180
2019-02-16 03:11:54 +0100
0 - 0 - 1 57d9.fm880.cn/com.xhwl.sc.scteacher.apk 124.165.219.104
2019-02-16 03:08:35 +0100
0 - 2 - 1 adconfig.cnk.com.cn/uploads/a4f7498a1880d30e6 (...) 221.203.142.86
2019-02-16 03:03:09 +0100
0 - 0 - 1 down10.zol.com.cn/zoldownload/directx_11_redi (...) 122.143.23.180
2019-02-16 03:02:23 +0100
0 - 2 - 1 kk175.com/dlq/l4d2dlq.exe 103.38.42.227
2019-02-16 03:02:17 +0100
0 - 2 - 0 www.kk175.com/dlq/l4d2dlq.exe 103.38.42.227
2019-02-16 02:44:13 +0100
0 - 1 - 1 i.kpzip.com/n/install/lix/WinRAR_Setup_lix_003.exe 218.11.8.81
2019-02-16 02:41:48 +0100
0 - 2 - 0 d.kpzip.com/kuaizip/Kuaizip_Setup_7654_1300000.exe 121.29.54.199
2019-02-16 02:34:33 +0100
0 - 3 - 0 d.kpzip.com/kuaizipb/kuaizip_setup_qqdn_001.exe 121.29.54.65

No other reports on domain: shizhiduxie.com.cn



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (3)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp2.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=166904
Date: Thu, 06 Dec 2018 15:18:33 GMT
Etag: "5c0926c1-1d7"
Expires: Sat, 08 Dec 2018 13:40:17 GMT
Last-Modified: Thu, 06 Dec 2018 13:40:17 GMT
Server: nginx
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    340f7ed425c7c962fdbc89190fbc7345
Sha1:   05df7719016062e45bf55c377ce462b785ed9a2f
Sha256: 6ea396347249f359cc2e4ce74ee2c2da4c93d978dce1c7db98d1a256031d69e2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=88209
Date: Thu, 06 Dec 2018 15:18:33 GMT
Etag: "5c07de9c-1d7"
Expires: Fri, 07 Dec 2018 15:48:42 GMT
Last-Modified: Wed, 05 Dec 2018 14:20:12 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    b720fc7e51997f08aff16b77b35d926c
Sha1:   451aa2e03459d64878265c09b13434000fc57edd
Sha256: 0deff8db7b5e023e81156187997deb7a716fcc2ac67ff49959bde560bb820a35
                                        
                                            GET /hmdf74a/hm_40ed1dcc_v6.7.8.apk HTTP/1.1 
Host: agkdowm.shizhiduxie.com.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         182.118.11.126
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: NWSs
Date: Thu, 06 Dec 2018 15:18:34 GMT
Content-Length: 20632963
Connection: keep-alive
Cache-Control: max-age=600
Expires: Thu, 06 Dec 2018 15:28:34 GMT
Last-Modified: Thu, 29 Nov 2018 10:24:50 GMT
X-NWS-UUID-VERIFY: fab68d65ab2bd6a3cecca11bf00782a2
X-NWS-LOG-UUID: 56147254-d17a-4d34-8a72-28b3cc420535
X-Cache-Lookup: Hit From Disktank3
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  Zip archive data, at least v2.0 to extract
Size:   20632963
Md5:    a3423188dbde5a9afb710c30ecd925a2
Sha1:   6335356998ddb23d211f6079c02b7c6f36cd6824
Sha256: 43bbf13479bc4040faa2f85dca3cd1192e43637a36f022a5cff77fc8d3e0a901

Alerts:
  Blacklists:
    - fortinet: Phishing