urlquery.net - Report

Overview

URL	pc6.down.123ch.cn/download/F.lux%E8%87%AA%E5%8A%A8%E6%8A%A4%E7%9C%BC%E5%B7%A5%E5%85%B7_30@153802.exe
IP	101.69.121.120
ASN	AS4837 CNCGROUP China169 Backbone
Location	China
Report completed	2018-12-04 18:24:32 CET
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2018-12-04 18:24:01 CET	1	221.204.166.36	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Blacklists

MDL	No alerts detected
OpenPhish	No alerts detected
PhishTank	No alerts detected
Fortinet's Web Filter	No alerts detected
DNS-BH	No alerts detected
mnemonic secure dns	No alerts detected

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 101.69.121.120

Date	UQ / IDS / BL	URL	IP
2019-05-16 18:50:37 +0200	0 - 1 - 0	down.tth7.cn/new/ie11%E6%B5%8F%E8%A7%88%E5%99 (...)	101.69.121.120
2019-05-14 08:24:29 +0200	0 - 1 - 0	down.ttp1.cn/new/ie8@700_1482_1482-.exe	101.69.121.120
2019-05-06 16:00:15 +0200	0 - 1 - 0	down.053intn.cn/new/%E5%BE%AE%E4%BF%A1%E7%94% (...)	101.69.121.120
2019-04-17 08:44:58 +0200	0 - 0 - 1	download.pdf00.cn/pdfreader/news/v1.0.1.17/ne (...)	101.69.121.120
2019-04-12 05:37:52 +0200	0 - 0 - 1	dl.kkdownload.com/kzqudong1/KuaiZip_Setup_665 (...)	101.69.121.120
2019-04-06 08:30:12 +0200	0 - 0 - 1	down.052intn.cn/new/wps@602_1436_1436-.exe	101.69.121.120
2019-04-03 10:13:16 +0200	0 - 0 - 1	download.pdf00.cn/pdfreader/mini/v1.0.1.17/mi (...)	101.69.121.120
2019-04-03 04:49:18 +0200	0 - 0 - 1	down.softwo.net/downloads/special/jsdh/instal (...)	101.69.121.120
2019-04-01 15:07:49 +0200	0 - 0 - 1	down1.7654.com/n/tui/tips/v1.0.7.17/tips2-7.exe	101.69.121.120
2019-03-24 08:49:36 +0100	0 - 1 - 0	pz1.3dn.mse.sogou.com/sogou_explorer_feichuan (...)	101.69.121.120

Last 10 reports on ASN: AS4837 CNCGROUP China169 Backbone

Date	UQ / IDS / BL	URL	IP
2019-05-20 23:41:09 +0200	0 - 2 - 1	mininews.kpzip.com/n/tui/mininews/mininews/v4 (...)	27.221.54.221
2019-05-20 23:38:58 +0200	0 - 0 - 1	jhcw.gavtc.cn/upfiles/201431295245630.rar	101.206.70.252
2019-05-20 23:36:24 +0200	0 - 1 - 1	sinastorage.com/yun2016/ald_publish.rar	60.28.164.37
2019-05-20 23:34:11 +0200	0 - 0 - 1	jzny.com.cn/upload/pdfnews/20181015085042/%E5 (...)	60.6.255.195
2019-05-20 23:29:22 +0200	0 - 2 - 1	mininews.kpzip.com/n/tui/mininews/mininews/v4 (...)	42.236.126.237
2019-05-20 23:28:55 +0200	0 - 0 - 1	wt.jlgua.com/download/jyjs.rar	183.191.157.95
2019-05-20 23:05:10 +0200	0 - 1 - 0	veryboys.com/game/download/zip/waigua/xianjin (...)	218.25.10.29
2019-05-20 22:32:24 +0200	0 - 0 - 1	o.bxacg.com/ll8kll8k.exe	210.22.63.111
2019-05-20 22:26:06 +0200	0 - 0 - 1	lsyr.net/dow/butterfly_rome_1.1.56.zip	42.236.74.142
2019-05-20 22:25:17 +0200	0 - 0 - 0	www.pc6.com	113.59.43.98

No other reports on domain: 123ch.cn

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /download/F.lux%E8%87%AA%E5%8A%A8%E6%8A%A4%E7%9C%BC%E5%B7%A5%E5%85%B7_30@153802.exe HTTP/1.1 Host: pc6.down.123ch.cn User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	221.204.166.36 HTTP/1.1 200 OK Content-Type: application/octet-stream Server: NWS_TCloud_S1 Connection: keep-alive Date: Tue, 04 Dec 2018 17:24:00 GMT Cache-Control: max-age=600 Expires: Tue, 04 Dec 2018 17:34:00 GMT Last-Modified: Thu, 16 Aug 2018 03:03:56 GMT Content-Length: 915080 X-NWS-LOG-UUID: 3681721092942037313 93ac36132da52746c6ce0cc3a55da8ae X-Cache-Lookup: Hit From Disktank3 Accept-Ranges: bytes --- Additional Info --- Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit Size: 915080 Md5: 68d5159d32321ed664a26fa01def4b5b Sha1: c34bb6c6bb1dcac3be26e4a09daf77166394a62f Sha256: a073bbd15699f1ee32b8a22830d9f37780c4352af7e17054a8d665f70b66df1b Alerts: IDS: - ET POLICY PE EXE or DLL Windows file download HTTP

Request

Response

                                        
                                            GET /download/F.lux%E8%87%AA%E5%8A%A8%E6%8A%A4%E7%9C%BC%E5%B7%A5%E5%85%B7_30@153802.exe HTTP/1.1 

                                        
                                            
Host: pc6.down.123ch.cn

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 

                                        
                                            
Accept-Language: en-us,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip,deflate 

                                        
                                            
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 

                                        
                                            
Keep-Alive: 115 

                                        
                                            
Connection: keep-alive

                                         
                                         221.204.166.36

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/octet-stream

                                        

                                        
                                            
Server: NWS_TCloud_S1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Date: Tue, 04 Dec 2018 17:24:00 GMT 

                                        
                                            
Cache-Control: max-age=600 

                                        
                                            
Expires: Tue, 04 Dec 2018 17:34:00 GMT 

                                        
                                            
Last-Modified: Thu, 16 Aug 2018 03:03:56 GMT 

                                        
                                            
Content-Length: 915080 

                                        
                                            
X-NWS-LOG-UUID: 3681721092942037313 93ac36132da52746c6ce0cc3a55da8ae 

                                        
                                            
X-Cache-Lookup: Hit From Disktank3 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit

                                                Size:   915080

                                                Md5:    68d5159d32321ed664a26fa01def4b5b

                                                Sha1:   c34bb6c6bb1dcac3be26e4a09daf77166394a62f

                                                Sha256: a073bbd15699f1ee32b8a22830d9f37780c4352af7e17054a8d665f70b66df1b

                                            

                                            
                                                
Alerts:

                                                

                                                
                                                
                                                
                                                      IDS:

                                                    
                                                            - ET POLICY PE EXE or DLL Windows file download HTTP