Overview

URL lei8ynk.aninrsjo.cn/l104540ei/%E7%BB%8F%E5%85%B8%E5%8A%A8%E4%BD%9C%E5%80%9A%E5%A4%A9%E5%B1%A0%E9%BE%99%E8%AE%B0%E4%B9%8B%E9%AD%94%E6%95%99%E6%95%99%E4%B8%BBBD%E5%9B%BD%E7%B2%A4%E5%8F%8C%E8%AF%AD%E4%B8%AD%E5%AD%97%E8%BF%85%E9%9B%B7_idianying-1080_q01
IP122.228.248.120
ASNAS4134 Chinanet
Location China
Report completed2017-10-13 03:58:03 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-13 03:57:31 CEST 1  122.228.248.120 Client IP ETPRO EXPLOIT ATMFD.DLL Privilege Elevation Vuln (CVE-2016-3220)
2017-10-13 03:57:23 CEST 1  122.228.248.120 Client IP ET POLICY PE EXE or DLL Windows file download HTTP
2017-10-13 03:57:23 CEST 3  122.228.248.120 Client IP ET INFO EXE - Served Attached HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 122.228.248.120

Date UQ / IDS / BL URL IP
2017-12-11 12:33:41 +0100
0 - 2 - 1 iel8x7k.edvekfit.cn/cn104072k/AppScan%E5%AE%98 122.228.248.120
2017-11-27 01:58:59 +0100
0 - 0 - 1 hzeq.aptixpvp.cn/104880pyui 122.228.248.120
2017-11-27 01:58:50 +0100
0 - 0 - 1 lei8zo4.aptixpvp.cn/le104869i 122.228.248.120
2017-11-21 05:00:47 +0100
0 - 2 - 0 lei8zjn.aptixpvp.cn/lei104828/%E6%8B%B3%E7%9A (...) 122.228.248.120
2017-11-20 18:08:11 +0100
0 - 0 - 1 lei8zmt.aptixpvp.cn/lei104857 122.228.248.120
2017-11-20 18:08:10 +0100
0 - 0 - 1 lei8zg4.apmkugtm.cn/lei104797 122.228.248.120
2017-11-20 06:31:26 +0100
0 - 0 - 1 lei8zdn.apmkugtm.cn/104774lei/60%E7%A7%92%E4% (...) 122.228.248.120
2017-11-20 06:31:18 +0100
0 - 0 - 1 lei8zcy.apimguxy.cn/104768lei/%E6%B8%B8%E6%88 (...) 122.228.248.120
2017-11-20 06:31:15 +0100
0 - 0 - 1 lei8zo6.aptixpvp.cn/l104869ei/AdobePhotoshop2 (...) 122.228.248.120
2017-11-20 02:32:58 +0100
0 - 0 - 1 hzio.aptixpvp.cn/pyui104898 122.228.248.120

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2017-12-11 16:34:10 +0100
0 - 1 - 1 f3.8866.org/h.exe 117.24.161.225
2017-12-11 16:21:56 +0100
0 - 0 - 0 113.139.225.245 113.139.225.245
2017-12-11 16:16:40 +0100
0 - 0 - 0 222.178.90.43 222.178.90.43
2017-12-11 16:13:17 +0100
0 - 0 - 1 attachments.goapk.com/forum/201301/04/135352b (...) 122.228.193.89
2017-12-11 14:42:10 +0100
0 - 0 - 1 xunzhong.com/(S(2y55g5a5qwrdv5ejhwtf4qy1))/Ca (...) 219.145.194.27
2017-12-11 14:15:00 +0100
0 - 0 - 1 www.qjyz.net/guest/guest/index.php 218.63.200.3
2017-12-11 13:58:28 +0100
0 - 2 - 0 200878.top/ 222.186.138.60
2017-12-11 13:29:51 +0100
0 - 1 - 0 download.ccb.com/cn/html1/office/ebank/dzb/su (...) 27.155.71.30
2017-12-11 12:33:41 +0100
0 - 2 - 1 iel8x7k.edvekfit.cn/cn104072k/AppScan%E5%AE%98 122.228.248.120
2017-12-11 12:31:45 +0100
0 - 1 - 0 122.225.36.138 122.225.36.138

No other reports on domain: aninrsjo.cn



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /l104540ei/%E7%BB%8F%E5%85%B8%E5%8A%A8%E4%BD%9C%E5%80%9A%E5%A4%A9%E5%B1%A0%E9%BE%99%E8%AE%B0%E4%B9%8B%E9%AD%94%E6%95%99%E6%95%99%E4%B8%BBBD%E5%9B%BD%E7%B2%A4%E5%8F%8C%E8%AF%AD%E4%B8%AD%E5%AD%97%E8%BF%85%E9%9B%B7_idianying-1080_q01 HTTP/1.1 
Host: lei8ynk.aninrsjo.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         122.228.248.120
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: nginx/1.4.2
Date: Fri, 13 Oct 2017 01:51:10 GMT
Content-Length: 3383448
Last-Modified: Fri, 13 Oct 2017 01:30:12 GMT
Connection: keep-alive
Etag: "59e01724-33a098"
Content-Disposition: attachment; filename=%e7%bb%8f%e5%85%b8%e5%8a%a8%e4%bd%9c%e5%80%9a%e5%a4%a9%e5%b1%a0%e9%be%99%e8%ae%b0%e4%b9%8b%e9%ad%94%e6%95%99%e6%95%99%e4%b8%bbBD%e5%9b%bd%e7%b2%a4%e5%8f%8c%e8%af%ad%e4%b8%ad%e5%ad%97%e8%bf%85%e9%9b%b7_idianying-1080_q01.exe; filename*=utf-8''%e7%bb%8f%e5%85%b8%e5%8a%a8%e4%bd%9c%e5%80%9a%e5%a4%a9%e5%b1%a0%e9%be%99%e8%ae%b0%e4%b9%8b%e9%ad%94%e6%95%99%e6%95%99%e4%b8%bbBD%e5%9b%bd%e7%b2%a4%e5%8f%8c%e8%af%ad%e4%b8%ad%e5%ad%97%e8%bf%85%e9%9b%b7_idianying-1080_q01.exe
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   3383448
Md5:    d94bce1bd39d77f454e9bf3f649959f4
Sha1:   7b76accbd073f74d612492bd3255801cb1490f1f
Sha256: e56b7586a1a992dc7b8d0d818c10511cef1aad476a079f62a53ba51f160737ca

Alerts:
  IDS:
    - ETPRO EXPLOIT ATMFD.DLL Privilege Elevation Vuln (CVE-2016-3220)
    - ET POLICY PE EXE or DLL Windows file download HTTP
    - ET INFO EXE - Served Attached HTTP