Overview

URL 14614.xc.gongnou.com/down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6%94%BE%E5%99%A8@626_4686.exe
IP114.55.188.114
ASN
Location China
Report completed2018-12-16 15:03:59 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-16 2 14614.xc.gongnou.com/down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6% (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 114.55.188.114

Date UQ / IDS / BL URL IP
2019-03-19 20:40:50 +0100
0 - 0 - 1 11144.url.7wkw.com/down/%E7%AE%80%E4%B9%A6%E7 (...) 114.55.188.114
2019-03-19 19:32:29 +0100
0 - 0 - 1 url.tudown.com/down/jatoolsPrinter%E5%85%8D%E (...) 114.55.188.114
2019-03-19 19:18:35 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/PowerPoint%202016@2988 (...) 114.55.188.114
2019-03-19 19:16:33 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/chrome%E6%9E%81%E9%80% (...) 114.55.188.114
2019-03-19 19:16:07 +0100
0 - 0 - 1 11217.url.9xiazaiqi.com/down/office2016@394_2 (...) 114.55.188.114
2019-03-19 19:08:42 +0100
0 - 0 - 1 url.7wkw.com/down/api-ms-win-crt-runtime-l1-1 (...) 114.55.188.114
2019-03-19 19:06:15 +0100
0 - 0 - 1 url.tudown.com/down/windowsmoviemaker%E4%B8%A (...) 114.55.188.114
2019-03-19 19:05:37 +0100
0 - 0 - 1 url.tudown.com/down/win10%E6%BF%80%E6%B4%BB%E (...) 114.55.188.114
2019-03-19 19:05:18 +0100
0 - 0 - 1 url.tudown.com/down/%E5%BE%AE%E4%BF%A1web%E5% (...) 114.55.188.114
2019-03-19 19:03:54 +0100
0 - 0 - 1 url.tudown.com/down/%E6%89%93%E5%8D%B0%E6%9C% (...) 114.55.188.114

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-03-19 22:51:57 +0100
0 - 0 - 2 bernardlawgroup.com/wp-admin/654no-90vhg5-nznvlyg/ 68.66.204.228
2019-03-19 22:48:12 +0100
1 - 0 - 0 availlerjourne.tk/ 212.80.217.169
2019-03-19 22:43:43 +0100
0 - 0 - 1 1goldsms.com/ 103.215.228.38
2019-03-19 22:41:53 +0100
0 - 0 - 0 https://learn-anything.xyz/1776 52.53.195.187
2019-03-19 22:39:52 +0100
0 - 0 - 0 130.250.135.158 130.250.135.158
2019-03-19 22:39:48 +0100
0 - 0 - 1 www.sharepoint-irs.com/Sharepoint/ 198.54.117.244
2019-03-19 22:36:06 +0100
0 - 0 - 1 ali.files.cdn.112gs.com/2018/12/07/183558749.apk 143.204.51.119
2019-03-19 22:35:40 +0100
0 - 0 - 0 www.gulfstreampark.com/home/live-races-casino (...) 144.217.163.173
2019-03-19 22:34:33 +0100
0 - 0 - 1 nce.com/alone/alone.php 47.52.166.221
2019-03-19 22:34:23 +0100
0 - 0 - 1 label5-black.ru/b/opt/4802BA1BF27B52BFE55C1969 64.95.103.182

No other reports on domain: gongnou.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6%94%BE%E5%99%A8@626_4686.exe HTTP/1.1 
Host: 14614.xc.gongnou.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.224.39.0
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sun, 16 Dec 2018 14:03:29 GMT
Content-Length: 1344048
Connection: keep-alive
Content-Disposition: attachment; filename*="utf8''腾讯视频播放器@626_4686.exe"


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1344048
Md5:    f2e93ef7bb048942a11b780bc4000d32
Sha1:   6488fa3242f3dad4223fe051a533f19bf1eb5097
Sha256: 14601dcf44a395ed32c1b4bc149f101337b44bf10ea82c6d45a11b51c46a6747

Alerts:
  Blacklists:
    - fortinet: Malware