Overview

URL 14614.xc.gongnou.com/down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6%94%BE%E5%99%A8@626_4686.exe
IP114.55.188.114
ASN
Location China
Report completed2018-12-16 15:03:59 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-16 2 14614.xc.gongnou.com/down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6% (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 114.55.188.114

Date UQ / IDS / BL URL IP
2019-06-10 20:32:44 +0200
0 - 4 - 1 url.222bz.com/down/mp3%E5%89%AA%E5%88%87%E5%9 (...) 114.55.188.114
2019-06-10 15:10:33 +0200
0 - 0 - 1 26729.xc.tduou.com26567.xc.gongnou.com26567.x (...) 114.55.188.114
2019-06-10 14:43:28 +0200
0 - 4 - 1 1759.url.9xiazaiqi.com/down/win7 114.55.188.114
2019-06-10 14:36:13 +0200
0 - 0 - 1 12166.url.222bz.com/down 114.55.188.114
2019-06-10 12:17:57 +0200
0 - 0 - 1 url.tudown.com/down/%EF%BF%BD%EF%BF%BD 114.55.188.114
2019-06-10 10:12:46 +0200
0 - 0 - 1 23150.url.xaskm.com/xiaz 114.55.188.114
2019-06-09 17:48:06 +0200
0 - 0 - 1 url.tudown.com/down/%EF%BF%BD%EF%BF%BD%EF%BF% (...) 114.55.188.114
2019-06-09 17:36:58 +0200
0 - 2 - 1 url.tudown.com/down/ArcSoftTotalMediaTheatrev (...) 114.55.188.114
2019-06-09 17:04:47 +0200
0 - 0 - 1 23849.url.tudown.com/xiaz 114.55.188.114
2019-06-09 13:05:33 +0200
0 - 4 - 1 url.9xiazaiqi.com/down/woown 114.55.188.114

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-06-18 07:58:40 +0200
0 - 0 - 1 https://mazxcertws.com//?email= 91.189.187.182
2019-06-18 07:54:27 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735906/ 143.204.52.228
2019-06-18 07:54:20 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735695/ 143.204.52.228
2019-06-18 07:54:18 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735668/ 143.204.52.228
2019-06-18 07:53:50 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735666/ 143.204.52.228
2019-06-18 07:53:48 +0200
0 - 0 - 0 https://coderwall.com/p/vdeexw/putlockers-hd- (...) 52.204.136.9
2019-06-18 07:53:40 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735612/ 143.204.52.228
2019-06-18 07:50:35 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735612/%20http (...) 143.204.52.228
2019-06-18 07:46:12 +0200
0 - 0 - 2 astrons.nl/sec.htm 185.182.57.106
2019-06-18 07:44:42 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049735957/ 143.204.52.228

No other reports on domain: gongnou.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6%94%BE%E5%99%A8@626_4686.exe HTTP/1.1 
Host: 14614.xc.gongnou.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.224.39.0
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sun, 16 Dec 2018 14:03:29 GMT
Content-Length: 1344048
Connection: keep-alive
Content-Disposition: attachment; filename*="utf8''腾讯视频播放器@626_4686.exe"


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1344048
Md5:    f2e93ef7bb048942a11b780bc4000d32
Sha1:   6488fa3242f3dad4223fe051a533f19bf1eb5097
Sha256: 14601dcf44a395ed32c1b4bc149f101337b44bf10ea82c6d45a11b51c46a6747

Alerts:
  Blacklists:
    - fortinet: Malware