Overview

URL 14614.xc.gongnou.com/down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6%94%BE%E5%99%A8@626_4686.exe
IP114.55.188.114
ASN
Location China
Report completed2018-12-16 15:03:59 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-16 2 14614.xc.gongnou.com/down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6% (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 114.55.188.114

Date UQ / IDS / BL URL IP
2019-01-20 10:36:53 +0100
0 - 0 - 1 15039.url.246546.com/down/itools%20for%20ios% (...) 114.55.188.114
2019-01-20 07:05:30 +0100
0 - 0 - 1 10358.url.7wkw.com/down/3ds@211_70282.exe 114.55.188.114
2019-01-20 07:05:19 +0100
0 - 0 - 1 url.222bz.com/down/PDFelement%206%20Pro%E7%A0 (...) 114.55.188.114
2019-01-20 07:04:57 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/%E6%9E%81%E5%93%81%E4% (...) 114.55.188.114
2019-01-20 07:04:44 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/%E6%9E%81%E5%93%81%E4% (...) 114.55.188.114
2019-01-20 06:58:16 +0100
0 - 0 - 1 url.222bz.com/down/CIBN%E5%BD%B1%E8%A7%86%C2% (...) 114.55.188.114
2019-01-20 04:07:17 +0100
0 - 0 - 1 xc.gongnou.com/down/SecureCRT64v8.1.4@1166_15 (...) 114.55.188.114
2019-01-20 04:07:15 +0100
0 - 0 - 1 url.tudown.com/xiaz/%E8%90%A4%E7%9F%B3%E4%BA% (...) 114.55.188.114
2019-01-20 03:53:12 +0100
0 - 0 - 1 url.9xiazaiqi.com/xiaz/%E7%82%B9%E9%98%B5%E5% (...) 114.55.188.114
2019-01-20 03:53:09 +0100
0 - 0 - 1 url.9xiazaiqi.com/xiaz/@25_80833.exe 114.55.188.114

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-01-20 13:01:52 +0100
0 - 3 - 0 pf.toggle.com/s/1547980743/ko/8/4/84962-17978 (...) 149.56.159.0
2019-01-20 13:01:28 +0100
0 - 0 - 0 https://content-calpoly-edu.s3.amazonaws.com/ (...) 52.219.24.154
2019-01-20 13:00:42 +0100
0 - 2 - 0 download.audible.com/AM31/CD/AM_Rush.exe 143.204.51.202
2019-01-20 12:59:57 +0100
0 - 4 - 0 download.equalizerpro.com/vcredist2013/vcredi (...) 143.204.51.88
2019-01-20 12:59:21 +0100
0 - 0 - 1 www.nltopoffers.com/ntssmc/nl/index-z-uni.html 143.204.51.186
2019-01-20 12:57:44 +0100
1 - 0 - 1 vitapharma.no/ 164.132.160.172
2019-01-20 12:56:59 +0100
0 - 0 - 92 chacalexpeditions.com/ 170.10.164.98
2019-01-20 12:56:33 +0100
0 - 0 - 2 owwwc.com/mm/amd32.exe 103.100.209.198
2019-01-20 12:55:51 +0100
0 - 0 - 2 owwwc.com/mm/nvidia.exe 103.100.209.198
2019-01-20 12:55:22 +0100
0 - 0 - 1 www.prize-gifts.com/k/jpc/zp/ke/index-uni.html 143.204.51.198

No other reports on domain: gongnou.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /down/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91%E6%92%AD%E6%94%BE%E5%99%A8@626_4686.exe HTTP/1.1 
Host: 14614.xc.gongnou.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.224.39.0
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sun, 16 Dec 2018 14:03:29 GMT
Content-Length: 1344048
Connection: keep-alive
Content-Disposition: attachment; filename*="utf8''腾讯视频播放器@626_4686.exe"


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1344048
Md5:    f2e93ef7bb048942a11b780bc4000d32
Sha1:   6488fa3242f3dad4223fe051a533f19bf1eb5097
Sha256: 14601dcf44a395ed32c1b4bc149f101337b44bf10ea82c6d45a11b51c46a6747

Alerts:
  Blacklists:
    - fortinet: Malware