Overview

URL dl.wandoujia.com/files/third/WanDouJiaSetup_baidu1.exe
IP14.116.140.39
ASNAS4134 Chinanet
Location China
Report completed2017-12-04 22:56:35 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-12-04 22:57:32 CET 1  210.61.180.164 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 14.116.140.39

Date UQ / IDS / BL URL IP
2018-11-03 03:20:19 +0100
0 - 0 - 1 apk.wdjcdn.com/0/19/d9dff413a176415743166cbd9 (...) 14.116.140.39
2018-10-27 19:50:20 +0200
0 - 0 - 2 apk.wandoujia.com/2/3b/453d35b5e6f76b95ebae0f (...) 14.116.140.39
2018-10-12 16:36:14 +0200
0 - 0 - 1 apk.wdjcdn.com/0/22/e65a494d3ae27509efe49b043 (...) 14.116.140.39
2018-10-12 11:15:13 +0200
0 - 0 - 1 apk.wdjcdn.com/0/22/e65a494d3ae27509efe49b043 (...) 14.116.140.39
2018-10-12 03:29:13 +0200
0 - 0 - 2 apk.wdjcdn.com/d/50/47f1e233ce434a2b82d10e98b (...) 14.116.140.39
2018-10-12 02:06:22 +0200
0 - 0 - 2 apk.wdjcdn.com/d/50/47f1e233ce434a2b82d10e98b (...) 14.116.140.39
2018-10-12 00:33:37 +0200
0 - 0 - 2 apk.wdjcdn.com/5/9c/555e865ede069f574229f65da (...) 14.116.140.39
2018-10-12 00:28:12 +0200
0 - 0 - 2 apk.wdjcdn.com/d/50/47f1e233ce434a2b82d10e98b (...) 14.116.140.39
2018-10-11 21:17:13 +0200
0 - 0 - 1 apk.wdjcdn.com/0/88/30c3c06801eeab7f64d4ed45b (...) 14.116.140.39
2018-10-11 20:49:38 +0200
0 - 0 - 2 apk.wdjcdn.com/c/6e/99410c676fe0de1b38f23a746 (...) 14.116.140.39

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2018-11-19 12:59:40 +0100
0 - 0 - 1 a.xiazai163.com/apk/kongtiaoyaokongqidashi_it (...) 221.234.42.18
2018-11-19 12:59:18 +0100
0 - 0 - 1 abadaily.com/page/1/2014-11/27/04/2014112704_ (...) 218.89.38.2
2018-11-19 12:57:41 +0100
0 - 0 - 1 abadaily.com/page/1/2014-12/31/02/2014123102_ (...) 218.89.38.2
2018-11-19 12:56:54 +0100
0 - 0 - 1 xiazai.xiazaijia.cc/cx/160225/2/FoxmailFoxMai (...) 59.47.232.75
2018-11-19 12:56:17 +0100
0 - 0 - 1 abadaily.com/page/1/2015-12/07/02/2015120702_ (...) 218.89.38.2
2018-11-19 12:54:20 +0100
0 - 0 - 1 abadaily.com/page/1/2015-09/06/03/2015090603_ (...) 218.89.38.2
2018-11-19 12:50:02 +0100
0 - 1 - 2 jh.01lm.com/jht/XLiao_J103_1027.exe 221.235.187.9
2018-11-19 12:49:08 +0100
0 - 0 - 2 jh.01lm.com/jh/Tgrenqi_I006_12072.exe 221.235.187.9
2018-11-19 12:49:06 +0100
0 - 0 - 1 abadaily.com/page/1/2014-10/21/03/2014102103_ (...) 218.89.38.2
2018-11-19 12:48:24 +0100
0 - 0 - 1 abadaily.com/page/1/2016-06/29/04/2016062904_ (...) 218.89.38.2

No other reports on domain: wandoujia.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (6)


Request Response
                                        
                                            GET /files/third/WanDouJiaSetup_baidu1.exe HTTP/1.1 
Host: dl.wandoujia.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         14.116.140.39
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx/1.10.1
Date: Mon, 04 Dec 2017 21:57:25 GMT
Content-Length: 161
Connection: keep-alive
Location: http://dl.cdn.wandoujia.com/files/third/WanDouJiaSetup_baidu1.exe


--- Additional Info ---
Magic:  HTML document text
Size:   161
Md5:    563087198d40f30ca57159065ade2f5a
Sha1:   ecbd57810f291921057a409123869ccba39e9b26
Sha256: 301a5dc6af4eb623afe999cb4d0511a05f83850b1b7b434064b8ed534ead9109
                                        
                                            GET /files/third/WanDouJiaSetup_baidu1.exe HTTP/1.1 
Host: dl.cdn.wandoujia.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         14.116.140.39
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx/1.10.1
Date: Mon, 04 Dec 2017 21:57:25 GMT
Content-Length: 161
Connection: keep-alive
Location: http://nc-dl.wdjcdn.com/files/third/WanDouJiaSetup_baidu1.exe


--- Additional Info ---
Magic:  HTML document text
Size:   161
Md5:    563087198d40f30ca57159065ade2f5a
Sha1:   ecbd57810f291921057a409123869ccba39e9b26
Sha256: 301a5dc6af4eb623afe999cb4d0511a05f83850b1b7b434064b8ed534ead9109
                                        
                                            GET /connecticutfootball-radio/api.php HTTP/1.1 
Host: allwallpapers.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         198.54.116.231
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 04 Dec 2017 22:00:52 GMT
Server: Apache
X-Powered-By: PHP/5.6.32
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 99


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   99
Md5:    edb2499c409f02e4e4158a0918baeb64
Sha1:   561fe9ca5c46a26a006ff66d31fa908976ff2642
Sha256: 30c1c1bd936b073e1c43d8454268d3463b5cdbef1f233fba6806dbb3f35854b6
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: allwallpapers.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         198.54.116.231
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 04 Dec 2017 22:00:52 GMT
Server: Apache
Content-Length: 328


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: allwallpapers.xyz
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         198.54.116.231
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 04 Dec 2017 22:00:55 GMT
Server: Apache
Content-Length: 328


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /files/third/WanDouJiaSetup_baidu1.exe HTTP/1.1 
Host: nc-dl.wdjcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         210.61.180.164
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Expires: Wed, 15 Feb 2045 23:30:18 GMT
Date: Sat, 30 Sep 2017 23:30:18 GMT
Server: nginx/1.10.1
Content-Length: 14954240
Last-Modified: Thu, 03 Mar 2016 12:25:52 GMT
Etag: "56d82d50-e42f00"
Cache-Control: max-age=864000000
Accept-Ranges: bytes
Via: 1.1 fangwangtong218:0 (Cdn Cache Server V2.0), 1.1 chdx47:0 (Cdn Cache Server V2.0)[0 200 0]
Age: 5610428
X-Via: 1.1 tb51:8 (Cdn Cache Server V2.0)[0 200 0]
X-Ws-Request-Id: 5a25c4c6_tb55_13228-41667
Connection: keep-alive


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   14954240
Md5:    d96d18f53111816bb47928edabffb79f
Sha1:   d03c6ffc3715b2072b2cf0f12ad658dd78bb16ba
Sha256: dfdf84a29a676774ee8d1bc65458cbdd8e6f3c8471feb2d26d0dc341d8d4530b

Alerts:
  IDS:
    - ET POLICY PE EXE or DLL Windows file download HTTP