Overview

URL xz.sdhzghc.com/693865/apk/default.apk
IP101.69.113.238
ASNAS4837 CNCGROUP China169 Backbone
Location China
Report completed2019-01-12 04:07:27 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-12 2 xz.sdhzghc.com/693865/apk/default.apk Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 101.69.113.238

Date UQ / IDS / BL URL IP
2019-03-20 09:52:37 +0100
0 - 0 - 1 mo.l5645.net/mo/setup.cr173.188607.exe 101.69.113.238
2019-03-19 08:10:56 +0100
0 - 0 - 1 mo.l5645.net/mo/setup.cr173.198105.exe 101.69.113.238
2019-03-12 15:39:19 +0100
0 - 0 - 1 xz.dgtzhlszx.com/093352/apk/962/qqdzz4004.apk 101.69.113.238
2019-03-06 19:49:54 +0100
0 - 0 - 1 mo.l5645.net/mo/setup.cr173.727190.exe 101.69.113.238
2019-03-06 19:26:15 +0100
0 - 0 - 1 xz.szclcsc.com/822158/apk/962/majiangdanji962.apk 101.69.113.238
2019-03-06 19:25:49 +0100
0 - 0 - 1 xz.zshwzy.com/939739/apk/962/majiangdanji962.apk 101.69.113.238
2019-03-05 08:08:12 +0100
0 - 0 - 1 mo.l5645.net/mo/setup.cr173.67796.exe 101.69.113.238
2019-03-04 16:42:41 +0100
0 - 0 - 1 xz.moviece.com/601029/apk/default.apk 101.69.113.238
2019-02-24 03:36:45 +0100
0 - 0 - 1 xz.dgtzhlszx.com/516075/apk/962/jesjinhua.apk 101.69.113.238
2019-02-23 21:24:48 +0100
0 - 0 - 1 xz.zshwzy.com/825545/apk/cr173/hongbaowaigua.apk 101.69.113.238

Last 10 reports on ASN: AS4837 CNCGROUP China169 Backbone

Date UQ / IDS / BL URL IP
2019-03-21 18:46:33 +0100
0 - 3 - 1 dl.kkdownload.com/kz5xiaoxin3/KuaiZip_Setup_3 (...) 221.204.166.22
2019-03-21 18:42:48 +0100
0 - 0 - 1 wap.apk.anzhi.com/data1/apk/201402/10/zhu.bir (...) 61.54.90.25
2019-03-21 18:40:37 +0100
0 - 0 - 1 tuidl.01lm.com/tk/9158chat_443985.exe 119.167.243.188
2019-03-21 18:39:40 +0100
0 - 2 - 1 down.8476ddd.com/hezi/xx/setup_600ys.exe 202.97.174.82
2019-03-21 18:39:28 +0100
0 - 2 - 1 down.xiaoxinrili.com/hezi/xx/setup_qiqidy2.exe 202.97.174.82
2019-03-21 18:39:27 +0100
0 - 2 - 1 down.xiaoxinrili.com/hezi/xx/setup_meiju.exe 202.97.174.82
2019-03-21 18:39:11 +0100
0 - 2 - 0 d1.w26.cn/z1b7ap.zip 113.207.34.253
2019-03-21 18:39:02 +0100
0 - 2 - 0 d2.w26.cn/z1b6.zip 27.221.30.120
2019-03-21 18:38:40 +0100
0 - 1 - 1 d2.w26.cn/lin1.zip 27.221.30.110
2019-03-21 18:37:29 +0100
0 - 2 - 1 down.ttu998d.com/hezi/xx/setup_bx330.exe 202.97.174.82

No other reports on domain: sdhzghc.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /693865/apk/default.apk HTTP/1.1 
Host: xz.sdhzghc.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         101.69.113.238
HTTP/1.1 200 OK
Content-Type: application/vnd.android.package-archive
                                        
Last-Modified: Fri, 15 Dec 2017 02:15:38 GMT
Accept-Ranges: bytes
Etag: "0112994a75d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 12 Jan 2019 03:06:51 GMT
Content-Length: 4188388


--- Additional Info ---
Magic:  Zip archive data, at least v2.0 to extract
Size:   4188388
Md5:    a9b1eaee13c2e82c300f1cb7654f7039
Sha1:   6442e91372e0cdce5e7f7e9601df98463207d91a
Sha256: 70a99a2997cf2a9f93c7a0cc5e9e7a100b34134b00d2e7519844f6959acb3c40

Alerts:
  Blacklists:
    - fortinet: Malware