Report - www.ipwork.co.kr/bin2/IPWork

Report Overview

Submitted URL
www.ipwork.co.kr/bin2/IPWork_Simple.exe
IP
183.111.199.225
ASN
#4766 Korea Telecom
Submitted
2024-05-08 04:58:05
Access
public
Website Title
ipwork.co.kr/bin2/IPWork_Simple.exe
Final URL
www.ipwork.co.kr/bin2/IPWork_Simple.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.ipwork.co.kr	unknown	2014-02-12	2014-10-24	2023-10-06	1.6 kB	7.4 MB	183.111.199.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.ipwork.co.kr/bin2/IPWork_Simple.exe?ckattempt=1
IP
183.111.199.225
ASN
#4766 Korea Telecom

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
7.4 MB (7408634 bytes)
Hash
fb140e573080c5d71c9592e2c42525ab
cf904bea6e937db7a97fd2494bf3b9ef37f7f4a9
cc6a90d8348ceffe0b78d3d28a7719783a5f5615f45b9e8257bae092e4acfe30

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/69

JavaScript (2)

	URL	Size	First Seen	Last Seen
	www.ipwork.co.kr/cupid.js	45 kB	2023-03-07	2024-05-16
Pretty URL www.ipwork.co.kr/cupid.js IP 183.111.199.225 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:02 Last Seen2024-05-16 12:16:31 Times Seen1207 Hash 56f841dd82a8c486ad4e69593e9cf517 be98194094e26c06b01bb375cf00ee89998b9b6d 402622f24d30b687bbe409c14f0063bacbbd765fd3e7c22a8facd1be1c67e159 Loading...

	www.ipwork.co.kr/bin2/IPWork_Simple.exe	706 B	2024-05-08	2024-05-08
Pretty URL www.ipwork.co.kr/bin2/IPWork_Simple.exe IP 183.111.199.225 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 06:58:08 Last Seen2024-05-08 06:58:08 Times Seen1 Hash eb6db780fa238b3f9e4c262fe72bb9e9 8bfce54012320672ec7563c1b417d8fcaf10c9b0 7f0fef7b79ea8181231ea263ef44c91c2d46ca348adcc0d1320fec84a06a7d46 Loading...

HTTP Transactions (3)

URL IP Response Size

www.ipwork.co.kr/bin2/IPWork_Simple.exe

183.111.199.225

200 OK

786 B

URL User Request GET HTTP/2
www.ipwork.co.kr/bin2/IPWork_Simple.exe
IP
183.111.199.225:443
ASN
#4766 Korea Telecom

Certificate
IssuerSectigo Limited
Subjectipwork.co.kr
Fingerprint0E:6D:D5:CC:E5:FD:43:AD:CC:7C:91:5D:82:D6:15:B8:10:B6:04:AA
ValidityTue, 18 Jul 2023 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (786), with no line terminators
Size
786 B (786 bytes)
Hash
da9491d99694277fb0b91247f1dd4e11
b660284f83fd21ce09e597b7c27ff8ab133ec48b
49c43a6d83fcf09b2230faac5a81aa1881eb340d5fbafbbd0b1a3c2f300883a1

HTTP Headers

GET /bin2/IPWork_Simple.exe HTTP/1.1
Host: www.ipwork.co.kr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:57:40 GMT
content-type: text/html
content-length: 786
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2

www.ipwork.co.kr/cupid.js

183.111.199.225

200 OK

9.4 kB

URL GET HTTP/2
www.ipwork.co.kr/cupid.js
IP
183.111.199.225:443
ASN
#4766 Korea Telecom

Requested by
https://www.ipwork.co.kr/bin2/IPWork_Simple.exe
Certificate
IssuerSectigo Limited
Subjectipwork.co.kr
Fingerprint0E:6D:D5:CC:E5:FD:43:AD:CC:7C:91:5D:82:D6:15:B8:10:B6:04:AA
ValidityTue, 18 Jul 2023 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
9.4 kB (9416 bytes)
Hash
0da8211834111e052db751692164fd5a
692991aff3dc6a018fcfe7b54388d08ef2f88a90
a8aa207129237b18d4eff12a25c28688b2258a50d8f9f0d2bab7ff1385896efe

HTTP Headers

GET /cupid.js HTTP/1.1
Host: www.ipwork.co.kr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ipwork.co.kr/bin2/IPWork_Simple.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:57:41 GMT
content-type: application/javascript
last-modified: Tue, 05 Apr 2016 07:24:47 GMT
vary: Accept-Encoding
etag: W/"5703683f-af47"
content-encoding: gzip
X-Firefox-Spdy: h2

www.ipwork.co.kr/bin2/IPWork_Simple.exe?ckattempt=1

183.111.199.225

200 OK

7.4 MB

URL User Request GET HTTP/2
www.ipwork.co.kr/bin2/IPWork_Simple.exe?ckattempt=1
IP
183.111.199.225:443
ASN
#4766 Korea Telecom

Certificate
IssuerSectigo Limited
Subjectipwork.co.kr
Fingerprint0E:6D:D5:CC:E5:FD:43:AD:CC:7C:91:5D:82:D6:15:B8:10:B6:04:AA
ValidityTue, 18 Jul 2023 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
7.4 MB (7408634 bytes)
Hash
fb140e573080c5d71c9592e2c42525ab
cf904bea6e937db7a97fd2494bf3b9ef37f7f4a9
cc6a90d8348ceffe0b78d3d28a7719783a5f5615f45b9e8257bae092e4acfe30

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/69

HTTP Headers

GET /bin2/IPWork_Simple.exe?ckattempt=1 HTTP/1.1
Host: www.ipwork.co.kr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ipwork.co.kr/bin2/IPWork_Simple.exe
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 04:57:41 GMT
content-type: application/x-msdownload
content-length: 7408634
last-modified: Thu, 14 Dec 2017 09:37:53 GMT
etag: "710bfa-56049a359be40"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers