Report - 120.24.193.183:9917/xj

Report Overview

Submitted URL
120.24.193.183:9917/xj_lfx/Rar.exe
IP
120.24.193.183
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2023-06-01 04:03:57
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
7
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
120.24.193.183:9917	unknown	unknown	No data	No data	406 B	562 kB	120.24.193.183

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-01 04:03:40	medium	Client IP	120.24.193.183	ET INFO Executable Download from dotted-quad Host
2023-06-01 04:03:40	medium	Client IP	120.24.193.183	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
2023-06-01 04:03:40	high	120.24.193.183	Client IP	ET POLICY Terse Named Filename EXE Download - Possibly Hostile
2023-06-01 04:03:42	high	120.24.193.183	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2023-06-01 04:03:42	high	120.24.193.183	Client IP	ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)
2023-06-01 04:03:42	medium	120.24.193.183	Client IP	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
2023-06-01 04:03:42	low	120.24.193.183	Client IP	ET INFO EXE - Served Attached HTTP

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-06-01	medium	120.24.193.183

ThreatFox

No alerts detected

Files detected

URL
120.24.193.183:9917/xj_lfx/Rar.exe
IP
120.24.193.183
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PE32 executable (console) Intel 80386, for MS Windows\012- data
Size
562 kB (562064 bytes)
Hash
edc8c8a7ed2da7bb37d7653fa2703efe
5e45932730677deff7d1b8c847a8ab204a8a0542
193e273e3e2d53f0cde6c465afd25257dd4013f38373346f8290513f441ce230

Detections

Analyzer	Verdict	Alert
VirusTotal	0/67	VirusTotal -

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

120.24.193.183:9917/xj_lfx/Rar.exe

120.24.193.183

200 OK

562 kB

URL User Request GET HTTP/1.1
120.24.193.183:9917/xj_lfx/Rar.exe
IP
120.24.193.183:9917
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PE32 executable (console) Intel 80386, for MS Windows\012- data
Size
562 kB (562064 bytes)
Hash
edc8c8a7ed2da7bb37d7653fa2703efe
5e45932730677deff7d1b8c847a8ab204a8a0542
193e273e3e2d53f0cde6c465afd25257dd4013f38373346f8290513f441ce230

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed
VirusTotal	0/67	VirusTotal -

HTTP Headers

GET /xj_lfx/Rar.exe HTTP/1.1
Host: 120.24.193.183:9917
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 562064
Accept-Ranges: bytes
Server: HFS 2.3 beta
Set-Cookie: HFS_SID=0.53391819819808; path=/;
Last-Modified: Wed, 16 Nov 2022 11:45:11 GMT
Content-Disposition: attachment; filename="Rar.exe";

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers