Report - xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe

Report Overview

Submitted URL
xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe
IP
180.167.194.37
ASN
#4812 China Telecom Group
Submitted
2024-05-21 04:11:37
Access
public
Website Title
404 Not Found
Final URL
xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xpxx.xhedu.sh.cn	unknown	2003-03-04	2015-03-02	2023-12-14	1.9 kB	1.1 kB	180.167.194.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-21 04:11:11	high	Client IP	153.92.7.217	ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
2024-05-21 04:11:31	high	Client IP	153.92.7.217	ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

	URL	IP	Response	Size
	xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe	180.167.194.37	302 Found	146 B
URL User Request GET HTTP/1.1 xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe IP 180.167.194.37:80 ASN #4812 China Telecom Group File type HTML document, ASCII text, with CRLF line terminators Size 146 B (146 bytes) Hash 8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 HTTP Headers `GET /flash_mx/instalflasplayeax.exe HTTP/1.1 Host: xpxx.xhedu.sh.cn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 404 Not Found content-type: text/html date: Tue, 21 May 2024 04:11:13 GMT server: xhdxb-2019 content-length: 146 X-Firefox-Spdy: h2`

	xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe	180.167.194.37	302 Found	5 B
URL User Request GET HTTP/1.1 xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe IP 180.167.194.37:80 ASN #4812 China Telecom Group File type ASCII text, with no line terminators Size 5 B (5 bytes) Hash 5d695cc28c6a7ea955162fbdd0ae42b9 bbba84135de6b052c2210e74e0cc5b2a9d359ddb b0ee315f4ac6af09d05f9e6f23ffb606f3b4fec1ba897bd4315592d2a2979876 HTTP Headers `GET /flash_mx/instalflasplayeax.exe HTTP/1.1 Host: xpxx.xhedu.sh.cn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Found Location: https://xpxx.xhedu.sh.cn:443/flash_mx/instalflasplayeax.exe Date: Tue, 21 May 2024 04:11:13 GMT Content-Length: 5 Content-Type: text/plain; charset=utf-8`

	xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe	180.167.194.37	302 Found	146 B
URL User Request GET HTTP/1.1 xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe IP 180.167.194.37:80 ASN #4812 China Telecom Group File type HTML document, ASCII text, with CRLF line terminators Size 146 B (146 bytes) Hash 8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 HTTP Headers `GET /flash_mx/instalflasplayeax.exe HTTP/1.1 Host: xpxx.xhedu.sh.cn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 404 Not Found content-type: text/html date: Tue, 21 May 2024 04:11:14 GMT server: xhdxb-2019 content-length: 146 X-Firefox-Spdy: h2`

	xpxx.xhedu.sh.cn/favicon.ico	180.167.194.37	404 Not Found	146 B
URL GET HTTP/2 xpxx.xhedu.sh.cn/favicon.ico IP 180.167.194.37:443 ASN #4812 China Telecom Group Requested by https://xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe Certificate IssuerSectigo Limited Subject.xhedu.sh.cn Fingerprint98:9A:2A:38:02:B7:DB:7F:A9:86:3C:68:D3:03:20:A8:56:CE:37:79 ValidityMon, 11 Dec 2023 00:00:00 GMT - Sun, 22 Dec 2024 23:59:59 GMT File type HTML document, ASCII text, with CRLF line terminators Size 146 B (146 bytes) Hash 8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: xpxx.xhedu.sh.cn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://xpxx.xhedu.sh.cn/flash_mx/instalflasplayeax.exe Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 404 Not Found content-type: text/html date: Tue, 21 May 2024 04:11:14 GMT server: xhdxb-2019 content-length: 146 X-Firefox-Spdy: h2`