Report - www.flash.cn/cdm/Distribution1/install_flash_player_offline_cn

Report Overview

Submitted URL
www.flash.cn/cdm/Distribution1/install_flash_player_offline_cn_fc.exe
IP
101.33.29.231
ASN
#139341 ACE
Submitted
2023-05-25 21:02:34
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.dcocsp.cn	33518	2018-05-02	2018-11-07	2023-05-25	328 B	960 B	47.246.48.228
www.flash.cn	600376	2003-03-17	2015-02-06	2023-05-25	525 B	13 MB	101.33.29.224

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-25	medium	www.flash.cn/cdm/Distribution1/install_flash_player_offline_cn_fc.exe

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.flash.cn/cdm/Distribution1/install_flash_player_offline_cn_fc.exe
IP
101.33.29.224
ASN
#139341 ACE

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
13 MB (13059056 bytes)
Hash
200475d42dce9c39cc817d341cbe6e54
a64696ee22a3142fa32345a94da4e632d0d3495e
e2d26d8433862ff65c5ad246798ce5a71eada659bb5cb7082a69bafca2e8b585

Detections

Analyzer	Verdict	Alert
VirusTotal	15/71	VirusTotal -

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.dcocsp.cn/

47.246.48.228

471 B

URL
ocsp.dcocsp.cn/
IP
47.246.48.228:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
71424c084ef4f322d20e1b9ef87d5237
6b4c2c76b61b52748f5733aaa5ba4f2e09551759
6c73ae19c54e504bbd6bffdf6005d5c48477b49452ff3fe252862b34eb8d495b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 25 May 2023 20:26:47 GMT
Ali-Swift-Global-Savetime: 1685046407
Via: cache21.l2de2[0,0,200-0,H], cache19.l2de2[0,0], cache5.nl2[8,17,200-0,M], cache3.nl2[21,0]
Age: 2128
X-Cache: MISS TCP_REFRESH_MISS dirn:11:132411734
X-Swift-SaveTime: Thu, 25 May 2023 21:02:15 GMT
X-Swift-CacheTime: 1472
Timing-Allow-Origin: *
EagleId: 2ff6309716850485352784767e

www.flash.cn/cdm/Distribution1/install_flash_player_offline_cn_fc.exe

101.33.29.224

200 OK

13 MB

URL User Request GET HTTP/1.1
www.flash.cn/cdm/Distribution1/install_flash_player_offline_cn_fc.exe
IP
101.33.29.224:443
ASN
#139341 ACE

Certificate
IssuerDigiCert Inc
Subjectizhongcheng.cn
FingerprintC3:57:A3:B4:B9:5B:4E:ED:C5:11:AE:59:83:A3:05:43:40:78:E4:29
ValidityTue, 28 Feb 2023 00:00:00 GMT - Sat, 30 Mar 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
13 MB (13059056 bytes)
Hash
200475d42dce9c39cc817d341cbe6e54
a64696ee22a3142fa32345a94da4e632d0d3495e
e2d26d8433862ff65c5ad246798ce5a71eada659bb5cb7082a69bafca2e8b585

Detections

Analyzer	Verdict	Alert
fortinet	Malware
VirusTotal	15/71	VirusTotal -

HTTP Headers

GET /cdm/Distribution1/install_flash_player_offline_cn_fc.exe HTTP/1.1
Host: www.flash.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.17.8
Date: Thu, 25 May 2023 21:02:15 GMT
Content-Type: application/x-msdownload
ETag: "988526b148148bc53711f7e0df21fa02-13"
x-cos-hash-crc64ecma: 2715937585360238937
x-cos-request-id: NjQ2ZmNjZDdfMzc5NGVhMDlfYTBjZF9kOGQwY2Yw
Strict-Transport-Security: max-age=15724800; includeSubDomains
X-Cache-Lookup: Cache Miss, Hit From Inner Cluster, Cache Miss, Hit From Inner Cluster, Cache Miss, Hit From Inner Cluster
Accept-Ranges: bytes
Last-Modified: Tue, 14 Mar 2023 14:45:54 GMT
Content-Length: 13059056
X-NWS-LOG-UUID: 14912230946677146923
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers