Report - 11.emwanptdown.wensya.cn:3020/xtzjw7-down/app/2254.exe?tk=kZjYxIjMjZTN5IzMwEWMkFWNhNWYzcTO4UWY5Q2MxIGfu9Gft92YuczdqpHd4xXN4IzN2kDO5YTM

Report Overview

Submitted URL
11.emwanptdown.wensya.cn:3020/xtzjw7-down/app/2254.exe?tk=kZjYxIjMjZTN5IzMwEWMkFWNhNWYzcTO4UWY5Q2MxIGfu9Gft92YuczdqpHd4xXN4IzN2kDO5YTM
IP
117.48.143.61
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network
Submitted
2024-05-09 01:04:53
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
11.emwanptdown.wensya.cn:3020	unknown	unknown	No data	No data	504 B	708 kB	117.48.143.61

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
11.emwanptdown.wensya.cn:3020/xtzjw7-down/app/2254.exe?tk=kZjYxIjMjZTN5IzMwEWMkFWNhNWYzcTO4UWY5Q2MxIGfu9Gft92YuczdqpHd4xXN4IzN2kDO5YTM
IP
117.48.143.61
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
707 kB (707182 bytes)
Hash
a7d7601e1ef61e77e503e7463ecc0d9d
1e6af245c76962eafb009de4b10f02f0f2542317
b84ee758530411469ecc1557a406c2c401bc9f20eded8f2f8b07877a65956a03

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 34/70

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

11.emwanptdown.wensya.cn:3020/xtzjw7-down/app/2254.exe?tk=kZjYxIjMjZTN5IzMwEWMkFWNhNWYzcTO4UWY5Q2MxIGfu9Gft92YuczdqpHd4xXN4IzN2kDO5YTM

117.48.143.61

200 OK

707 kB

URL User Request GET HTTP/1.1
11.emwanptdown.wensya.cn:3020/xtzjw7-down/app/2254.exe?tk=kZjYxIjMjZTN5IzMwEWMkFWNhNWYzcTO4UWY5Q2MxIGfu9Gft92YuczdqpHd4xXN4IzN2kDO5YTM
IP
117.48.143.61:3020
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
707 kB (707182 bytes)
Hash
a7d7601e1ef61e77e503e7463ecc0d9d
1e6af245c76962eafb009de4b10f02f0f2542317
b84ee758530411469ecc1557a406c2c401bc9f20eded8f2f8b07877a65956a03

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 34/70

HTTP Headers

GET /xtzjw7-down/app/2254.exe?tk=kZjYxIjMjZTN5IzMwEWMkFWNhNWYzcTO4UWY5Q2MxIGfu9Gft92YuczdqpHd4xXN4IzN2kDO5YTM HTTP/1.1
Host: 11.emwanptdown.wensya.cn:3020
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 09 May 2024 01:04:27 GMT
Content-Type: application/x-msdownload
Content-Length: 707182
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7d7601e1ef61e77e503e7463ecc0d9d"
Last-Modified: Sun, 31 Mar 2024 14:36:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CBD21EAA317C5F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 09 May 2024 01:14:27 GMT
Cache-Control: max-age=600
X-Via: 10.2.114.156, 117.48.143.61
X-Cache: HIT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers