Report - ymsoft.shuwei-6.top/files/softs/ditu.exe

Report Overview

Visited public
2023-11-28 12:42:48
Tags
URL
ymsoft.shuwei-6.top/files/softs/ditu.exe
Finishing URL
about:privatebrowsing
IP / ASN
182.107.80.41
#4134 Chinanet
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

1

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10 09:18:30	2023-11-28 07:25:54	692 B	3.0 kB	117.27.246.96
ymsoft.shuwei-6.top	unknown	2023-08-14	2023-10-23 08:32:51	2023-11-27 17:06:18	506 B	2.2 MB	182.140.225.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-28 12:42:34	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ymsoft.shuwei-6.top/files/softs/ditu.exe
IP
182.140.225.41
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
2.2 MB (2186120 bytes)
Hash
eabd986156177cb79f54411fca64343b
17fa203a51edbe45e0c55f32a9506275e9b118ca
23c3e47173878c9a974eb7ad28cea23ccc511e942f294c95b93c43f909241893

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	ocsp.trust-provider.cn/	117.27.246.96		599 B
URL ocsp.trust-provider.cn/ IP 117.27.246.96:0 ASN #133774 Fuzhou File type data Size 599 B (599 bytes) Hash f57f80fd699ecd70472e252221187cee 7c9906960410c6f9f77067b64ebf475e32ac5e2e 0740147006e7c02e6227f9a5832fb28bd9d7909a3cf3672081190efe5a7cbc6b HTTP Headers `POST / HTTP/1.1 Host: ocsp.trust-provider.cn User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: volc-dcdn Content-Type: application/ocsp-response Content-Length: 599 Connection: keep-alive Date: Tue, 28 Nov 2023 12:42:32 GMT Accept-Ranges: bytes Age: 1 CF-Cache-Status: HIT CF-RAY: 82bdd0375c9b0990-HKG ETag: "7c9906960410c6f9f77067b64ebf475e32ac5e2e" Expires: Sat, 02 Dec 2023 21:20:52 GMT Last-Modified: Sat, 25 Nov 2023 21:20:53 GMT WS-Cache-Status: 0 X-CCACDN-Proxy-ID: mcdpinlb1 X-Frame-Options: SAMEORIGIN X-Via: 1.1 dianxun180:3 (Cdn Cache Server V2.0), 1.1 CS-000-01f4L24:5 (Cdn Cache Server V2.0), 1.1 PS-JJN-01XpV172:2 (Cdn Cache Server V2.0) X-Ws-Request-Id: 6565e038_PS-JJN-01XpV172_34358-54058 via: n172-013-214.fzmp.ToB x-request-ip: 91.90.42.154 x-tt-trace-tag: id=5 x-dsa-trace-id: 17011753521e0e2cb82513a4d32ddaa182f649a385 X-Dsa-Origin-Status: 200 server-timing: cdn-cache;desc=MISS, origin;dur=13, edge;dur=0

	ocsp.trust-provider.cn/	36.248.38.100		599 B
URL ocsp.trust-provider.cn/ IP 36.248.38.100:0 ASN #4837 CHINA UNICOM China169 Backbone File type data Size 599 B (599 bytes) Hash f57f80fd699ecd70472e252221187cee 7c9906960410c6f9f77067b64ebf475e32ac5e2e 0740147006e7c02e6227f9a5832fb28bd9d7909a3cf3672081190efe5a7cbc6b HTTP Headers `POST / HTTP/1.1 Host: ocsp.trust-provider.cn User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: volc-dcdn Content-Type: application/ocsp-response Content-Length: 599 Connection: keep-alive Date: Tue, 28 Nov 2023 12:42:33 GMT Accept-Ranges: bytes Age: 1 CF-Cache-Status: HIT CF-RAY: 82bdd0375c9b0990-HKG ETag: "7c9906960410c6f9f77067b64ebf475e32ac5e2e" Expires: Sat, 02 Dec 2023 21:20:52 GMT Last-Modified: Sat, 25 Nov 2023 21:20:53 GMT WS-Cache-Status: 0 X-CCACDN-Proxy-ID: mcdpinlb1 X-Frame-Options: SAMEORIGIN X-Via: 1.1 dianxun180:3 (Cdn Cache Server V2.0), 1.1 CS-000-01f4L24:5 (Cdn Cache Server V2.0), 1.1 PS-JJN-01XpV172:2 (Cdn Cache Server V2.0) X-Ws-Request-Id: 6565e039_PS-JJN-01XpV172_32504-53281 via: n172-013-216.fzmp.ToB x-request-ip: 91.90.42.154 x-tt-trace-tag: id=5 x-dsa-trace-id: 17011753536c7ac02d87824899a27b33d083123ddb X-Dsa-Origin-Status: 200 server-timing: cdn-cache;desc=MISS, origin;dur=17, edge;dur=0

	ymsoft.shuwei-6.top/files/softs/ditu.exe	182.140.225.41	200 OK	2.2 MB
URL User Request GET HTTP/2 ymsoft.shuwei-6.top/files/softs/ditu.exe IP 182.140.225.41:443 ASN #38283 CHINANET SiChuan Telecom Internet Data Center Certificate IssuerTrustAsia Technologies, Inc. Subjectymsoft.shuwei-6.top FingerprintAB:5B:62:30:9E:26:2E:4A:70:17:AF:A3:8A:E9:2A:5A:15:F4:34:6C ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 22 Oct 2024 23:59:59 GMT File type PE32 executable (GUI) Intel 80386, for MS Windows\012- data Size 2.2 MB (2186120 bytes) Hash eabd986156177cb79f54411fca64343b 17fa203a51edbe45e0c55f32a9506275e9b118ca 23c3e47173878c9a974eb7ad28cea23ccc511e942f294c95b93c43f909241893 HTTP Headers `GET /files/softs/ditu.exe HTTP/1.1 Host: ymsoft.shuwei-6.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: JSP3/2.0.14 date: Tue, 28 Nov 2023 12:42:32 GMT content-type: application/x-msdownload content-length: 2186120 last-modified: Thu, 19 Oct 2023 10:22:08 GMT etag: "Fhf6IDpR7b5F4MVfMqlQYnXpsRjK" cache-control: public, max-age=31536000 age: 431742 accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: X-Log, X-Reqid access-control-max-age: 2592000 content-disposition: inline; filename="ditu.exe"; filename*=utf-8''ditu.exe content-md5: 6r2YYVYXfLefVEEfymQ0Ow== content-transfer-encoding: binary x-log: X-Log x-m-log: QNM:fn267;QNM3:3 x-m-reqid: jfUAAD1JwLhRqpAX x-qiniu-zone: 2 x-qnm-cache: Hit x-reqid: 7T8AAADlSGruqJAX x-svr: IO ohc-global-saved-time: Thu, 09 Nov 2023 12:38:21 GMT ohc-cache-hit: cd5ct59 [4] ohc-file-size: 2186120 x-cache-status: HIT X-Firefox-Spdy: h2