Report - dow.andylab.cn/daili.exe

Report Overview

Submitted URL
dow.andylab.cn/daili.exe
IP
3.126.195.33
ASN
#16509 AMAZON-02
Submitted
2023-05-30 16:00:45
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2023-05-29	336 B	1.5 kB	47.246.44.205
dow.andylab.cn	unknown	2017-11-07	2022-06-03	2023-05-30	396 B	996 kB	3.126.195.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-30 16:00:27	high	3.126.195.33	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dow.andylab.cn/daili.exe
IP
3.126.195.33
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
995 kB (995328 bytes)
Hash
df8e04ee8771eaeab791e133d3f2235a
9b51fac25390247500b10ddff7c97c5857dd4787
961ba2de27e414e4f3d226c2e8641edd9b0ad7c69ee26d21853a0a74b3353de5

Detections

Analyzer	Verdict	Alert
VirusTotal	30/67	VirusTotal -

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.trust-provider.cn/

47.246.44.205

599 B

URL
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
599 B (599 bytes)
Hash
eb7cc796d8ee8fec4cf8e285798a6c54
0cdc25831fddb7ae56262dc1a975785a93722176
50bf836b34a265046de6c464b0718e655e0acf83cbd285bafd65dcd76c3a47ae

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Tue, 30 May 2023 15:59:13 GMT
last-modified: Sun, 28 May 2023 08:07:08 GMT
expires: Sun, 04 Jun 2023 08:07:07 GMT
etag: "0cdc25831fddb7ae56262dc1a975785a93722176"
cache-control: max-age=587210,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb2
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7cf82ee04cda2c6e-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1685462353
via: cache15.l2de2[0,0,304-0,H], cache12.l2de2[1,0], cache3.se1[0,0,200-0,H], cache5.se1[1,0], cache8.se1[4,0]
age: 74
x-cache: HIT TCP_MEM_HIT dirn:1:36453280
x-swift-savetime: Tue, 30 May 2023 15:59:29 GMT
x-swift-cachetime: 1784
timing-allow-origin: *, *
eagleid: 2ff62c9c16854624277373670e, 2ff62c9c16854624277373670e

dow.andylab.cn/daili.exe

3.126.195.33

200 OK

995 kB

URL User Request GET HTTP/1.1
dow.andylab.cn/daili.exe
IP
3.126.195.33:80
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
995 kB (995328 bytes)
Hash
df8e04ee8771eaeab791e133d3f2235a
9b51fac25390247500b10ddff7c97c5857dd4787
961ba2de27e414e4f3d226c2e8641edd9b0ad7c69ee26d21853a0a74b3353de5

Detections

Analyzer	Verdict	Alert
VirusTotal	30/67	VirusTotal -

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /daili.exe HTTP/1.1
Host: dow.andylab.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Accept-Ranges: bytes
ETag: "d3d9109a35cbd81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 30 May 2023 16:00:24 GMT
Last-Modified: Sun, 18 Sep 2022 08:06:48 GMT
Content-Length: 995328
X-NWS-LOG-UUID: 13331245487664066235
Connection: keep-alive
X-Cache-Lookup: Cache Miss
Cache-Control: max-age=0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers