Report - 202.112.159.191/cx/UpLoadFile/18231546337382.doc

Report Overview

Submitted URL
202.112.159.191/cx/UpLoadFile/18231546337382.doc
IP
202.112.159.191
ASN
#4538 China Education and Research Network Center
Submitted
2023-06-03 11:05:46
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
202.112.159.191	unknown	unknown	No data	No data	688 B	769 kB	202.112.159.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-03 11:05:33	medium	Client IP	202.112.159.191	ET INFO Dotted Quad Host DOC Request

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-06-03	medium	202.112.159.191
2023-06-03	medium	202.112.159.191

ThreatFox

No alerts detected

Files detected

URL
202.112.159.191/cx/UpLoadFile/18231546337382.doc
IP
202.112.159.191
ASN
#4538 China Education and Research Network Center

File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 936, Template: Normal, Last Saved By: , Revision Number: 10, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:47:00, Last Printed: Tue Jun 3 06:40:00 2014, Create Time/Date: Thu Apr 1 07:23:00 2021, Last Saved Time/Date: Thu Apr 1 14:33:00 2021, Number of Pages: 7, Number of Words: 588, Number of Characters: 3353, Security: 0\012- OLE 2 Compound Document, v3.62, SecID 0x5c2, 12 FAT sectors, Mini FAT start sector 0x5c4 : Microsoft Word 97-2003 document or template\012- data
Size
757 kB (757248 bytes)
Hash
c4d8fbdec982706d230c410695863896
c265cacf5e6a0cc75100d7bbe7838e252508aa10
316cf410f6f4c1834ae8d8ba8cb3fff1ce834e6d9e69e245a53a95b32629396f

Detections

Analyzer	Verdict	Alert
VirusTotal	0/0	VirusTotal -

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

202.112.159.191/

202.112.159.191

11 kB

URL
202.112.159.191/
IP
202.112.159.191:0
ASN
#4538 China Education and Research Network Center

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (5812), with CRLF line terminators
Size
11 kB (10973 bytes)
Hash
359b7f89cf4d3b454055c4fe144f36e8
b4959f48bbfc6ee7952bc72512cbdc1666ec202f
f24c694b02ee88ffa488ee8a349898c1192e39324284a802e635e401b8fd836b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 202.112.159.191
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=gb2312
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=okr0d2monn5gvl55hzfg52ei; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 03 Jun 2023 11:05:32 GMT
Content-Length: 10973

202.112.159.191/cx/UpLoadFile/18231546337382.doc

202.112.159.191

757 kB

URL
202.112.159.191/cx/UpLoadFile/18231546337382.doc
IP
202.112.159.191:0
ASN
#4538 China Education and Research Network Center

File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 936, Template: Normal, Last Saved By: , Revision Number: 10, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:47:00, Last Printed: Tue Jun 3 06:40:00 2014, Create Time/Date: Thu Apr 1 07:23:00 2021, Last Saved Time/Date: Thu Apr 1 14:33:00 2021, Number of Pages: 7, Number of Words: 588, Number of Characters: 3353, Security: 0\012- OLE 2 Compound Document, v3.62, SecID 0x5c2, 12 FAT sectors, Mini FAT start sector 0x5c4 : Microsoft Word 97-2003 document or template\012- data
Size
757 kB (757248 bytes)
Hash
c4d8fbdec982706d230c410695863896
c265cacf5e6a0cc75100d7bbe7838e252508aa10
316cf410f6f4c1834ae8d8ba8cb3fff1ce834e6d9e69e245a53a95b32629396f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed
VirusTotal	0/0	VirusTotal -

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host DOC Request

HTTP Headers

GET /cx/UpLoadFile/18231546337382.doc HTTP/1.1
Host: 202.112.159.191
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/msword
Last-Modified: Thu, 01 Apr 2021 14:32:12 GMT
Accept-Ranges: bytes
ETag: "07eb0cd327d71:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Date: Sat, 03 Jun 2023 11:05:32 GMT
Content-Length: 757248

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers