urlquery - report: phanmemchuyennghiep.com/VQSALE1.zip

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP	Comment
phanmemchuyennghiep.com (1)	0	2012-07-24 17:27:45	2023-05-20 15:21:02	493	319	0.0.0.0

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

phanmemchuyennghiep.com (1)

2012-07-24 17:27:45

2023-05-20 15:21:02

493

319

0.0.0.0

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	phanmemchuyennghiep.com/VQSALE1.zip	Malware

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

phanmemchuyennghiep.com/VQSALE1.zip

Malware

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 112.78.2.224

Date	UQ / IDS / BL	URL	IP
2023-05-27 06:49:20 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQSALE1.zip	112.78.2.224
2023-05-26 14:33:11 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQPRO.zip	112.78.2.224
2023-05-26 14:08:52 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQSALE1.zip	112.78.2.224
2023-05-21 05:45:07 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQSALE1.zip	112.78.2.224
2023-05-20 13:21:19 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQPRO.zip	112.78.2.224

Last 5 reports on ASN: ODS Joint Stock Company

Date	UQ / IDS / BL	URL	IP
2023-06-05 17:45:03 UTC	0 - 0 - 15	sunmate.vn/js/js/Qpost/ar/?token=TW96aWxsYS81 (...)	112.78.2.57
2023-05-31 02:21:43 UTC	0 - 0 - 0	news.andi.vn/NewsDetail.aspx?17683759.88.288940	103.15.50.118
2023-05-29 15:54:47 UTC	0 - 0 - 13	baominhlabors.com/	112.78.2.23
2023-05-29 01:17:50 UTC	0 - 0 - 8	timhieuluat.com/	112.78.1.150
2023-05-29 01:10:55 UTC	0 - 0 - 5	dientuha.com/	112.78.1.150

Last 5 reports on domain: phanmemchuyennghiep.com

Date	UQ / IDS / BL	URL	IP
2023-05-27 06:49:20 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQSALE1.zip	112.78.2.224
2023-05-26 14:33:11 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQPRO.zip	112.78.2.224
2023-05-26 14:08:52 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQSALE1.zip	112.78.2.224
2023-05-21 05:45:07 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQSALE1.zip	112.78.2.224
2023-05-20 13:21:19 UTC	0 - 0 - 1	phanmemchuyennghiep.com/VQPRO.zip	112.78.2.224

Last 5 reports with similar screenshot

Date	UQ / IDS / BL	URL	IP
2023-06-06 06:27:47 UTC	0 - 1 - 0	www.lasantabiblia.es/files/libros/libros.zip	194.163.47.70
2023-06-06 06:24:37 UTC	0 - 1 - 1	141.98.10.34/jew.mpsl	141.98.10.34
2023-06-06 06:23:43 UTC	0 - 0 - 2	121.4.154.20/cx	121.4.154.20
2023-06-06 06:20:03 UTC	0 - 3 - 0	www.igc.com.br/aa.exe	69.49.115.40
2023-06-06 06:19:33 UTC	0 - 2 - 0	github.com/cloud1cybertron/wincurl/raw/main/c (...)	140.82.121.3

Request	Response
GET /VQSALE1.zip HTTP/1.1 Host: phanmemchuyennghiep.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	0.0.0.0 HTTP/2 200 OK content-type: application/x-zip-compressed last-modified: Tue, 23 May 2023 11:47:11 GMT accept-ranges: bytes etag: "74986f4f6c8dd91:0" server: Microsoft-IIS/10.0 x-powered-by: ASP.NET x-powered-by-plesk: PleskWin date: Fri, 26 May 2023 14:08:45 GMT content-length: 6740497 X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Blocklists: - fortinet: Malware

Request

Response

                                        
                                            GET /VQSALE1.zip HTTP/1.1 

                                        
                                            
Host: phanmemchuyennghiep.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             0.0.0.0

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: application/x-zip-compressed

                                            

                                            
                                                
last-modified: Tue, 23 May 2023 11:47:11 GMT 

                                            
                                                
accept-ranges: bytes 

                                            
                                                
etag: "74986f4f6c8dd91:0" 

                                            
                                                
server: Microsoft-IIS/10.0 

                                            
                                                
x-powered-by: ASP.NET 

                                            
                                                
x-powered-by-plesk: PleskWin 

                                            
                                                
date: Fri, 26 May 2023 14:08:45 GMT 

                                            
                                                
content-length: 6740497 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

URL	phanmemchuyennghiep.com/VQSALE1.zip
IP	112.78.2.224 (Vietnam)
ASN	#45538 ODS Joint Stock Company
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 14:08:52 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	1
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (1)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 112.78.2.224

Last 5 reports on ASN: ODS Joint Stock Company

Last 5 reports on domain: phanmemchuyennghiep.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Overview

Domain Summary (1)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 112.78.2.224

Last 5 reports on ASN: ODS Joint Stock Company

Last 5 reports on domain: phanmemchuyennghiep.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Network Intrusion Detection Systems