Report - ys-d.ysepan.com/614875620/812996284/r524K5H3N7UMJSIuVRTed/Office%E5%9C%A8?%E5%AE%89??%E6%BF%80%E6%B4%BB.zip?lx=xz

Report Overview

Submitted URL
ys-d.ysepan.com/614875620/812996284/r524K5H3N7UMJSIuVRTed/Office%E5%9C%A8?%E5%AE%89??%E6%BF%80%E6%B4%BB.zip?lx=xz
IP
61.147.124.149
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.
Submitted
2024-04-20 02:00:13
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ys-d.ysepan.com	unknown	2021-02-21	2022-06-05	2024-03-05	749 B	14 MB	61.147.124.149

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ys-d.ysepan.com/614875620/812996284/r524K5H3N7UMJSIuVRTed/Office%E5%9C%A8?%E5%AE%89??%E6%BF%80%E6%B4%BB.zip?lx=xz
IP
61.147.124.149
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (13505677 bytes)
Hash
5ce752ed37f3d4b7b1e8d921298b1a22
fe38455a94c1b2c2cd01c26e687bff5d060517ee
0625085c32e10069ec2adb3596fb15ebdaff9812e231c096ca3d4c83fa2d8dbf

Archive (12)

Filename

Md5

File type

.DS_Store

bdc160a29aae207298266884a0372bb1

Apple Desktop Services Store

Configure.xml

d6a20907c3e21b3d4ab631190aae766a

exported SGML document, ASCII text, with CRLF line terminators

setup.exe

5b51875e8086bc9908cc5683b61c708b

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

Uninstall.xml

364f86f97324ea82fe0d142cd01cf6dd

ASCII text, with CRLF line terminators

cleanospp.exe

162ab955cb2f002a73c1530aa796477f

PE32+ executable (console) x86-64, for MS Windows, 5 sections

msvcr100.dll

df3ca8d16bded6a54977b30e66864d33

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections

cleanospp.exe

5fd363d52d04ac200cd24f3bcc903200

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

msvcr100.dll

bf38660a9125935658cfa3e53fdc7d65

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

��װoffice.exe

7b5d0c8baf667aef19a4dd7bbaf81620

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

��װ�̳�.png

53f019c97e8535818a99a1b8b7c9b03f

PNG image data, 618 x 455, 8-bit/color RGBA, non-interlaced

��̳�.png

cf3d7c3e6d0f68e611523ee76cd768fd

PNG image data, 768 x 553, 8-bit/color RGBA, non-interlaced

��ɱ��뿴��.png

f95f3b8c703b00ab9d94b0b2b235588c

PNG image data, 800 x 1427, 8-bit/color RGB, non-interlaced

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	ys-d.ysepan.com/	61.147.124.149		475 B
URL ys-d.ysepan.com/ IP 61.147.124.149:0 ASN #137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China. File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators Size 475 B (475 bytes) Hash 6033e5567af85991351d687b700c8c9f aa44b7dc175e9b2bc6e47f5443a8f5a94dfb5039 0d59bff029540e4288bf65303fc00c1a0daec0509ae3486f029ceabd356aeaf1 HTTP Headers `GET / HTTP/1.1 Host: ys-d.ysepan.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 Set-Cookie: ASP.NET_SessionId=kvkqz0xkk1d0a21mmg0c2apj; path=/; HttpOnly X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Date: Sat, 20 Apr 2024 01:59:46 GMT Content-Length: 475`

	ys-d.ysepan.com/614875620/812996284/r524K5H3N7UMJSIuVRTed/Office%E5%9C%A8?%E5%AE%89??%E6%BF%80%E6%B4%BB.zip?lx=xz	61.147.124.149	200 OK	14 MB
URL User Request GET HTTP/1.1 ys-d.ysepan.com/614875620/812996284/r524K5H3N7UMJSIuVRTed/Office%E5%9C%A8?%E5%AE%89??%E6%BF%80%E6%B4%BB.zip?lx=xz IP 61.147.124.149:80 ASN #137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China. File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 14 MB (13505677 bytes) Hash 5ce752ed37f3d4b7b1e8d921298b1a22 fe38455a94c1b2c2cd01c26e687bff5d060517ee 0625085c32e10069ec2adb3596fb15ebdaff9812e231c096ca3d4c83fa2d8dbf HTTP Headers `GET /614875620/812996284/r524K5H3N7UMJSIuVRTed/Office%E5%9C%A8?%E5%AE%89??%E6%BF%80%E6%B4%BB.zip?lx=xz HTTP/1.1 Host: ys-d.ysepan.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Cache-Control: private Content-Length: 13505677 Content-Type: application/download Last-Modified: Mon, 06 Jul 2020 09:29:25 GMT Accept-Ranges: bytes ETag: "6148756-172920.5" Server: Microsoft-IIS/7.5 Set-Cookie: ASP.NET_SessionId=bdnob02ukf12df3y04xzpgog; path=/; HttpOnly Content-Disposition: attachment; filename="Office" X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Date: Sat, 20 Apr 2024 01:59:47 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (12)

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers