Report - kp2c.zifwxq.cn/download/%C3%A6%C2%9C%C2%88%C3%A5%C2%BD%C2%B1%C3%A4%C2%BC%C2%A0%C3%A8%C2%AF%C2%B4_12

Report Overview

Visited public
2024-11-20 22:52:34
Tags
URL
kp2c.zifwxq.cn/download/%C3%A6%C2%9C%C2%88%C3%A5%C2%BD%C2%B1%C3%A4%C2%BC%C2%A0%C3%A8%C2%AF%C2%B4_12_242668.exe
Finishing URL
about:privatebrowsing
IP / ASN
218.12.76.158
#4837 CHINA UNICOM China169 Backbone
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kp2c.zifwxq.cn	unknown	2023-05-09	2024-10-21	2024-10-21	829 B	21 MB	218.12.76.159
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-11-20	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
kp2c.zifwxq.cn/download/%C3%A6%C2%9C%C2%88%C3%A5%C2%BD%C2%B1%C3%A4%C2%BC%C2%A0%C3%A8%C2%AF%C2%B4_12_242668.exe
IP
120.52.95.246
ASN
#133119 China Unicom IP network

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
21 MB (21234720 bytes)
Hash
eada26550ff82506a2f945e47c6fba23
e883692af44c4020334959f61e3da1aa591e2148
69fbc9932e2fb5e503c3dc0d9af1595a40431d753b07ca1233c1b1ee229c28f0

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 48/72

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

kp2c.zifwxq.cn/

218.12.76.159

403 Forbidden

263 B

URL
kp2c.zifwxq.cn/
IP
218.12.76.159:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
XML 1.0 document, ASCII text, with no line terminators
Size
263 B (263 bytes)
Hash
7b91c219b4a9440a4021761f7959414a
d7fb9b2077912b4b2d59e9e29470f606a25c9d37
7777c30ae116f9e82aa147153b4e863ef34aa2375f79081d81f76e984ae27ebc

HTTP Headers

GET / HTTP/1.1
Host: kp2c.zifwxq.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Wed, 20 Nov 2024 22:52:13 GMT
Content-Type: application/xml
Content-Length: 263
Connection: keep-alive
Server: openresty
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
CloudServiceDiscount: CDN
x-amz-request-id: 000001934BC6B1B5EB058F62B2CA6FD3
x-reserved-indicator: 362
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
X-CCDN-Origin-Time: 9
Age: 1
via: CHN-HEshijiazhuang-AREACUCC1-CACHE25[93],CHN-HEshijiazhuang-AREACUCC1-CACHE47[24,TCP_MISS,40],CHN-HElangfang-GLOBAL6-CACHE62[16],CHN-HElangfang-GLOBAL6-CACHE42[9,TCP_MISS,13]
x-hcs-proxy-type: 0
X-CCDN-CacheTTL: 2592000
X-CCDN-REQ-ID-46B1: d605dc544da6bdb30007c35d69ad45c2

kp2c.zifwxq.cn/download/%C3%A6%C2%9C%C2%88%C3%A5%C2%BD%C2%B1%C3%A4%C2%BC%C2%A0%C3%A8%C2%AF%C2%B4_12_242668.exe

120.52.95.246

200 OK

21 MB

URL User Request GET HTTP/2
kp2c.zifwxq.cn/download/%C3%A6%C2%9C%C2%88%C3%A5%C2%BD%C2%B1%C3%A4%C2%BC%C2%A0%C3%A8%C2%AF%C2%B4_12_242668.exe
IP
120.52.95.246:443
ASN
#133119 China Unicom IP network

Certificate
IssuerZeroSSL
Subject*.zifwxq.cn
FingerprintB7:CD:42:82:AA:E5:A5:82:11:CC:2E:25:42:88:64:C9:47:B5:16:37
ValiditySun, 17 Nov 2024 00:00:00 GMT - Sat, 15 Feb 2025 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
21 MB (21234720 bytes)
Hash
eada26550ff82506a2f945e47c6fba23
e883692af44c4020334959f61e3da1aa591e2148
69fbc9932e2fb5e503c3dc0d9af1595a40431d753b07ca1233c1b1ee229c28f0

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 48/72

HTTP Headers

GET /download/%C3%A6%C2%9C%C2%88%C3%A5%C2%BD%C2%B1%C3%A4%C2%BC%C2%A0%C3%A8%C2%AF%C2%B4_12_242668.exe HTTP/1.1
Host: kp2c.zifwxq.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Nov 2024 22:52:13 GMT
content-type: binary/octet-stream
content-length: 21234720
server: openresty
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
cloudservicediscount: CDN
x-amz-request-id: 0000019145DC11C7EACA08840FC72F9C
etag: "eada26550ff82506a2f945e47c6fba23"
last-modified: Mon, 20 May 2024 03:10:31 GMT
content-disposition: attachment
x-amz-tagging-count: 0
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS46uLaAQtsjsTQgoHHNEvjRjc+T+6lo
via: CHN-HElangfang-AREACUCC1-CACHE23[32],CHN-HElangfang-AREACUCC1-CACHE16[0,TCP_HIT,10],CHN-HElangfang-GLOBAL6-CACHE33[63],CHN-HElangfang-GLOBAL6-CACHE80[0,TCP_HIT,60]
x-hcs-proxy-type: 1
x-ccdn-cachettl: 2592000
x-ccdn-req-id-46b1: f4bbe0822293672eee6a3cc35c38da54
nginx-hit: 1
age: 107000
accept-ranges: bytes
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2025-01-01-20-48-31.chain; p384ecdsa=ustxNpONXFzTEqmDkGKkKUOR9nyCWb-3kRanjlLVrWYBH08Q_m6AyGKctHIU5MTwds0LkYNLE_y1yoUs2ucmf50Z1k8ENtTobVFNlUxjJtBkIU-qsljUr-qJAWfJhj6t
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 20 Nov 2024 22:52:00 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 28
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers