Report - down2.superbar.vip/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe

Report Overview

Submitted URL
down2.superbar.vip/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe
IP
47.244.159.76
ASN
#45102 Alibaba US Technology Co., Ltd.
Submitted
2024-03-29 13:42:39
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
down2.superbar.vip	unknown	2020-08-09	2022-06-03	2024-03-22	757 B	1.2 kB	47.244.159.76
www.bkzj.wang	unknown	2018-12-23	2022-06-07	2024-03-26	763 B	412 kB	47.243.125.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.bkzj.wang/downdll/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe
IP
47.243.125.164
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
411 kB (411136 bytes)
Hash
38dbe26818d84ca04295d639f179029c
f24e9c792c35eb8d0c1c9f3896de5d86d2fd95ff
9f94daaec163d60c74fff0f0294942525be7b5beaf26199da91e7be86224ceeb

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 56/72

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

down2.superbar.vip/

47.244.159.76

233 B

URL
down2.superbar.vip/
IP
47.244.159.76:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document, Unicode text, UTF-8 text
Size
233 B (233 bytes)
Hash
48fe21addc9b0e8d87dd5577e15e152a
3144fca6c6ae292144a21ccf0ff24d5941c80a0f
a1d9536b3e777ca557362adbc153754df32c6d32a96b5a20d084f06d6d64c0a4

HTTP Headers

GET / HTTP/1.1
Host: down2.superbar.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 29 Mar 2024 13:42:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.30
Location: http://www.bkzj.wang/downdll/

www.bkzj.wang/downdll/

47.243.125.164

146 B

URL
www.bkzj.wang/downdll/
IP
47.243.125.164:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
9fe3cb2b7313dc79bb477bc8fde184a7
4d7b3cb41e90618358d0ee066c45c76227a13747
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

HTTP Headers

GET /downdll/ HTTP/1.1
Host: www.bkzj.wang
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 29 Mar 2024 13:42:18 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

down2.superbar.vip/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe

47.244.159.76

302 Moved Temporarily

332 B

URL User Request GET HTTP/1.1
down2.superbar.vip/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe
IP
47.244.159.76:80
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document, Unicode text, UTF-8 text
Size
332 B (332 bytes)
Hash
f55b27c120eb1fc0317cf80643babfa4
6d887aa47685a061bdf6b1534acf61a6e0423bfb
0e74629abf2c74ab1c87e1039ee956681ba1c75c655a978689e875e31f374b1e

HTTP Headers

GET /3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe HTTP/1.1
Host: down2.superbar.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 29 Mar 2024 13:42:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.30
Location: http://www.bkzj.wang/downdll/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe

www.bkzj.wang/downdll/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe

47.243.125.164

200 OK

411 kB

URL User Request GET HTTP/1.1
www.bkzj.wang/downdll/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe
IP
47.243.125.164:80
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
411 kB (411136 bytes)
Hash
38dbe26818d84ca04295d639f179029c
f24e9c792c35eb8d0c1c9f3896de5d86d2fd95ff
9f94daaec163d60c74fff0f0294942525be7b5beaf26199da91e7be86224ceeb

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 56/72

HTTP Headers

GET /downdll/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe/3dmgame.dll@16@26374.exe HTTP/1.1
Host: www.bkzj.wang
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 13:42:19 GMT
Content-Type: application/octet-stream
Content-Length: 411136
Last-Modified: Thu, 24 Mar 2022 10:44:43 GMT
Connection: keep-alive
ETag: "623c4b9b-64600"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers