Overview

URL 20257.xc.cangpie.com/xiaz/%E9%A9%AC%E9%87%8C%E5%A5%A5%E4%B8%8E%E8%B7%AF%E6%98%93rpg3@306_347601.exe
IP114.55.188.114
ASN
Location China
Report completed2018-04-24 06:55:59 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-04-24 2 20257.xc.cangpie.com/xiaz/%E9%A9%AC%E9%87%8C%E5%A5%A5%E4%B8%8E%E8%B7%AF%E6% (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 114.55.188.114

Date UQ / IDS / BL URL IP
2019-01-16 19:35:27 +0100
0 - 0 - 1 24996.xc.wenpie.com/index.php 114.55.188.114
2019-01-16 12:59:40 +0100
0 - 0 - 1 22979.xc.05cg.com/xiaz/%EF%BF%BD%D2%B5%EF%BF% (...) 114.55.188.114
2019-01-16 12:59:27 +0100
0 - 4 - 1 26679.xc.mieseng.com/xiaz/KISSsoft@45_221858.exe 114.55.188.114
2019-01-16 12:22:29 +0100
0 - 0 - 1 xc.mieseng.com/xiaz/%E5%85%AB%E7%88%AA%E9%B1% (...) 114.55.188.114
2019-01-16 12:00:14 +0100
0 - 4 - 1 14614.xc.41gw.com/xiaz/%5Cx7f%5Cx7f%5Cx7f%5Cx (...) 114.55.188.114
2019-01-16 11:58:09 +0100
0 - 0 - 1 25092.xc.08an.com/xiaz/%5Cx7f%5Cx7f%5Cx7f%5Cx (...) 114.55.188.114
2019-01-16 11:30:49 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/%5Cx7f%5Cx7f%5Cx7f%5Cx (...) 114.55.188.114
2019-01-16 11:29:52 +0100
0 - 4 - 1 25294.xc.wenpie.com/xiaz/AutoCAD2018%2032-64% (...) 114.55.188.114
2019-01-16 11:20:45 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/premiere@42863_25000.exe 114.55.188.114
2019-01-16 11:20:32 +0100
0 - 2 - 1 25142.xc.mieseng.com/xiaz/360%5Cx7f%5Cx7f%5Cx (...) 114.55.188.114

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-01-17 22:25:08 +0100
0 - 1 - 0 ahmed82.duckdns.org/ 185.125.205.92
2019-01-17 22:24:58 +0100
0 - 1 - 0 weareunlimited.tk/ 52.15.53.52
2019-01-17 22:20:42 +0100
0 - 0 - 1 herseydenizileguzel.com/ 142.93.59.244
2019-01-17 22:16:53 +0100
0 - 0 - 1 https://vznm.haphetititletleres.club/WEQVVNZ 52.200.114.79
2019-01-17 22:16:47 +0100
0 - 0 - 1 https://gwvu.haphetititletleres.club/WEQVVNZ 52.207.73.111
2019-01-17 22:16:29 +0100
0 - 0 - 1 https://i43x.haphetititletleres.club/WEQVVNZ 34.235.9.192
2019-01-17 22:16:08 +0100
0 - 0 - 0 www.kslaw.com/ 143.204.47.126
2019-01-17 22:15:51 +0100
0 - 0 - 2 amousinded.info/ 34.197.154.188
2019-01-17 22:13:54 +0100
0 - 0 - 1 www.brejogames.com/ 143.204.51.81
2019-01-17 22:13:35 +0100
0 - 0 - 0 secure.natacs.aero 52.38.156.174

No other reports on domain: cangpie.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /xiaz/%E9%A9%AC%E9%87%8C%E5%A5%A5%E4%B8%8E%E8%B7%AF%E6%98%93rpg3@306_347601.exe HTTP/1.1 
Host: 20257.xc.cangpie.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.224.39.0
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Tue, 24 Apr 2018 04:55:28 GMT
Content-Length: 1287368
Connection: keep-alive
Content-Disposition: attachment; filename*="utf8''马里奥与路易rpg3@306_347601.exe"


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1287368
Md5:    e86362323e0678727024c9733c6d277f
Sha1:   0a5be35c17001eb2035517870e666610d3460a9d
Sha256: 3954ed23ba188e657959509fd418273f83f7fa186dbda190d5284b1aa92ebbff

Alerts:
  Blacklists:
    - fortinet: Malware