Report - 123.60.157.165:5244/d/L/pe/xiagnrikui32.exe

Report Overview

Visited public
2025-03-02 00:59:22
Tags
URL
123.60.157.165:5244/d/L/pe/xiagnrikui32.exe
Finishing URL
about:privatebrowsing
IP / ASN
123.60.157.165
#55990 Huawei Cloud Service data center
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
123.60.157.165	unknown	unknown	No data	No data	425 B	4.7 kB	123.60.157.165
dl1.aliyundrive.cloud	unknown	2020-09-01	2024-11-30	2025-03-02	2.6 kB	11 MB	114.250.50.182

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-02 00:58:50	medium	Client IP	123.60.157.165	ET INFO Executable Download from dotted-quad Host

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-02	medium	123.60.157.165	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
dl1.aliyundrive.cloud/pXjuqcXF%2F1276365%2F62abcdee02d5d74a1e3142c69c3553a717cda99f%2F62abcdee810faadb78a74316a6b44cd01ca111f8?callback=eyJjYWxsYmFja1VybCI6Imh0dHA6Ly9iajI5LmFwaS1ocC5hbGl5dW5wZHMuY29tL3YyL2ZpbGUvZG93bmxvYWRfY2FsbGJhY2siLCJjYWxsYmFja0JvZHkiOiJodHRwSGVhZGVyLnJhbmdlPSR7aHR0cEhlYWRlci5yYW5nZX1cdTAwMjZidWNrZXQ9JHtidWNrZXR9XHUwMDI2b2JqZWN0PSR7b2JqZWN0fVx1MDAyNmRvbWFpbl9pZD0ke3g6ZG9tYWluX2lkfVx1MDAyNnVzZXJfaWQ9JHt4OnVzZXJfaWR9XHUwMDI2ZHJpdmVfaWQ9JHt4OmRyaXZlX2lkfVx1MDAyNmZpbGVfaWQ9JHt4OmZpbGVfaWR9XHUwMDI2cGRzX3BhcmFtcz0ke3g6cGRzX3BhcmFtc31cdTAwMjZ2ZXJzaW9uPSR7eDp2ZXJzaW9ufSIsImNhbGxiYWNrQm9keVR5cGUiOiJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiLCJjYWxsYmFja1N0YWdlIjoiYmVmb3JlLWV4ZWN1dGUiLCJjYWxsYmFja0ZhaWx1cmVBY3Rpb24iOiJpZ25vcmUifQ%3D%3D&callback-var=eyJ4OmRvbWFpbl9pZCI6ImJqMjkiLCJ4OnVzZXJfaWQiOiJlYTgyYjkxY2I3NDQ0YjA4YWM4MTBkM2YwNDBlZTE0MyIsIng6ZHJpdmVfaWQiOiI4NjA5OTQwMjQiLCJ4OmZpbGVfaWQiOiI2N2E3NGMzZjQ1ZjJmMzdmZTJiMzQxZTVhNWJkYWI2YzI0ZjNjYWVlIiwieDpwZHNfcGFyYW1zIjoie1wiYXBcIjpcIjc2OTE3Y2NjY2Q0NDQxYzM5NDU3YTA0ZjYwODRmYjJmXCJ9IiwieDp2ZXJzaW9uIjoidjMifQ%3D%3D&di=bj29&dr=860994024&f=67a74c3f45f2f37fe2b341e5a5bdab6c24f3caee&pds-params=%7B%22ap%22%3A%2276917ccccd4441c39457a04f6084fb2f%22%7D&response-content-disposition=attachment%3B%20filename%2A%3DUTF-8%27%27xiagnrikui32.exe&security-token=CAISvgJ1q6Ft5B2yfSjIr5DELY7z26hlz4G4MFfH0VglY%2F9FpfbhtTz2IHhMf3NpBOkZvvQ1lGlU6%2Fcalq5rR4QAXlDfNSaoKyPqq1HPWZHInuDox55m4cTXNAr%2BIhr%2F29CoEIedZdjBe%2FCrRknZnytou9XTfimjWFrXWv%2Fgy%2BQQDLItUxK%2FcCBNCfpPOwJms7V6D3bKMuu3OROY6Qi5TmgQ41Uh1jgjtPzkkpfFtkGF1GeXkLFF%2B97DRbG%2FdNRpMZtFVNO44fd7bKKp0lQLs0ARrv4r1fMUqW2X543AUgFLhy2KKMPY99xpFgh9a7j0iCbSGyUu%2FhcRm5sw9%2Byfo34lVYneU9HEUAmdi4IClLcc%2BmqdsRIvJzWstJ7Gf9LWqChvSgk4TxhhcNFKSTQrInFCB0%2BcRObJl16irR%2F8QvXtuMkagAGLZjZhUom3FYOzfdzt9s9AXim1wLv4IrsWQ7la9Ws3qusx88FLrm3jwR2F%2Bl7iUi5BuKSCKmWC3ZGgXXUTc0S53pD4ET%2Byldi%2FsGzEFxGPHMCwmsePCZAfHY6SseNecjM%2FpHaR%2Brol9JGf%2FJL0%2FFck7r5S8VCdnwVues7LHbVJRyAA&u=ea82b91cb7444b08ac810d3f040ee143&x-oss-access-key-id=STS.NSqf4G6wDxCS2qv5XpopiJ3JW&x-oss-expires=1740878015&x-oss-signature=D7kMHNsnhSelH0NtI%2BqiFdJzZOVeDtQ3VZCHuBK2NHI%3D&x-oss-signature-version=OSS2
IP
114.250.50.182
ASN
#4808 China Unicom Beijing Province Network

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
11 MB (11414968 bytes)
Hash
55726ad06d8ad4484210345b195d285a
f14856c4fd07614055662a3613d437351e6a3fc6
9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/70

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET 123.60.157.165:5244/d/L/pe/xiagnrikui32.exe

123.60.157.165

302 Found

2.3 kB

URL User Request GET HTTP/1.1
123.60.157.165:5244/d/L/pe/xiagnrikui32.exe
IP
123.60.157.165:5244
ASN
#55990 Huawei Cloud Service data center

File type
HTML document, ASCII text, with very long lines (2253)
Size
2.3 kB (2255 bytes)
Hash
3fd8b694d23bb918eb36ae4db916a3a8
3c4a1163a85cb3954f0dbcbf7aee7e953a37c34a
8fe05659c365a0b824435a76e62e35660e46e427979b3790f07fce484cc1e633

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d/L/pe/xiagnrikui32.exe HTTP/1.1
Host: 123.60.157.165:5244
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Location: https://dl1.aliyundrive.cloud/pXjuqcXF%2F1276365%2F62abcdee02d5d74a1e3142c69c3553a717cda99f%2F62abcdee810faadb78a74316a6b44cd01ca111f8?callback=eyJjYWxsYmFja1VybCI6Imh0dHA6Ly9iajI5LmFwaS1ocC5hbGl5dW5wZHMuY29tL3YyL2ZpbGUvZG93bmxvYWRfY2FsbGJhY2siLCJjYWxsYmFja0JvZHkiOiJodHRwSGVhZGVyLnJhbmdlPSR7aHR0cEhlYWRlci5yYW5nZX1cdTAwMjZidWNrZXQ9JHtidWNrZXR9XHUwMDI2b2JqZWN0PSR7b2JqZWN0fVx1MDAyNmRvbWFpbl9pZD0ke3g6ZG9tYWluX2lkfVx1MDAyNnVzZXJfaWQ9JHt4OnVzZXJfaWR9XHUwMDI2ZHJpdmVfaWQ9JHt4OmRyaXZlX2lkfVx1MDAyNmZpbGVfaWQ9JHt4OmZpbGVfaWR9XHUwMDI2cGRzX3BhcmFtcz0ke3g6cGRzX3BhcmFtc31cdTAwMjZ2ZXJzaW9uPSR7eDp2ZXJzaW9ufSIsImNhbGxiYWNrQm9keVR5cGUiOiJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiLCJjYWxsYmFja1N0YWdlIjoiYmVmb3JlLWV4ZWN1dGUiLCJjYWxsYmFja0ZhaWx1cmVBY3Rpb24iOiJpZ25vcmUifQ%3D%3D&callback-var=eyJ4OmRvbWFpbl9pZCI6ImJqMjkiLCJ4OnVzZXJfaWQiOiJlYTgyYjkxY2I3NDQ0YjA4YWM4MTBkM2YwNDBlZTE0MyIsIng6ZHJpdmVfaWQiOiI4NjA5OTQwMjQiLCJ4OmZpbGVfaWQiOiI2N2E3NGMzZjQ1ZjJmMzdmZTJiMzQxZTVhNWJkYWI2YzI0ZjNjYWVlIiwieDpwZHNfcGFyYW1zIjoie1wiYXBcIjpcIjc2OTE3Y2NjY2Q0NDQxYzM5NDU3YTA0ZjYwODRmYjJmXCJ9IiwieDp2ZXJzaW9uIjoidjMifQ%3D%3D&di=bj29&dr=860994024&f=67a74c3f45f2f37fe2b341e5a5bdab6c24f3caee&pds-params=%7B%22ap%22%3A%2276917ccccd4441c39457a04f6084fb2f%22%7D&response-content-disposition=attachment%3B%20filename%2A%3DUTF-8%27%27xiagnrikui32.exe&security-token=CAISvgJ1q6Ft5B2yfSjIr5DELY7z26hlz4G4MFfH0VglY%2F9FpfbhtTz2IHhMf3NpBOkZvvQ1lGlU6%2Fcalq5rR4QAXlDfNSaoKyPqq1HPWZHInuDox55m4cTXNAr%2BIhr%2F29CoEIedZdjBe%2FCrRknZnytou9XTfimjWFrXWv%2Fgy%2BQQDLItUxK%2FcCBNCfpPOwJms7V6D3bKMuu3OROY6Qi5TmgQ41Uh1jgjtPzkkpfFtkGF1GeXkLFF%2B97DRbG%2FdNRpMZtFVNO44fd7bKKp0lQLs0ARrv4r1fMUqW2X543AUgFLhy2KKMPY99xpFgh9a7j0iCbSGyUu%2FhcRm5sw9%2Byfo34lVYneU9HEUAmdi4IClLcc%2BmqdsRIvJzWstJ7Gf9LWqChvSgk4TxhhcNFKSTQrInFCB0%2BcRObJl16irR%2F8QvXtuMkagAGLZjZhUom3FYOzfdzt9s9AXim1wLv4IrsWQ7la9Ws3qusx88FLrm3jwR2F%2Bl7iUi5BuKSCKmWC3ZGgXXUTc0S53pD4ET%2Byldi%2FsGzEFxGPHMCwmsePCZAfHY6SseNecjM%2FpHaR%2Brol9JGf%2FJL0%2FFck7r5S8VCdnwVues7LHbVJRyAA&u=ea82b91cb7444b08ac810d3f040ee143&x-oss-access-key-id=STS.NSqf4G6wDxCS2qv5XpopiJ3JW&x-oss-expires=1740878015&x-oss-signature=D7kMHNsnhSelH0NtI%2BqiFdJzZOVeDtQ3VZCHuBK2NHI%3D&x-oss-signature-version=OSS2
Referrer-Policy: no-referrer
Date: Sun, 02 Mar 2025 00:58:50 GMT
Transfer-Encoding: chunked

GET dl1.aliyundrive.cloud/pXjuqcXF%2F1276365%2F62abcdee02d5d74a1e3142c69c3553a717cda99f%2F62abcdee810faadb78a74316a6b44cd01ca111f8?callback=eyJjYWxsYmFja1VybCI6Imh0dHA6Ly9iajI5LmFwaS1ocC5hbGl5dW5wZHMuY29tL3YyL2ZpbGUvZG93bmxvYWRfY2FsbGJhY2siLCJjYWxsYmFja0JvZHkiOiJodHRwSGVhZGVyLnJhbmdlPSR7aHR0cEhlYWRlci5yYW5nZX1cdTAwMjZidWNrZXQ9JHtidWNrZXR9XHUwMDI2b2JqZWN0PSR7b2JqZWN0fVx1MDAyNmRvbWFpbl9pZD0ke3g6ZG9tYWluX2lkfVx1MDAyNnVzZXJfaWQ9JHt4OnVzZXJfaWR9XHUwMDI2ZHJpdmVfaWQ9JHt4OmRyaXZlX2lkfVx1MDAyNmZpbGVfaWQ9JHt4OmZpbGVfaWR9XHUwMDI2cGRzX3BhcmFtcz0ke3g6cGRzX3BhcmFtc31cdTAwMjZ2ZXJzaW9uPSR7eDp2ZXJzaW9ufSIsImNhbGxiYWNrQm9keVR5cGUiOiJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiLCJjYWxsYmFja1N0YWdlIjoiYmVmb3JlLWV4ZWN1dGUiLCJjYWxsYmFja0ZhaWx1cmVBY3Rpb24iOiJpZ25vcmUifQ%3D%3D&callback-var=eyJ4OmRvbWFpbl9pZCI6ImJqMjkiLCJ4OnVzZXJfaWQiOiJlYTgyYjkxY2I3NDQ0YjA4YWM4MTBkM2YwNDBlZTE0MyIsIng6ZHJpdmVfaWQiOiI4NjA5OTQwMjQiLCJ4OmZpbGVfaWQiOiI2N2E3NGMzZjQ1ZjJmMzdmZTJiMzQxZTVhNWJkYWI2YzI0ZjNjYWVlIiwieDpwZHNfcGFyYW1zIjoie1wiYXBcIjpcIjc2OTE3Y2NjY2Q0NDQxYzM5NDU3YTA0ZjYwODRmYjJmXCJ9IiwieDp2ZXJzaW9uIjoidjMifQ%3D%3D&di=bj29&dr=860994024&f=67a74c3f45f2f37fe2b341e5a5bdab6c24f3caee&pds-params=%7B%22ap%22%3A%2276917ccccd4441c39457a04f6084fb2f%22%7D&response-content-disposition=attachment%3B%20filename%2A%3DUTF-8%27%27xiagnrikui32.exe&security-token=CAISvgJ1q6Ft5B2yfSjIr5DELY7z26hlz4G4MFfH0VglY%2F9FpfbhtTz2IHhMf3NpBOkZvvQ1lGlU6%2Fcalq5rR4QAXlDfNSaoKyPqq1HPWZHInuDox55m4cTXNAr%2BIhr%2F29CoEIedZdjBe%2FCrRknZnytou9XTfimjWFrXWv%2Fgy%2BQQDLItUxK%2FcCBNCfpPOwJms7V6D3bKMuu3OROY6Qi5TmgQ41Uh1jgjtPzkkpfFtkGF1GeXkLFF%2B97DRbG%2FdNRpMZtFVNO44fd7bKKp0lQLs0ARrv4r1fMUqW2X543AUgFLhy2KKMPY99xpFgh9a7j0iCbSGyUu%2FhcRm5sw9%2Byfo34lVYneU9HEUAmdi4IClLcc%2BmqdsRIvJzWstJ7Gf9LWqChvSgk4TxhhcNFKSTQrInFCB0%2BcRObJl16irR%2F8QvXtuMkagAGLZjZhUom3FYOzfdzt9s9AXim1wLv4IrsWQ7la9Ws3qusx88FLrm3jwR2F%2Bl7iUi5BuKSCKmWC3ZGgXXUTc0S53pD4ET%2Byldi%2FsGzEFxGPHMCwmsePCZAfHY6SseNecjM%2FpHaR%2Brol9JGf%2FJL0%2FFck7r5S8VCdnwVues7LHbVJRyAA&u=ea82b91cb7444b08ac810d3f040ee143&x-oss-access-key-id=STS.NSqf4G6wDxCS2qv5XpopiJ3JW&x-oss-expires=1740878015&x-oss-signature=D7kMHNsnhSelH0NtI%2BqiFdJzZOVeDtQ3VZCHuBK2NHI%3D&x-oss-signature-version=OSS2

114.250.50.182

200 OK

11 MB

URL User Request GET HTTP/1.1
dl1.aliyundrive.cloud/pXjuqcXF%2F1276365%2F62abcdee02d5d74a1e3142c69c3553a717cda99f%2F62abcdee810faadb78a74316a6b44cd01ca111f8?callback=eyJjYWxsYmFja1VybCI6Imh0dHA6Ly9iajI5LmFwaS1ocC5hbGl5dW5wZHMuY29tL3YyL2ZpbGUvZG93bmxvYWRfY2FsbGJhY2siLCJjYWxsYmFja0JvZHkiOiJodHRwSGVhZGVyLnJhbmdlPSR7aHR0cEhlYWRlci5yYW5nZX1cdTAwMjZidWNrZXQ9JHtidWNrZXR9XHUwMDI2b2JqZWN0PSR7b2JqZWN0fVx1MDAyNmRvbWFpbl9pZD0ke3g6ZG9tYWluX2lkfVx1MDAyNnVzZXJfaWQ9JHt4OnVzZXJfaWR9XHUwMDI2ZHJpdmVfaWQ9JHt4OmRyaXZlX2lkfVx1MDAyNmZpbGVfaWQ9JHt4OmZpbGVfaWR9XHUwMDI2cGRzX3BhcmFtcz0ke3g6cGRzX3BhcmFtc31cdTAwMjZ2ZXJzaW9uPSR7eDp2ZXJzaW9ufSIsImNhbGxiYWNrQm9keVR5cGUiOiJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiLCJjYWxsYmFja1N0YWdlIjoiYmVmb3JlLWV4ZWN1dGUiLCJjYWxsYmFja0ZhaWx1cmVBY3Rpb24iOiJpZ25vcmUifQ%3D%3D&callback-var=eyJ4OmRvbWFpbl9pZCI6ImJqMjkiLCJ4OnVzZXJfaWQiOiJlYTgyYjkxY2I3NDQ0YjA4YWM4MTBkM2YwNDBlZTE0MyIsIng6ZHJpdmVfaWQiOiI4NjA5OTQwMjQiLCJ4OmZpbGVfaWQiOiI2N2E3NGMzZjQ1ZjJmMzdmZTJiMzQxZTVhNWJkYWI2YzI0ZjNjYWVlIiwieDpwZHNfcGFyYW1zIjoie1wiYXBcIjpcIjc2OTE3Y2NjY2Q0NDQxYzM5NDU3YTA0ZjYwODRmYjJmXCJ9IiwieDp2ZXJzaW9uIjoidjMifQ%3D%3D&di=bj29&dr=860994024&f=67a74c3f45f2f37fe2b341e5a5bdab6c24f3caee&pds-params=%7B%22ap%22%3A%2276917ccccd4441c39457a04f6084fb2f%22%7D&response-content-disposition=attachment%3B%20filename%2A%3DUTF-8%27%27xiagnrikui32.exe&security-token=CAISvgJ1q6Ft5B2yfSjIr5DELY7z26hlz4G4MFfH0VglY%2F9FpfbhtTz2IHhMf3NpBOkZvvQ1lGlU6%2Fcalq5rR4QAXlDfNSaoKyPqq1HPWZHInuDox55m4cTXNAr%2BIhr%2F29CoEIedZdjBe%2FCrRknZnytou9XTfimjWFrXWv%2Fgy%2BQQDLItUxK%2FcCBNCfpPOwJms7V6D3bKMuu3OROY6Qi5TmgQ41Uh1jgjtPzkkpfFtkGF1GeXkLFF%2B97DRbG%2FdNRpMZtFVNO44fd7bKKp0lQLs0ARrv4r1fMUqW2X543AUgFLhy2KKMPY99xpFgh9a7j0iCbSGyUu%2FhcRm5sw9%2Byfo34lVYneU9HEUAmdi4IClLcc%2BmqdsRIvJzWstJ7Gf9LWqChvSgk4TxhhcNFKSTQrInFCB0%2BcRObJl16irR%2F8QvXtuMkagAGLZjZhUom3FYOzfdzt9s9AXim1wLv4IrsWQ7la9Ws3qusx88FLrm3jwR2F%2Bl7iUi5BuKSCKmWC3ZGgXXUTc0S53pD4ET%2Byldi%2FsGzEFxGPHMCwmsePCZAfHY6SseNecjM%2FpHaR%2Brol9JGf%2FJL0%2FFck7r5S8VCdnwVues7LHbVJRyAA&u=ea82b91cb7444b08ac810d3f040ee143&x-oss-access-key-id=STS.NSqf4G6wDxCS2qv5XpopiJ3JW&x-oss-expires=1740878015&x-oss-signature=D7kMHNsnhSelH0NtI%2BqiFdJzZOVeDtQ3VZCHuBK2NHI%3D&x-oss-signature-version=OSS2
IP
114.250.50.182:443
ASN
#4808 China Unicom Beijing Province Network

Certificate
IssuerGlobalSign nv-sa
Subjectaliyundrive.cloud
Fingerprint38:7E:F8:B6:EF:51:38:1F:52:84:BC:96:BE:62:C4:37:01:3D:5F:72
ValidityFri, 26 Jul 2024 07:56:02 GMT - Wed, 27 Aug 2025 07:56:01 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
11 MB (11414968 bytes)
Hash
55726ad06d8ad4484210345b195d285a
f14856c4fd07614055662a3613d437351e6a3fc6
9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/70

HTTP Headers

GET /pXjuqcXF%2F1276365%2F62abcdee02d5d74a1e3142c69c3553a717cda99f%2F62abcdee810faadb78a74316a6b44cd01ca111f8?callback=eyJjYWxsYmFja1VybCI6Imh0dHA6Ly9iajI5LmFwaS1ocC5hbGl5dW5wZHMuY29tL3YyL2ZpbGUvZG93bmxvYWRfY2FsbGJhY2siLCJjYWxsYmFja0JvZHkiOiJodHRwSGVhZGVyLnJhbmdlPSR7aHR0cEhlYWRlci5yYW5nZX1cdTAwMjZidWNrZXQ9JHtidWNrZXR9XHUwMDI2b2JqZWN0PSR7b2JqZWN0fVx1MDAyNmRvbWFpbl9pZD0ke3g6ZG9tYWluX2lkfVx1MDAyNnVzZXJfaWQ9JHt4OnVzZXJfaWR9XHUwMDI2ZHJpdmVfaWQ9JHt4OmRyaXZlX2lkfVx1MDAyNmZpbGVfaWQ9JHt4OmZpbGVfaWR9XHUwMDI2cGRzX3BhcmFtcz0ke3g6cGRzX3BhcmFtc31cdTAwMjZ2ZXJzaW9uPSR7eDp2ZXJzaW9ufSIsImNhbGxiYWNrQm9keVR5cGUiOiJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiLCJjYWxsYmFja1N0YWdlIjoiYmVmb3JlLWV4ZWN1dGUiLCJjYWxsYmFja0ZhaWx1cmVBY3Rpb24iOiJpZ25vcmUifQ%3D%3D&callback-var=eyJ4OmRvbWFpbl9pZCI6ImJqMjkiLCJ4OnVzZXJfaWQiOiJlYTgyYjkxY2I3NDQ0YjA4YWM4MTBkM2YwNDBlZTE0MyIsIng6ZHJpdmVfaWQiOiI4NjA5OTQwMjQiLCJ4OmZpbGVfaWQiOiI2N2E3NGMzZjQ1ZjJmMzdmZTJiMzQxZTVhNWJkYWI2YzI0ZjNjYWVlIiwieDpwZHNfcGFyYW1zIjoie1wiYXBcIjpcIjc2OTE3Y2NjY2Q0NDQxYzM5NDU3YTA0ZjYwODRmYjJmXCJ9IiwieDp2ZXJzaW9uIjoidjMifQ%3D%3D&di=bj29&dr=860994024&f=67a74c3f45f2f37fe2b341e5a5bdab6c24f3caee&pds-params=%7B%22ap%22%3A%2276917ccccd4441c39457a04f6084fb2f%22%7D&response-content-disposition=attachment%3B%20filename%2A%3DUTF-8%27%27xiagnrikui32.exe&security-token=CAISvgJ1q6Ft5B2yfSjIr5DELY7z26hlz4G4MFfH0VglY%2F9FpfbhtTz2IHhMf3NpBOkZvvQ1lGlU6%2Fcalq5rR4QAXlDfNSaoKyPqq1HPWZHInuDox55m4cTXNAr%2BIhr%2F29CoEIedZdjBe%2FCrRknZnytou9XTfimjWFrXWv%2Fgy%2BQQDLItUxK%2FcCBNCfpPOwJms7V6D3bKMuu3OROY6Qi5TmgQ41Uh1jgjtPzkkpfFtkGF1GeXkLFF%2B97DRbG%2FdNRpMZtFVNO44fd7bKKp0lQLs0ARrv4r1fMUqW2X543AUgFLhy2KKMPY99xpFgh9a7j0iCbSGyUu%2FhcRm5sw9%2Byfo34lVYneU9HEUAmdi4IClLcc%2BmqdsRIvJzWstJ7Gf9LWqChvSgk4TxhhcNFKSTQrInFCB0%2BcRObJl16irR%2F8QvXtuMkagAGLZjZhUom3FYOzfdzt9s9AXim1wLv4IrsWQ7la9Ws3qusx88FLrm3jwR2F%2Bl7iUi5BuKSCKmWC3ZGgXXUTc0S53pD4ET%2Byldi%2FsGzEFxGPHMCwmsePCZAfHY6SseNecjM%2FpHaR%2Brol9JGf%2FJL0%2FFck7r5S8VCdnwVues7LHbVJRyAA&u=ea82b91cb7444b08ac810d3f040ee143&x-oss-access-key-id=STS.NSqf4G6wDxCS2qv5XpopiJ3JW&x-oss-expires=1740878015&x-oss-signature=D7kMHNsnhSelH0NtI%2BqiFdJzZOVeDtQ3VZCHuBK2NHI%3D&x-oss-signature-version=OSS2 HTTP/1.1
Host: dl1.aliyundrive.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Mar 2025 00:58:51 GMT
Content-Type: application/oct-stream
Content-Length: 11414968
Connection: keep-alive
x-oss-request-id: 67C3AD4B52CE713337EE86FF
Vary: Origin
ETag: "6AADF0CC4F3F0D11BA0A827F3B4882DC-2"
Last-Modified: Fri, 17 Jun 2022 00:42:24 GMT
x-oss-object-type: Multipart
x-oss-hash-func: SHA-1
x-oss-hash-value: F14856C4FD07614055662A3613D437351E6A3FC6
x-oss-hash-crc64ecma: 3853856271054430544
x-oss-storage-class: Standard
Content-Disposition: attachment; filename*=UTF-8''xiagnrikui32.exe
Content-MD5: VXJq0G2K1EhCEDRbGV0oWg==
x-oss-server-time: 39
Accept-Ranges: bytes, bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers