Report - xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org/address/%E5%8F%91%E5%B8%83%E5%99%A8(%E5%8F%A3%E4%BB%A4%EF%BC%9A%E8%97%8F%E5%A4%A9%E4%B8%8B).win10.zip

Report Overview

Visited public
2025-03-14 01:57:02
Tags
Submit Tags
URL
xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org/address/%E5%8F%91%E5%B8%83%E5%99%A8(%E5%8F%A3%E4%BB%A4%EF%BC%9A%E8%97%8F%E5%A4%A9%E4%B8%8B).win10.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.48.1
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org	unknown	2018-12-06	2025-03-14	2025-03-14	630 B	543 kB	104.21.112.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org/address/%E5%8F%91%E5%B8%83%E5%99%A8(%E5%8F%A3%E4%BB%A4%EF%BC%9A%E8%97%8F%E5%A4%A9%E4%B8%8B).win10.zip
IP
104.21.112.1
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
542 kB (542103 bytes)
Hash
dd97cba632a118df5ecb3005a3f3329d
691e21f2fe53df6d37915147584b74c4adfd945d
eaaa9c3d3056251f480a6d395a29226dafe2c0c3ce3b9ed0281ff4d1800ee0ca

Archive (1)

Filename

Md5

File type

����.exe

39ad7bebd11a1a94bcf4601b7241319d

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org/address/%E5%8F%91%E5%B8%83%E5%99%A8(%E5%8F%A3%E4%BB%A4%EF%BC%9A%E8%97%8F%E5%A4%A9%E4%B8%8B).win10.zip

104.21.112.1

200 OK

542 kB

URL User Request GET
xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org/address/%E5%8F%91%E5%B8%83%E5%99%A8(%E5%8F%A3%E4%BB%A4%EF%BC%9A%E8%97%8F%E5%A4%A9%E4%B8%8B).win10.zip
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectctxdh.org
Fingerprint7E:B9:BF:8C:33:9E:DB:3D:DE:49:B8:89:F9:FC:85:8D:71:A3:3D:BF
ValiditySat, 18 Jan 2025 21:40:14 GMT - Fri, 18 Apr 2025 22:37:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
542 kB (542103 bytes)
Hash
dd97cba632a118df5ecb3005a3f3329d
691e21f2fe53df6d37915147584b74c4adfd945d
eaaa9c3d3056251f480a6d395a29226dafe2c0c3ce3b9ed0281ff4d1800ee0ca

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/64

HTTP Headers

GET /address/%E5%8F%91%E5%B8%83%E5%99%A8(%E5%8F%A3%E4%BB%A4%EF%BC%9A%E8%97%8F%E5%A4%A9%E4%B8%8B).win10.zip HTTP/1.1
Host: xn--a7pfulidizhi888-at-gmail-com-2o73c408emg1spmkf.ctxdh.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 01:56:41 GMT
content-type: application/zip
content-length: 542103
last-modified: Wed, 27 Jan 2021 03:31:24 GMT
etag: "6010de8c-84597"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QC2u6YA84pcrR0gnoX4tsCchsNRkZGrF0lpkWWhP8imm793tW5%2BXpDcc4EN09YcVenZSFjpy9S46c7SRHhvi3CVJ4dGbwRKhIhKy7M9D723GXqj1nvBUP468fC0U17c%2Fi6uTcerc42HsbUSEexDbrraWrx1CcXrETS8AHbC29%2BnwyJvs0w8D3ajUciY3pGo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 920027e96c51b517-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=65647&min_rtt=59273&rtt_var=20705&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3190&recv_bytes=1236&delivery_rate=62548&cwnd=254&unsent_bytes=0&cid=7f83198d6a561332&ts=1144&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (1)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers