Report - lx.patch1.9you.com/xlwan/%E8%BF%85%E9%9B%B7

Report Overview

Visitedpublic

2023-12-01 05:21:49

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2023-11-30 05:12:07	345 B	963 B	172.64.149.190
lx.patch1.9you.com	unknown	2003-04-18	2017-04-05 09:49:19	2023-11-24 15:06:23	448 B	23 MB	1.194.253.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 05:21:38	high	1.194.253.35	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

lx.patch1.9you.com/xlwan/%E8%BF%85%E9%9B%B7_%E7%A5%9E%E5%BA%A7.exe

IP / ASN

1.194.253.35

#4134 Chinanet

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows\012- data

Size23 MB (23173544 bytes)

MD5fb0d7de37113231009ee80dde1619a92

SHA12456ea343101d9393123dcc920e80193eacf8438

SHA256cd74e571a05eff9aaf93a820c304d5ede929e85142ccb43469e6f6447c1be82e

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.sectigochina.com/

172.64.149.190

471 B

URL

ocsp.sectigochina.com/

IP / ASN

172.64.149.190

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typedata

First Seen2023-11-30

Last Seen2023-12-03

Times Seen32

Size471 B (471 bytes)

MD5f243d39a04919038228002298cab0c59

SHA1251d31745f1b55014b814dc0ef2d81de58098bf7

SHA256e91f4fa8e3bc7d77e63fb95d339272caa6ca8b66db30019477b5c5334c6ae81a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 05:21:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 30 Nov 2023 06:12:53 GMT
Expires: Thu, 07 Dec 2023 06:12:52 GMT
Etag: "251d31745f1b55014b814dc0ef2d81de58098bf7"
Cache-Control: max-age=521112,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82e8e3262e9a56bd-OSL

GET lx.patch1.9you.com/xlwan/%E8%BF%85%E9%9B%B7_%E7%A5%9E%E5%BA%A7.exe

1.194.253.35

200 OK

23 MB

URL

lx.patch1.9you.com/xlwan/%E8%BF%85%E9%9B%B7_%E7%A5%9E%E5%BA%A7.exe

IP / ASN

1.194.253.35

#4134 Chinanet

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows\012- data

First Seen2023-06-01

Last Seen2024-08-21

Times Seen24

Size23 MB (23173544 bytes)

MD5fb0d7de37113231009ee80dde1619a92

SHA12456ea343101d9393123dcc920e80193eacf8438

SHA256cd74e571a05eff9aaf93a820c304d5ede929e85142ccb43469e6f6447c1be82e

Detections

Analyzer	Verdict	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /xlwan/%E8%BF%85%E9%9B%B7_%E7%A5%9E%E5%BA%A7.exe HTTP/1.1
Host: lx.patch1.9you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 01 Dec 2023 05:21:33 GMT
Content-Type: application/x-msdownload
Content-Length: 23173544
Connection: keep-alive
Last-Modified: Thu, 07 May 2020 11:53:50 GMT
ETag: "5eb3f6ce-16199a8"
Age: 82763
Accept-Ranges: bytes
Ohc-Global-Saved-Time: Thu, 23 Nov 2023 08:35:43 GMT
Ohc-Cache-HIT: xxct59 [4], xiangyix162 [4]
Ohc-File-Size: 23173544
X-Cache-Status: HIT