Report - activity.c360dn.com/5cff0ed3036b582974.zip

Report Overview

Submitted URL
activity.c360dn.com/5cff0ed3036b582974.zip
IP
124.236.97.249
ASN
#134760 Shijiazhuang IDC network, CHINANET Hebei province
Submitted
2024-04-16 16:15:32
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
activity.c360dn.com	unknown	2015-01-06	2017-02-19	2024-04-13	496 B	9.9 MB	122.228.207.55

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
activity.c360dn.com/5cff0ed3036b582974.zip
IP
122.228.207.55
ASN
#134771 WENZHOU, ZHEJIANG Province, P.R.China.

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
9.9 MB (9911178 bytes)
Hash
4f03138ab2a2a87706370b277198b6d4
deda5e2b72f4c04387226ad0ecc858b6d68ec09b
03f07165c52994116c06bdd48fd7840e471c7f70d048f0aea1abbcbffb9124eb

Archive (9)

Filename

Md5

File type

libPGMakeUpLab.so

a3ce10b306c48886e3d23ff5c6914aa2

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libPGEquinoxEngine.so

cff5c97cea8e6a5f9ac372ed5015eb26

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libPinguoDNN.so

bfd965279f337539051b04d6f8afb25d

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libPGMakeUpLab.so

e2cc856839eb2a96a9a5166b8e72ea37

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libPGEquinoxEngine.so

889e14c957db41032a67d04cd77bf30c

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libPinguoDNN.so

2b966a6efeab7ab052dc2d8c1ac0d131

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

pinguo_hair_model.pmm

cf19ec6eff8047b5fef5b128dd578659

data

pinguo_makeup_model.zip

0471c39c619e2fd17a92592bbd446c01

Zip archive data, at least v2.0 to extract, compression method=deflate

pinguo_portrait_model.pmm

17e8e4168a619c3dde12569ff129dff4

OpenPGP Secret Key

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	activity.c360dn.com/5cff0ed3036b582974.zip	122.228.207.55	200 OK	9.9 MB
URL User Request GET HTTP/1.1 activity.c360dn.com/5cff0ed3036b582974.zip IP 122.228.207.55:443 ASN #134771 WENZHOU, ZHEJIANG Province, P.R.China. Certificate IssuerDigiCert Inc Subject.c360dn.com Fingerprint89:95:38:86:32:9E:7D:AE:26:3B:8D:A5:BB:64:16:4A:C3:E5:29:04 ValidityTue, 12 Sep 2023 00:00:00 GMT - Wed, 09 Oct 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 9.9 MB (9911178 bytes) Hash 4f03138ab2a2a87706370b277198b6d4 deda5e2b72f4c04387226ad0ecc858b6d68ec09b 03f07165c52994116c06bdd48fd7840e471c7f70d048f0aea1abbcbffb9124eb HTTP Headers `GET /5cff0ed3036b582974.zip HTTP/1.1 Host: activity.c360dn.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: openresty Date: Tue, 16 Apr 2024 16:15:05 GMT Content-Type: application/zip Content-Length: 9911178 Connection: keep-alive Accept-Ranges: bytes Access-Control-Allow-Origin: Access-Control-Expose-Headers: X-Log, X-Reqid Access-Control-Max-Age: 2592000 Age: 16 Cache-Control: public, max-age=31536000 Content-Disposition: inline; filename="5cff0ed3036b582974.zip"; filename*=utf-8''5cff0ed3036b582974.zip Content-Md5: TwMTirKiqHcGNwsncZi21A== Content-Transfer-Encoding: binary Etag: "lpnpIPnM85i2M4WwhRrxlANAzKeQ" Last-Modified: Tue, 11 Jun 2019 02:15:48 GMT X-Log: X-Log X-M-Log: QNM:cdn-cache-dls-zjwz-wz-12;QNM:jjh3231;QNM3/304;QNM3:29 X-M-Reqid: 7YuVmcXfE X-Qiniu-Zone: 0 X-Qnm-Cache: Validate,Hit X-Reqid: kXUAAAAFApg2arsX X-Svr: IO

activity.c360dn.com/5cff0ed3036b582974.zip

122.228.207.55

200 OK

9.9 MB

URL User Request GET HTTP/1.1
activity.c360dn.com/5cff0ed3036b582974.zip
IP
122.228.207.55:443
ASN
#134771 WENZHOU, ZHEJIANG Province, P.R.China.

Certificate
IssuerDigiCert Inc
Subject*.c360dn.com
Fingerprint89:95:38:86:32:9E:7D:AE:26:3B:8D:A5:BB:64:16:4A:C3:E5:29:04
ValidityTue, 12 Sep 2023 00:00:00 GMT - Wed, 09 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
9.9 MB (9911178 bytes)
Hash
4f03138ab2a2a87706370b277198b6d4
deda5e2b72f4c04387226ad0ecc858b6d68ec09b
03f07165c52994116c06bdd48fd7840e471c7f70d048f0aea1abbcbffb9124eb

HTTP Headers

GET /5cff0ed3036b582974.zip HTTP/1.1
Host: activity.c360dn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 16 Apr 2024 16:15:05 GMT
Content-Type: application/zip
Content-Length: 9911178
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Age: 16
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="5cff0ed3036b582974.zip"; filename*=utf-8''5cff0ed3036b582974.zip
Content-Md5: TwMTirKiqHcGNwsncZi21A==
Content-Transfer-Encoding: binary
Etag: "lpnpIPnM85i2M4WwhRrxlANAzKeQ"
Last-Modified: Tue, 11 Jun 2019 02:15:48 GMT
X-Log: X-Log
X-M-Log: QNM:cdn-cache-dls-zjwz-wz-12;QNM:jjh3231;QNM3/304;QNM3:29
X-M-Reqid: 7YuVmcXfE
X-Qiniu-Zone: 0
X-Qnm-Cache: Validate,Hit
X-Reqid: kXUAAAAFApg2arsX
X-Svr: IO

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (9)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers