Report - x8x8qq.net/ver/update.zip

Report Overview

Submitted URL
x8x8qq.net/ver/update.zip
IP
104.21.64.184
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 01:35:47
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
x8x8qq.net	unknown	2015-08-10	2015-08-11	2023-10-04	479 B	3.4 MB	104.21.64.184
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
x8x8qq.net/ver/update.zip
IP
104.21.64.184
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.4 MB (3445393 bytes)
Hash
374f623ab78e6a73926b19eeb94f82b8
5e71f1f20b68bfb23fe9f1b6643b66899e9d49a2
a4fb6cb44330fb8f1614a948d6aaa25b03f5585341701ab0706e4a5ec1ededc7

Archive (29)

Filename

Md5

File type

mfc90u.dll

b9030d821e099c79de1c9125b790e2da

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

mfcm90.dll

d4e7c1546cf3131b7d84b39f8da9e321

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

mfcm90u.dll

371226b8346f29011137c7aa9e93f2f6

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

Microsoft.VC90.CRT.manifest

ef6a2dfbd914169a3209137ab7b97e05

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1506), with CRLF line terminators

Microsoft.VC90.MFC.manifest

ce3ab3bd3ff80fce88dcb0ea3d48a0c9

XML 1.0 document, ASCII text, with CRLF line terminators

msvcp90.dll

871f979d70414c900b35e56222932daf

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr90.dll

4d03ca609e68f4c90cf66515218017f8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

msvcr100.dll

32fc1a3bfd9bedbf2dd73d65b40c2034

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

nircmd.exe

15c636813b229b3c9339dc8391e2104e

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

profile.dat

d2974f93be66ba6ce561c8cda3f3bb39

SQLite 3.x database, last written using SQLite version 3008010, page size 1024, file counter 419, database pages 18, 1st free page 15, free pages 12, cookie 0xb, schema 4, UTF-8, version-valid-for 419

pthreadVC2.dll

7812f0f73eda837e9353b3a433abc9a9

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

SinBa.exe

a3553512fc85bd9e98f952a9c11dac34

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

update.ini

382593f0451bb0786a4d088872b3b527

Generic INItialization configuration [UserUpdateInfo]

WatchUpdate.ini

af88a95a76b6d7d94113e5fcff1c749d

Generic INItialization configuration [Update]

blank.html

a2cc3b13a41f473859246ff6793b62ac

HTML document, ASCII text, with CRLF line terminators

blocklist.dat

aceb6492ac8dbab4ebd9687c3445164e

ASCII text, with very long lines (1584), with no line terminators

error.html

ddf9f4c65d83d2f826b769da2d0343a0

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

offcancl.html

fe5f55d05b27053b3637b119bbe18d96

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

reject.html

8d53e0fed3c64654e2880c555b7c40b0

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

bg.png

98562c451eb318241f64fc3c225b41c9

PNG image data, 8 x 8, 8-bit/color RGB, non-interlaced

infobg.png

0ccf113fdb9c1a579b3fd8a4c583e850

PNG image data, 610 x 420, 8-bit/color RGBA, non-interlaced

logo.png

690e2d8d04a46803860892896e68eb3e

PNG image data, 124 x 73, 8-bit/color RGBA, non-interlaced

web_nav.html

a2cc3b13a41f473859246ff6793b62ac

HTML document, ASCII text, with CRLF line terminators

error.css

eca5553ddf04e922be40b961fea19923

Unicode text, UTF-8 text, with CRLF line terminators

ConfigTool.exe

1ec54d105a3d1b10295338794f35d833

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

default.zip

a818ba558c1ea6e440b65474e4c7912c

Zip archive data, at least v2.0 to extract, compression method=deflate

GGDUI.dll

463b0b4ed6093a6abf057c04b571d3ea

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

loginfo.properties

1f71c0bc2c9ee903c72d393e79a12457

ASCII text, with CRLF line terminators

mfc90.dll

462ddcc5eb88f34aed991416f8e354b2

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/62

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

x8x8qq.net/ver/update.zip

104.21.64.184

3.4 MB

URL
x8x8qq.net/ver/update.zip
IP
104.21.64.184:0
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.4 MB (3445393 bytes)
Hash
374f623ab78e6a73926b19eeb94f82b8
5e71f1f20b68bfb23fe9f1b6643b66899e9d49a2
a4fb6cb44330fb8f1614a948d6aaa25b03f5585341701ab0706e4a5ec1ededc7

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/62

HTTP Headers

GET /ver/update.zip HTTP/1.1
Host: x8x8qq.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:35:20 GMT
content-type: application/zip
content-length: 3445393
last-modified: Tue, 23 Apr 2024 02:28:38 GMT
etag: "66271cd6-349291"
x-powered-by: Lua 5.4.0
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wnD3mPdTANAZBu3I1Ej7t%2Blmk8RXtdlneGZDRYzIHSaCZ4%2B96awU%2FzFZMAo6GYktRoHJhA27wYCjNjwqZ7fqlhmVvjetn8%2FOnI85kkg0WiN8erB5crnW8PPORoCM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805b6667eb3b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=esjIg9GWdxTgzKots9X_a9myYAa8L6gzvWXvlBw29AhL5A79DgHsfacK6ULxGg6m2QflX9oYtJTURJbdpVNsB4XI5zzSI8q9Ttrr5adjGAq3zojB4G86NX13bf9dXnJW
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 08 May 2024 01:34:21 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 78
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (29)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers