| ocsp.digicert.cn/ |  47.246.3.232 | | 471 B |
IP47.246.3.232:0 ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hash2812f914b8a24e42cd4a5d72328c1889 196893dc969fce70da86eb1b3629d62b33e5ad55 4c4df298b913b02df9947ac9891b834c1a3c9c284c9e238dbee8f33b8e9f2955
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 01:27:51 GMT
Ali-Swift-Global-Savetime: 1715131671
Via: cache40.l2fr1[57,57,200-0,M], cache40.l2fr1[58,0], cache8.ru4[114,114,200-0,M], cache8.ru4[115,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 08 May 2024 01:27:51 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039c17151316711832192e
|
|
| imtt.dd.qq.com/sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk |  42.231.136.42 | 302 Found | 0 B |
URL User Request GET HTTP/1.1imtt.dd.qq.com/sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk IP42.231.136.42:443 ASN#4837 CHINA UNICOM China169 Backbone
CertificateIssuerDigiCert Inc Subjectweixin.qq.com FingerprintA9:6A:FF:D1:5D:A0:74:DC:00:D8:29:62:18:23:97:68:20:BE:71:23 ValidityThu, 11 May 2023 00:00:00 GMT - Tue, 28 May 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk HTTP/1.1
Host: imtt.dd.qq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: ZTC
Date: Wed, 08 May 2024 01:27:50 GMT
Expires: Wed, 08 May 2024 01:27:50 GMT
Location: https://95dabfec11ec15538330ee51e15f7f87.dlied1.cdntips.net/imtt.dd.qq.com/sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk?mkey=663af3e25b5a0c6f&f=0000&cip=91.90.42.154&proto=https
Content-Length: 0
X-NWS-LOG-UUID: 18214741813074544367
Connection: keep-alive
X-Cache-Lookup: Cache Miss
Cache-Control: max-age=31536000
Content-Disposition: attachment; filename=4EC436219BF50F52E251E5FD2C76E9BE.apk
|
|
| ocsp.digicert.cn/ | 47.246.3.232 | | 471 B |
IP47.246.3.232:0 ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hashcbcae3d03d2f90170ea05c3cea7c053f 83a866a007d6b4d4ec474c8d47644fe6ec01fa22 9f539cb116daaa8d5aaa97038478d78d944fd4cd78b06ef2146f2cec53010374
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 01:27:53 GMT
Ali-Swift-Global-Savetime: 1715131673
Via: cache17.l2fr1[519,518,200-0,M], cache17.l2fr1[520,0], cache8.ru4[576,575,200-0,M], cache8.ru4[576,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 08 May 2024 01:27:53 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039c17151316728832800e
|
|
| imtt.dd.qq.com/ | 42.231.136.148 | | 0 B |
IP42.231.136.148:0 ASN#4837 CHINA UNICOM China169 Backbone
CertificateIssuerDigiCert Inc Subjectweixin.qq.com FingerprintA9:6A:FF:D1:5D:A0:74:DC:00:D8:29:62:18:23:97:68:20:BE:71:23 ValidityThu, 11 May 2023 00:00:00 GMT - Tue, 28 May 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: imtt.dd.qq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: ZTC
Date: Wed, 08 May 2024 01:27:53 GMT
Expires: Wed, 08 May 2024 01:27:53 GMT
Location: http://43.152.15.39/imtt.dd.qq.com/?mkey=663af3ef5b5a0c6f&f=8a4e&cip=91.90.42.154&proto=http
Content-Length: 0
X-NWS-LOG-UUID: 17150527733742388269
Connection: keep-alive
X-Cache-Lookup: Cache Miss
Cache-Control: max-age=31536000
|
|
| ocsp.digicert.cn/ | 47.246.3.233 | | 471 B |
IP47.246.3.233:0 ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hashcbcae3d03d2f90170ea05c3cea7c053f 83a866a007d6b4d4ec474c8d47644fe6ec01fa22 9f539cb116daaa8d5aaa97038478d78d944fd4cd78b06ef2146f2cec53010374
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 01:27:54 GMT
Ali-Swift-Global-Savetime: 1715131674
Via: cache25.l2fr1[1351,1351,200-0,M], cache25.l2fr1[1352,0], cache4.ru4[1408,1408,200-0,M], cache4.ru4[1409,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 08 May 2024 01:27:54 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039817151316731707751e
|
|
| 43.152.15.39/imtt.dd.qq.com/?mkey=663af3ef5b5a0c6f&f=8a4e&cip=91.90.42.154&proto=http |  43.152.15.39 | | 0 B |
URL 43.152.15.39/imtt.dd.qq.com/?mkey=663af3ef5b5a0c6f&f=8a4e&cip=91.90.42.154&proto=http IP43.152.15.39:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /imtt.dd.qq.com/?mkey=663af3ef5b5a0c6f&f=8a4e&cip=91.90.42.154&proto=http HTTP/1.1
Host: 43.152.15.39
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
Server: NWSs
Date: Fri, 26 Apr 2024 19:42:50 GMT
Content-Type: application/x-directory
Ip: 11.160.1.183
x-cos-storage-class: STANDARD_IA
x-cos-hash-crc64ecma: 0
Content-Disposition: attachment
x-cos-object-type: normal
Accept-Ranges: bytes
X-Cache-Lookup: Cache Hit, Hit From Inner Cluster, Cache Miss
Last-Modified: Tue, 18 Jul 2023 08:53:21 GMT
Content-Length: 0
X-NWS-LOG-UUID: 8300838114139670312
Connection: keep-alive
Cache-Control: max-age=31536000
|
|
| 95dabfec11ec15538330ee51e15f7f87.dlied1.cdntips.net/imtt.dd.qq.com/sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk?mkey=663af3e25b5a0c6f&f=0000&cip=91.90.42.154&proto=https | 43.152.14.43 | 200 OK | 311 kB |
URL User Request GET HTTP/1.195dabfec11ec15538330ee51e15f7f87.dlied1.cdntips.net/imtt.dd.qq.com/sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk?mkey=663af3e25b5a0c6f&f=0000&cip=91.90.42.154&proto=https IP43.152.14.43:443
CertificateIssuerDigiCert Inc Subjectdlied1.cdntips.net Fingerprint05:26:11:14:24:30:34:39:C5:22:A5:51:D6:75:A9:65:14:66:E8:78 ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 13 Aug 2024 23:59:59 GMT
File typeAndroid package (APK), with AndroidManifest.xml Zip archive data, at least v0.0 to extract, compression method=deflate Size311 kB (311296 bytes) Hash683dce5a1af690b15a496ec634387963 07b532620ab76ef4012787445ee4b16f8c3ff5c8 17b27bb1388089d8d91031cc4b83f4044904b9bb07cbc99720dc085ad115c447
GET /imtt.dd.qq.com/sjy.20002/16891/apk/4EC436219BF50F52E251E5FD2C76E9BE.apk?mkey=663af3e25b5a0c6f&f=0000&cip=91.90.42.154&proto=https HTTP/1.1
Host: 95dabfec11ec15538330ee51e15f7f87.dlied1.cdntips.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Last-Modified: Fri, 04 Mar 2022 02:32:06 GMT
Etag: "8f87df17a98d1c6843211ea84f29eeb815a81ddf"
Server: NWSs
Date: Mon, 01 Apr 2024 19:43:31 GMT
Content-Type: application/vnd.android.package-archive
Ip: 11.160.4.236
x-cos-storage-class: STANDARD_IA
x-cos-hash-crc64ecma: 2716318981198165281
x-cos-object-type: normal
Content-Length: 43973239
Accept-Ranges: bytes
X-NWS-LOG-UUID: 14444622396206988656
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Cache-Control: max-age=31536000
Content-Disposition: attachment; filename=4EC436219BF50F52E251E5FD2C76E9BE.apk
|
|