Report - server.duominuo.com:8056/domino.zip?rnd=%25d

Report Overview

Submitted URL
server.duominuo.com:8056/domino.zip?rnd=%25d
IP
119.3.72.22
ASN
#55990 Huawei Cloud Service data center
Submitted
2024-04-17 13:01:05
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
	unknown				414 B	255 kB	119.3.72.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
server.duominuo.com:8056/domino.zip?rnd=%25d
IP
119.3.72.22
ASN
#55990 Huawei Cloud Service data center

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
255 kB (255130 bytes)
Hash
310ce02756de06a2acec29f2ce76ec0f
c625e3335c933ad90185321522d82ff1c1215ee0
be878916aa0bfbdac7dbf96721d43d27f774cfb52c6e1cb70cc0dae1c30ce9e8

Archive (18)

Modified	Filename	Size	Md5	File type
2018-04-23 16:07	setting.json	319 B	49bf7e1f5d370fb9a04688ee8bf394fb	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2018-04-23 16:07	Domino.js	97 kB	0e96420b8f42f3fd06b425c77a3e4e79	JavaScript source, ASCII text, with very long lines (31999)
2018-04-23 16:07	bootstrap.js	8.7 kB	faee3e326b40d02a9fae91f2852af836	JavaScript source, ASCII text, with very long lines (8727), with no line terminators
2018-04-23 16:07	casper.js	50 kB	d296beb4640673ce611b2a28100e2d42	JavaScript source, ASCII text, with very long lines (31940)
2018-04-23 16:07	cli.js	2.0 kB	b3f5a51e56e47fc17564aed7b28cd15c	JavaScript source, ASCII text, with very long lines (2036), with no line terminators
2018-04-23 16:07	clientutils.js	17 kB	a1f2099205b4e253d3a2a5235f2c6ea5	JavaScript source, ASCII text, with very long lines (16730), with no line terminators
2018-04-23 16:07	colorizer.js	2.0 kB	d5d698ebbcc835af2faed6b8e00c6b86	JavaScript source, ASCII text, with very long lines (1951), with no line terminators
2018-04-23 16:07	events.js	5.1 kB	8ab3b36a23530d0d4ac6b20aac47d90f	JavaScript source, ASCII text, with very long lines (5138), with no line terminators
2018-04-23 16:07	http.js	518 B	77d3a09f0c720aeb3bc21edd39643c18	JavaScript source, ASCII text, with very long lines (518), with no line terminators
2018-04-23 16:07	mouse.js	4.8 kB	ce4010a704105f3494385ac664022e4c	JavaScript source, ASCII text, with very long lines (4828), with no line terminators
2018-04-23 16:07	pagestack.js	1.8 kB	89e96d1eb97c8990615200b6507c6911	JavaScript source, ASCII text, with very long lines (1753), with no line terminators
2018-04-23 16:07	querystring.js	2.8 kB	80dac7beabd981b42a3d290c09b8f494	JavaScript source, ASCII text, with very long lines (2817), with no line terminators
2018-04-23 16:07	tester.js	32 kB	7368328227eaa03e85cbd67555cad969	JavaScript source, ASCII text, with very long lines (31962)
2018-04-23 16:07	utils.js	10 kB	0363e2d81a1bc94f751a821601bd3f2e	JavaScript source, ASCII text, with very long lines (10335), with no line terminators
2018-04-23 16:07	xunit.js	3.6 kB	b09b33ab8e6e6b7fb625564f2d475173	JavaScript source, ASCII text, with very long lines (3639), with no line terminators
2018-04-23 16:07	package.json	73 B	005f6bb7878e706c12e4c7eaec83c319	JSON text data
2018-04-23 16:07	lib.js	493 kB	bad8e9d9c1cf89d908fe8c895a6293cf	JavaScript source, ASCII text, with very long lines (31984)
2018-04-23 16:07	jsver.txt	3 B	950a4152c2b4aa3ad78bdd6b366cc179	ASCII text, with no line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/57

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

server.duominuo.com:8056/domino.zip?rnd=%25d

119.3.72.22

200 OK

255 kB

URL User Request GET HTTP/1.1
server.duominuo.com:8056/domino.zip?rnd=%25d
IP
119.3.72.22:8056
ASN
#55990 Huawei Cloud Service data center

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
255 kB (255130 bytes)
Hash
310ce02756de06a2acec29f2ce76ec0f
c625e3335c933ad90185321522d82ff1c1215ee0
be878916aa0bfbdac7dbf96721d43d27f774cfb52c6e1cb70cc0dae1c30ce9e8

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/57

HTTP Headers

GET /domino.zip?rnd=%25d HTTP/1.1
Host: server.duominuo.com:8056
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 13:00:40 GMT
Content-Type: application/zip
Content-Length: 255130
Last-Modified: Mon, 23 Apr 2018 08:07:24 GMT
Connection: keep-alive
ETag: "5add943c-3e49a"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (18)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers