Report - pdds.quark.cn/download/stfile/nntotpppunornppuc/vturbo2-armeabi-v7a-1022.zip

Report Overview

Visited public
2025-02-20 05:41:42
Tags
URL
pdds.quark.cn/download/stfile/nntotpppunornppuc/vturbo2-armeabi-v7a-1022.zip
Finishing URL
about:privatebrowsing
IP / ASN
59.82.23.111
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

4

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pdds.quark.cn	unknown	2012-06-18	2023-04-27	2025-02-17	542 B	789 B	203.119.238.243
pdds-cdn.quark.cn	unknown	2012-06-18	2023-03-07	2025-02-17	659 B	326 kB	138.113.181.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-20 05:41:18	medium	Client IP	221.233.181.3	ET INFO HTTP Connection To DDNS Domain Myvnc.com
2025-02-20 05:41:18	medium	Client IP	221.233.181.3	ETPRO HUNTING EXE Request to NOIP DynDNS Domain
2025-02-20 05:41:36	medium	Client IP	221.233.181.3	ET INFO HTTP Connection To DDNS Domain Myvnc.com
2025-02-20 05:41:36	medium	Client IP	221.233.181.3	ETPRO HUNTING EXE Request to NOIP DynDNS Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pdds-cdn.quark.cn/27-4/stfile/2302/86f2e16160b698cffb448e39d21c1ea0/vturbo2-armeabi-v7a-1022.zip?auth_key=1740634873-0-0-32745dba9bbf8632872b56933beb3073&SESSID=64e9606dc4bc1eba12da988051aee5de
IP
138.113.181.2
ASN
#54994 ML-1432-54994

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
325 kB (325278 bytes)
Hash
86f2e16160b698cffb448e39d21c1ea0
a24cac11ebe15993b213499d0c02dc1a0c1bac84
ae42691c2d634b8f57b1a2b73178d2b2bf7a35eabc6241a9a1741255849db75d

Archive (2)

Modified	Filename	Size	Md5	File type
2023-02-22 15:50	libvturbo2.so	764 kB	a22611749d813b0dc32fa5b55aad9213	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2023-02-22 15:50	._libvturbo2.so	768 B	491f65ff7ed9a3f8c251bab0476584c3	AppleDouble encoded Macintosh file

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	pdds.quark.cn/download/stfile/nntotpppunornppuc/vturbo2-armeabi-v7a-1022.zip	203.119.238.243	302 Found	0 B
URL User Request GET HTTP/2 pdds.quark.cn/download/stfile/nntotpppunornppuc/vturbo2-armeabi-v7a-1022.zip IP 203.119.238.243:443 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Certificate IssuerGlobalSign nv-sa Subject.alibaba.com FingerprintDD:7F:4F:EB:01:41:A8:02:59:C5:4B:CD:12:26:60:E8:9D:C1:04:8E ValidityWed, 13 Mar 2024 08:47:05 GMT - Mon, 14 Apr 2025 08:41:13 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /download/stfile/nntotpppunornppuc/vturbo2-armeabi-v7a-1022.zip HTTP/1.1 Host: pdds.quark.cn User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Thu, 20 Feb 2025 05:41:13 GMT content-length: 0 location: https://pdds-cdn.quark.cn/27-4/stfile/2302/86f2e16160b698cffb448e39d21c1ea0/vturbo2-armeabi-v7a-1022.zip?auth_key=1740634873-0-0-32745dba9bbf8632872b56933beb3073&SESSID=64e9606dc4bc1eba12da988051aee5de server: Tengine x-application-context: pdds:9019 set-cookie: downloadid=64e9606dc4bc1eba12da988051aee5de; Max-Age=1800; Expires=Thu, 20-Feb-2025 06:11:13 GMT x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 x-frame-options: DENY strict-transport-security: max-age=31536000 ; includeSubDomains eagleeye-traceid: 212ce9bf17400300739483113ef612 timing-allow-origin: X-Firefox-Spdy: h2

	pdds-cdn.quark.cn/27-4/stfile/2302/86f2e16160b698cffb448e39d21c1ea0/vturbo2-armeabi-v7a-1022.zip?auth_key=1740634873-0-0-32745dba9bbf8632872b56933beb3073&SESSID=64e9606dc4bc1eba12da988051aee5de	138.113.181.2	200 OK	325 kB
URL User Request GET HTTP/2 pdds-cdn.quark.cn/27-4/stfile/2302/86f2e16160b698cffb448e39d21c1ea0/vturbo2-armeabi-v7a-1022.zip?auth_key=1740634873-0-0-32745dba9bbf8632872b56933beb3073&SESSID=64e9606dc4bc1eba12da988051aee5de IP 138.113.181.2:443 ASN #54994 ML-1432-54994 Certificate IssuerGlobalSign nv-sa Subjectpdds-cdn.quark.cn Fingerprint35:31:5A:7D:83:7E:0C:93:64:56:AF:B6:98:39:31:20:46:D0:B4:A0 ValidityMon, 25 Mar 2024 07:56:08 GMT - Sat, 26 Apr 2025 07:56:07 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 325 kB (325278 bytes) Hash 86f2e16160b698cffb448e39d21c1ea0 a24cac11ebe15993b213499d0c02dc1a0c1bac84 ae42691c2d634b8f57b1a2b73178d2b2bf7a35eabc6241a9a1741255849db75d HTTP Headers GET /27-4/stfile/2302/86f2e16160b698cffb448e39d21c1ea0/vturbo2-armeabi-v7a-1022.zip?auth_key=1740634873-0-0-32745dba9bbf8632872b56933beb3073&SESSID=64e9606dc4bc1eba12da988051aee5de HTTP/1.1 Host: pdds-cdn.quark.cn User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 20 Feb 2025 05:41:14 GMT content-type: application/zip content-length: 325278 server: Tengine x-oss-request-id: 664EDE56017E5539305AF72C x-oss-cdn-auth: success accept-ranges: bytes x-oss-object-type: Multipart x-oss-storage-class: Standard x-oss-server-time: 69 ali-swift-global-savetime: 1716444758 via: cache66.l2cn3147[0,0,304-0,H], cache62.l2cn3147[0,0], cache62.l2cn3147[1,0], cache13.cn6977[0,0,206-0,H], cache18.cn6977[1,0] etag: "B19F70692BD386ECDC6A30AF479BABEC-1" last-modified: Wed, 22 Feb 2023 07:55:12 GMT x-oss-hash-crc64ecma: 15060245498270354154 x-swift-savetime: Thu, 23 May 2024 06:13:37 GMT x-swift-cachetime: 3600 timing-allow-origin: * eagleid: 77bc5ba617164454684075442e x-via: 1.1 PS-000-01Xcd184:6 (Cdn Cache Server V2.0), 1.1 PS-FOC-01UsZ67:5 (Cdn Cache Server V2.0), 0.0 PS-ARN-046HI117:0 (Cdn Cache Server V2.0) age: 145334 x-ws-request-id: 67b6c07a_PS-ARN-046HI117_33774-27887 X-Firefox-Spdy: h2