Report - dydl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www

Report Overview

Visited public
2024-06-29 03:47:47
Tags
URL
dydl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www
Finishing URL
about:privatebrowsing
IP / ASN
47.89.251.144
#45102 Alibaba US Technology Co., Ltd.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-27 18:12:05	2.0 kB	5.3 kB	23.36.76.226
dydl.duoyi.com	unknown	2003-12-07	2017-06-19 13:12:51	2017-07-06 00:27:18	517 B	400 B	47.89.251.144
status.rapidssl.com	6946	2002-04-05	2018-06-15 22:49:00	2024-06-27 19:13:18	331 B	735 B	192.229.221.95
sdl.duoyi.com	unknown	2003-12-07	2015-03-04 07:22:56	2023-09-10 06:28:38	518 B	787 kB	157.185.128.118

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-06-29	medium	sdl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www	Detects win.gauss.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
sdl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www
IP
157.185.128.118
ASN
#54994 ML-1432-54994

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
786 kB (786432 bytes)
Hash
d53ce3a3c5751be5fcf351a2f645686a
3b44cb4eb459710af08e9a653ec1196ef40e7e16
362cf89d09f449815306f1f9bc684b1d514db7ce9c326a30d8ab87e9957ab1cb

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.gauss.

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
11d12f1fba8aca9d9418e9d8dc4952bf
815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449
97f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15506
Expires: Sat, 29 Jun 2024 08:05:48 GMT
Date: Sat, 29 Jun 2024 03:47:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
116ef0f15d988075de9127b4d85aeeac
cd431538d40d2097891757fd0ca8c06b576051e9
7dd2781a8624ca9b8c54539a3c46c44cdd86477de3078e4dab624bfc7ce5b7ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7DD2781A8624CA9B8C54539A3C46C44CDD86477DE3078E4DAB624BFC7CE5B7AE"
Last-Modified: Thu, 27 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5099
Expires: Sat, 29 Jun 2024 05:12:21 GMT
Date: Sat, 29 Jun 2024 03:47:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
dbfa299a842ee43ec1a3fb8290fcda40
71bcd7b76e849c623cac83d913b31caafdb45344
f7914dbab79ce77341e0c1fe4a9e3defb687942fcd4b17c20ce7c19b315f39df

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F7914DBAB79CE77341E0C1FE4A9E3DEFB687942FCD4B17C20CE7C19B315F39DF"
Last-Modified: Thu, 27 Jun 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5789
Expires: Sat, 29 Jun 2024 05:23:51 GMT
Date: Sat, 29 Jun 2024 03:47:22 GMT
Connection: keep-alive

dydl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www

47.89.251.144

301 Moved Permanently

166 B

URL User Request GET HTTP/2
dydl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www
IP
47.89.251.144:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Certificate
IssuerDigiCert, Inc.
Subject*.duoyi.com
Fingerprint4C:6C:AF:E0:8D:CD:56:34:03:FC:82:A2:1C:D6:FA:1B:0C:66:E3:CB
ValidityTue, 12 Sep 2023 00:00:00 GMT - Wed, 11 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
166 B (166 bytes)
Hash
3ea1c8d079b38532a6e01a96216ba5e2
598d3ff91d3e252f1e13df8cf0348b270ff2da3f
87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691

HTTP Headers

GET /zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www HTTP/1.1
Host: dydl.duoyi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: openresty
date: Sat, 29 Jun 2024 03:47:24 GMT
content-type: text/html
content-length: 166
location: https://sdl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8737
Expires: Sat, 29 Jun 2024 06:13:01 GMT
Date: Sat, 29 Jun 2024 03:47:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8737
Expires: Sat, 29 Jun 2024 06:13:01 GMT
Date: Sat, 29 Jun 2024 03:47:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8737
Expires: Sat, 29 Jun 2024 06:13:01 GMT
Date: Sat, 29 Jun 2024 03:47:24 GMT
Connection: keep-alive

status.rapidssl.com/

192.229.221.95

471 B

URL
status.rapidssl.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
50fb80b425e2982861b44a9dd6a93ad5
2ab4c24127fa0931384a90850cb419ed65002ee6
b784a97f7f4a4f1fe9f2a43fc988436d01944a439dcdff8c20afcec4132f7d1d

HTTP Headers

POST / HTTP/1.1
Host: status.rapidssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5712
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 03:47:24 GMT
Last-Modified: Sat, 29 Jun 2024 02:12:12 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

sdl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www

157.185.128.118

200 OK

786 kB

URL User Request GET HTTP/1.1
sdl.duoyi.com/zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www
IP
157.185.128.118:443
ASN
#54994 ML-1432-54994

Certificate
IssuerDigiCert Inc
Subjectsdl.duoyi.com
Fingerprint78:0E:F2:6C:E6:32:CA:BD:9B:29:1D:E5:04:1A:97:1E:A9:AE:1C:6B
ValidityMon, 29 Jan 2024 00:00:00 GMT - Mon, 03 Feb 2025 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
786 kB (786432 bytes)
Hash
d53ce3a3c5751be5fcf351a2f645686a
3b44cb4eb459710af08e9a653ec1196ef40e7e16
362cf89d09f449815306f1f9bc684b1d514db7ce9c326a30d8ab87e9957ab1cb

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.gauss.

HTTP Headers

GET /zm/win_pc/miniinstall/mini18/SeyxSetup.exe?f=www HTTP/1.1
Host: sdl.duoyi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Jun 2024 03:47:25 GMT
Content-Type: application/octet-stream
Content-Length: 2700400
Connection: keep-alive
Server: openresty
Last-Modified: Wed, 09 Mar 2022 06:12:57 GMT
ETag: "62284569-293470"
Accept-Ranges: bytes, bytes
Age: 12
X-Px: ms PS-CDG-04SSF110none, ms PSygldLON4gd24none, ht PS-WEF-01rOf148none
x-via: 1.1 PS-WEF-01rOf148:5 (Cdn Cache Server V2.0), 1.1 PSygldLON4gd24:1 (Cdn Cache Server V2.0), 1.1 PS-CDG-04SSF110:15 (Cdn Cache Server V2.0)
x-ws-request-id: 667f83cc_PS-CDG-04SSF110_72359-50668
X-Cache: MISS from cache.51cdn.com

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1