Report - applabclick.com/apk?app_property=2789476340&notix_app_id=1004c853f62542d695db9862ffce4bd&notix_token=d031e81ea84f4b7d90ed74d8c2689211&request_var=5961746&user_subid=754508478990782469&request_var_2=&b_zone_id=5530803&i_zone_id=5424883&browser=chrome&os_version_hint={osversionhint}&fsp_zone_id=5896145&os_version=android7&aop_zone_id=6376101&land_state=before_render&land_id=1IF1GCufNzwDd7g&land_generation_time=2023-12-01_12:39:18&land_error_code=&ruid={ruid}&mgeo=US&oaid=1fd072d298884a59877429ccd621c3e9&land_type=rd&land_purchase

Report Overview

Visited public
2023-12-01 17:40:24
Tags
URL
applabclick.com/apk?app_property=2789476340&notix_app_id=1004c853f62542d695db9862ffce4bd&notix_token=d031e81ea84f4b7d90ed74d8c2689211&request_var=5961746&user_subid=754508478990782469&request_var_2=&b_zone_id=5530803&i_zone_id=5424883&browser=chrome&os_version_hint={osversionhint}&fsp_zone_id=5896145&os_version=android7&aop_zone_id=6376101&land_state=before_render&land_id=1IF1GCufNzwDd7g&land_generation_time=2023-12-01_12:39:18&land_error_code=&ruid={ruid}&mgeo=US&oaid=1fd072d298884a59877429ccd621c3e9&land_type=rd&land_purchase_method=apk
Finishing URL
about:privatebrowsing
IP / ASN
139.45.197.208
#9002 RETN Limited
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09 21:05:29	2023-12-01 05:09:46	348 B	1.2 kB	172.64.149.23
applabclick.com	unknown	2023-07-03	2023-08-06 14:36:57	2023-11-30 05:11:46	1.0 kB	6.5 MB	139.45.197.208

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 17:40:10	low	139.45.197.208	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	applabclick.com	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
applabclick.com/apk?app_property=2789476340&notix_app_id=1004c853f62542d695db9862ffce4bd&notix_token=d031e81ea84f4b7d90ed74d8c2689211&request_var=5961746&user_subid=754508478990782469&request_var_2=&b_zone_id=5530803&i_zone_id=5424883&browser=chrome&os_version_hint={osversionhint}&fsp_zone_id=5896145&os_version=android7&aop_zone_id=6376101&land_state=before_render&land_id=1IF1GCufNzwDd7g&land_generation_time=2023-12-01_12:39:18&land_error_code=&ruid={ruid}&mgeo=US&oaid=1fd072d298884a59877429ccd621c3e9&land_type=rd&land_purchase_method=apk
IP
139.45.197.208
ASN
#9002 RETN Limited

File type
Zip archive data, at least v2.0 to extract, compression method=store\012- data
Size
6.5 MB (6546632 bytes)
Hash
5ac0dd63e92ced6e9828bbeb15e2d8d3
89ac733a5a4e0394d271165b1a6c2c9a5540df70
2b50f0fb3d2f13f5c156435e43d8bdb88f031d8216c3f128606b750f46f10212

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

zerossl.ocsp.sectigo.com/

172.64.149.23

727 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
9d858d969541688ed87387f044f80cd5
ba3375ad5a2bc12a687e11fe0d1f7a641cc9f00f
5b4ce2df345ef8fe433df89d47834e94f14a0165814f657200c86d6f637c9dfc

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 17:40:05 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Thu, 30 Nov 2023 21:03:56 GMT
Expires: Thu, 07 Dec 2023 21:03:55 GMT
Etag: "ba3375ad5a2bc12a687e11fe0d1f7a641cc9f00f"
Cache-Control: max-age=530029,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82ed1d0048cbb524-OSL

applabclick.com/apk?app_property=2789476340&notix_app_id=1004c853f62542d695db9862ffce4bd&notix_token=d031e81ea84f4b7d90ed74d8c2689211&request_var=5961746&user_subid=754508478990782469&request_var_2=&b_zone_id=5530803&i_zone_id=5424883&browser=chrome&os_version_hint={osversionhint}&fsp_zone_id=5896145&os_version=android7&aop_zone_id=6376101&land_state=before_render&land_id=1IF1GCufNzwDd7g&land_generation_time=2023-12-01_12:39:18&land_error_code=&ruid={ruid}&mgeo=US&oaid=1fd072d298884a59877429ccd621c3e9&land_type=rd&land_purchase_method=apk

139.45.197.208

200 OK

6.5 MB

URL User Request GET HTTP/1.1
applabclick.com/apk?app_property=2789476340&notix_app_id=1004c853f62542d695db9862ffce4bd&notix_token=d031e81ea84f4b7d90ed74d8c2689211&request_var=5961746&user_subid=754508478990782469&request_var_2=&b_zone_id=5530803&i_zone_id=5424883&browser=chrome&os_version_hint={osversionhint}&fsp_zone_id=5896145&os_version=android7&aop_zone_id=6376101&land_state=before_render&land_id=1IF1GCufNzwDd7g&land_generation_time=2023-12-01_12:39:18&land_error_code=&ruid={ruid}&mgeo=US&oaid=1fd072d298884a59877429ccd621c3e9&land_type=rd&land_purchase_method=apk
IP
139.45.197.208:443
ASN
#9002 RETN Limited

Certificate
IssuerZeroSSL
Subjectapplabclick.com
Fingerprint72:45:B3:B4:3F:DA:F9:6D:B4:23:16:F9:4F:0D:FA:E8:89:CC:0B:4F
ValidityMon, 02 Oct 2023 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store\012- data
Size
6.5 MB (6546632 bytes)
Hash
5ac0dd63e92ced6e9828bbeb15e2d8d3
89ac733a5a4e0394d271165b1a6c2c9a5540df70
2b50f0fb3d2f13f5c156435e43d8bdb88f031d8216c3f128606b750f46f10212

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apk?app_property=2789476340&notix_app_id=1004c853f62542d695db9862ffce4bd&notix_token=d031e81ea84f4b7d90ed74d8c2689211&request_var=5961746&user_subid=754508478990782469&request_var_2=&b_zone_id=5530803&i_zone_id=5424883&browser=chrome&os_version_hint={osversionhint}&fsp_zone_id=5896145&os_version=android7&aop_zone_id=6376101&land_state=before_render&land_id=1IF1GCufNzwDd7g&land_generation_time=2023-12-01_12:39:18&land_error_code=&ruid={ruid}&mgeo=US&oaid=1fd072d298884a59877429ccd621c3e9&land_type=rd&land_purchase_method=apk HTTP/1.1
Host: applabclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:40:05 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 6546632
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Content-Disposition: attachment; filename="QRreader.apk"
Timing-Allow-Origin: *, *

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers