Report - azw.downkuai.com/azwfile/app/pxw

Report Overview

Visited public
2023-09-17 02:53:56
Tags
Submit Tags
URL
azw.downkuai.com/azwfile/app/pxw_165915.apk
Finishing URL
about:privatebrowsing
IP / ASN
113.219.238.120
#63835 No.293,Wanbao Avenue
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10 09:18:30	2023-09-16 19:14:57	672 B	3.0 kB	117.27.246.96
azw.downkuai.com	unknown	2013-10-17	2023-05-22 05:28:53	2023-09-10 04:32:45	768 B	5.4 MB	113.219.238.120

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

ocsp.trust-provider.cn/

117.27.246.96

600 B

URL
ocsp.trust-provider.cn/
IP
117.27.246.96:0
ASN
#133774 Fuzhou

File type
data
Size
600 B (600 bytes)
Hash
2887a9c01dd976ed780b26e5602c4d76
6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e
dcc1704f28ed81a586e4392ed19caba3abac9fc77b0de739b6beaff5ee33e16a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Date: Sun, 17 Sep 2023 02:53:38 GMT
Accept-Ranges: bytes
Age: 1
CF-Cache-Status: EXPIRED
CF-RAY: 80728652bffc096a-HKG
ETag: "6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e"
Expires: Fri, 22 Sep 2023 16:57:27 GMT
Last-Modified: Fri, 15 Sep 2023 16:57:28 GMT
WS-Cache-Status: 0
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
X-Via: 1.1 PSxgHKG8vw115:7 (Cdn Cache Server V2.0), 1.1 CS-000-01VaE187:2 (Cdn Cache Server V2.0), 1.1 PS-JJN-01pX761:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 65066a32_PS-JJN-01B7x62_15826-18578
via: n172-013-215.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 169491921814c824aac6b7dc75b7c77c517967847b
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=10, edge;dur=0

ocsp.trust-provider.cn/

117.27.246.96

600 B

URL
ocsp.trust-provider.cn/
IP
117.27.246.96:0
ASN
#133774 Fuzhou

File type
data
Size
600 B (600 bytes)
Hash
2887a9c01dd976ed780b26e5602c4d76
6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e
dcc1704f28ed81a586e4392ed19caba3abac9fc77b0de739b6beaff5ee33e16a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Date: Sun, 17 Sep 2023 02:53:38 GMT
Accept-Ranges: bytes
CF-Cache-Status: EXPIRED
CF-RAY: 80728652bffc096a-HKG
ETag: "6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e"
Expires: Fri, 22 Sep 2023 16:57:27 GMT
Last-Modified: Fri, 15 Sep 2023 16:57:28 GMT
WS-Cache-Status: 0
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
X-Via: 1.1 PSxgHKG8vw115:7 (Cdn Cache Server V2.0), 1.1 CS-000-01VaE187:2 (Cdn Cache Server V2.0), 1.1 PS-JJN-01pX761:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 65066a32_PS-JJN-01B7x62_15760-61533
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1694919218c86f8449be709de140d364a19cb877e2
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=9, edge;dur=0

azw.downkuai.com/

113.219.238.120

315 B

URL
azw.downkuai.com/
IP
113.219.238.120:0
ASN
#63835 No.293,Wanbao Avenue

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
315 B (315 bytes)
Hash
67932d4b695e1d6b19dfc2e3610761ff
a66898b36c94c53766e66c1a7aaeb149447ec083
ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0

HTTP Headers

GET / HTTP/1.1
Host: azw.downkuai.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 17 Sep 2023 02:53:05 GMT
Connection: close
Content-Length: 315

GET azw.downkuai.com/azwfile/app/pxw_165915.apk

113.219.238.120

200 OK

5.4 MB

URL User Request GET HTTP/1.1
azw.downkuai.com/azwfile/app/pxw_165915.apk
IP
113.219.238.120:443
ASN
#63835 No.293,Wanbao Avenue

Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.downkuai.com
FingerprintFC:A7:9C:F3:4D:56:13:21:04:85:CE:A8:BF:4C:CB:02:89:D1:36:2F
ValidityThu, 01 Dec 2022 00:00:00 GMT - Sat, 02 Dec 2023 23:59:59 GMT

File type
Zip archive data, at least v0.0 to extract, compression method=deflate\012- data
Size
5.4 MB (5355802 bytes)
Hash
ef61f078fb1dc995259f398c0dfd63cd
7fee26ef7f3b97f7f63237f1e6d15f50c9a3d582
c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 8/66

HTTP Headers

GET /azwfile/app/pxw_165915.apk HTTP/1.1
Host: azw.downkuai.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/vnd.android.package-archive
Last-Modified: Thu, 07 Sep 2023 10:40:10 GMT
Accept-Ranges: bytes
ETag: "0a1c3ac77e1d91:0"
Server: Microsoft-IIS/8.5
Date: Sun, 17 Sep 2023 02:53:05 GMT
Content-Length: 5355802

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers