| r10.o.lencr.org/ |  23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hash6d997a3e4c838d12e34de2dd2d4208c3 386abb53e2df86f291b6a86765d9a6feb88ba30b 32e00abd54407308b80a14e2916a119d95d90b1e7842f8cf0e87df306287869c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32E00ABD54407308B80A14E2916A119D95D90B1E7842F8CF0E87DF306287869C"
Last-Modified: Thu, 20 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14285
Expires: Sun, 23 Jun 2024 06:16:04 GMT
Date: Sun, 23 Jun 2024 02:17:59 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hash31c219b3ac9b4615f1a78cd882995e6c 1bb1aedb59500ceabd4f44ae9b7317c544084afd 6e8de7454df9b981f3c2bd8746558f3eb5c48599c66fc0f5301169c0ed42c8fe
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6E8DE7454DF9B981F3C2BD8746558F3EB5C48599C66FC0F5301169C0ED42C8FE"
Last-Modified: Sat, 22 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3941
Expires: Sun, 23 Jun 2024 03:23:41 GMT
Date: Sun, 23 Jun 2024 02:18:00 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hashf0269d61bdfd971c035a90020cb9f629 06631fd5df5a9bd3b9673361601cc37a34e64f69 47b785dc0588f89f6a0bd23143e340c2fa04f194c59853f63e8b937964655373
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "47B785DC0588F89F6A0BD23143E340C2FA04F194C59853F63E8B937964655373"
Last-Modified: Sat, 22 Jun 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20021
Expires: Sun, 23 Jun 2024 07:51:41 GMT
Date: Sun, 23 Jun 2024 02:18:00 GMT
Connection: keep-alive
|
|
| ocsp.digicert.cn/ |  47.246.3.237 | | 471 B |
IP47.246.3.237:0 ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hashc2e387807a001e41fd544a800dfffe13 53682f7c2ea4e8326ccbc79cf92c19cde90212c1 2a83f74ba93d7ed658d304f0b3611feba9f3b96ea39aa5e8b3b252cda85ad9dd
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sun, 23 Jun 2024 02:18:01 GMT
Ali-Swift-Global-Savetime: 1719109081
Via: cache2.l2de2[521,521,200-0,M], cache2.l2de2[698,0], cache5.ru4[739,738,200-0,M], cache5.ru4[740,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 23 Jun 2024 02:18:01 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039917191090810706821e
|
|
| imtt.dd.qq.com/16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk |  119.167.147.66 | 302 Found | 0 B |
URL User Request GET HTTP/1.1imtt.dd.qq.com/16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk IP119.167.147.66:443 ASN#4837 CHINA UNICOM China169 Backbone
CertificateIssuerDigiCert Inc Subjectweixin.qq.com Fingerprint5E:8C:35:BB:53:7C:A7:CC:1E:E5:71:93:14:D8:A2:51:AC:75:D6:58 ValidityWed, 08 May 2024 00:00:00 GMT - Wed, 28 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk HTTP/1.1
Host: imtt.dd.qq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: ZTC
Date: Sun, 23 Jun 2024 02:18:01 GMT
Expires: Sun, 23 Jun 2024 02:18:01 GMT
Location: https://7c04866f535a6f5f790c44930b20dde6.dlied1.cdntips.net/imtt.dd.qq.com/16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk?mkey=6677a32c5b5a0c6f&f=9609&cip=91.90.42.154&proto=https
Content-Length: 0
X-NWS-LOG-UUID: 17090142264050375312
Connection: keep-alive
X-Cache-Lookup: Cache Miss
Cache-Control: max-age=31536000
Content-Disposition: attachment; filename=3D6AE95A7C99D3E05268F1A02C7AD779.apk
|
|
| r10.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hash6720792332fb717894b4e5221fdc3d86 f79b1d3611fb53cea950acb15000473ae7174149 67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18989
Expires: Sun, 23 Jun 2024 07:34:31 GMT
Date: Sun, 23 Jun 2024 02:18:02 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hash6720792332fb717894b4e5221fdc3d86 f79b1d3611fb53cea950acb15000473ae7174149 67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18989
Expires: Sun, 23 Jun 2024 07:34:31 GMT
Date: Sun, 23 Jun 2024 02:18:02 GMT
Connection: keep-alive
|
|
| ocsp.digicert.cn/ | 47.246.3.237 | | 471 B |
IP47.246.3.237:0 ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hash88b230ff55e88724938fa6fe5cfdeda0 bb8ce1f33dfd4e89d8d2286adb335a1df5ef5fbd 1ccd80c4ce42c6db8f23592602a6572ad925b9eab26038ad394966dfe96c0f17
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sun, 23 Jun 2024 02:18:03 GMT
Ali-Swift-Global-Savetime: 1719109083
Via: cache10.l2de2[639,639,200-0,M], cache10.l2de2[644,0], cache5.ru4[675,675,200-0,M], cache5.ru4[676,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 23 Jun 2024 02:18:03 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039917191090829568048e
|
|
| imtt.dd.qq.com/ | 119.188.181.28 | | 0 B |
IP119.188.181.28:0 ASN#4837 CHINA UNICOM China169 Backbone
CertificateIssuerDigiCert Inc Subjectweixin.qq.com Fingerprint5E:8C:35:BB:53:7C:A7:CC:1E:E5:71:93:14:D8:A2:51:AC:75:D6:58 ValidityWed, 08 May 2024 00:00:00 GMT - Wed, 28 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: imtt.dd.qq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: ZTC
Date: Sun, 23 Jun 2024 02:15:50 GMT
Expires: Sun, 23 Jun 2024 02:15:50 GMT
Location: http://43.152.14.43/imtt.dd.qq.com/?mkey=6677a3a25b5a0c6f&f=9947&cip=91.90.42.154&proto=http
Content-Length: 0
X-NWS-LOG-UUID: 2368072398065415886
Connection: keep-alive
X-Cache-Lookup: Cache Miss
Cache-Control: max-age=31536000
|
|
| 43.152.14.43/imtt.dd.qq.com/?mkey=6677a3a25b5a0c6f&f=9947&cip=91.90.42.154&proto=http |  43.152.14.43 | | 0 B |
URL 43.152.14.43/imtt.dd.qq.com/?mkey=6677a3a25b5a0c6f&f=9947&cip=91.90.42.154&proto=http IP43.152.14.43:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /imtt.dd.qq.com/?mkey=6677a3a25b5a0c6f&f=9947&cip=91.90.42.154&proto=http HTTP/1.1
Host: 43.152.14.43
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
Server: NWSs
Date: Sat, 22 Jun 2024 16:45:47 GMT
Content-Type: application/x-directory
Ip: 11.154.23.75
x-cos-storage-class: STANDARD_IA
x-cos-hash-crc64ecma: 0
Content-Disposition: attachment
x-cos-object-type: normal
Accept-Ranges: bytes
X-Cache-Lookup: Cache Hit, Hit From Inner Cluster, Cache Miss
Last-Modified: Tue, 18 Jul 2023 08:53:21 GMT
Content-Length: 0
X-NWS-LOG-UUID: 3360278917039244090
Connection: keep-alive
Cache-Control: max-age=31536000
|
|
| 7c04866f535a6f5f790c44930b20dde6.dlied1.cdntips.net/imtt.dd.qq.com/16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk?mkey=6677a32c5b5a0c6f&f=9609&cip=91.90.42.154&proto=https | 43.152.15.39 | 200 OK | 328 kB |
URL User Request GET HTTP/1.17c04866f535a6f5f790c44930b20dde6.dlied1.cdntips.net/imtt.dd.qq.com/16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk?mkey=6677a32c5b5a0c6f&f=9609&cip=91.90.42.154&proto=https IP43.152.15.39:443
CertificateIssuerDigiCert Inc Subjectdlied1.cdntips.net Fingerprint05:26:11:14:24:30:34:39:C5:22:A5:51:D6:75:A9:65:14:66:E8:78 ValidityTue, 18 Jul 2023 00:00:00 GMT - Tue, 13 Aug 2024 23:59:59 GMT
File typeAndroid package (APK), with AndroidManifest.xml Zip archive data, at least v0.0 to extract, compression method=deflate Size328 kB (327680 bytes) Hashd3ca758da48941ffb9b48730f7fa8f3a f340eb6b5851ea95d09ba57cf482ea4559f9b44d e0a258f17b74727d90bdaa51e8a837f3aef54e6e902c5d497505894046e132d6
GET /imtt.dd.qq.com/16891/apk/3D6AE95A7C99D3E05268F1A02C7AD779.apk?mkey=6677a32c5b5a0c6f&f=9609&cip=91.90.42.154&proto=https HTTP/1.1
Host: 7c04866f535a6f5f790c44930b20dde6.dlied1.cdntips.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Last-Modified: Sun, 14 Nov 2021 04:40:59 GMT
Etag: "dd52d898293556a856bb05274729211d407da808"
Server: NWSs
Date: Sun, 28 May 2023 07:01:19 GMT
Content-Type: application/vnd.android.package-archive
Ip: 0.0.0.0
x-cos-storage-class: STANDARD_IA
x-cos-hash-crc64ecma: 8567337391836827174
x-cos-object-type: normal
x-cos-cache: true
Content-Length: 39021522
Accept-Ranges: bytes
X-NWS-LOG-UUID: 626033378175787839
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Cache-Control: max-age=31536000
Content-Disposition: attachment; filename=3D6AE95A7C99D3E05268F1A02C7AD779.apk
|
|