Report - download.pplive.com/PPTV(pplive)

Report Overview

Visitedpublic

2024-02-25 10:42:39

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.global.sheca.com	unknown	1998-12-25	2022-06-20 14:45:50	2024-02-24 12:16:32	340 B	2.2 kB	163.181.131.228
download.pplive.com	unknown	2004-12-13	2012-05-20 22:18:23	2024-02-24 10:50:05	415 B	401 B	58.215.136.250
ossapp.suning.com	unknown	1997-12-18	2020-11-21 05:15:17	2024-02-24 10:50:08	506 B	10 MB	111.177.9.196

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd318.exe

IP / ASN

111.177.9.196

#136192 Xiangyang, Hubei Province, P.R.China.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

Size10 MB (10094728 bytes)

MD56dc678b471d68402e9b6666629269f5f

SHA191fe4d2eacd3703034c2b12c28ec5f8677433376

SHA256f4091367b4cd431af2d589320bdf1d8df2b379688f7798394e8706a08b34e8e8

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 6/71

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.global.sheca.com/ovscag5

163.181.131.228

1.5 kB

URL HTTP

ocsp.global.sheca.com/ovscag5

IP / ASN

163.181.131.228

#24429 Zhejiang Taobao Network Co.,Ltd

Requested byN/A

Resource Info

File typedata

First Seen2024-02-25

Last Seen2024-08-20

Times Seen2

Size1.5 kB (1492 bytes)

MD5537f226f86f885c39735efcd189b859b

SHA151dd46069a5d0b2f76c28b50e67146d29d6b17bc

SHA256a2bb1f4a58c7a465b6abfb6112ac2f4c229e9b8031fb94672500fdbea8ca7457

HTTP Headers

POST /ovscag5 HTTP/1.1
Host: ocsp.global.sheca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 1492
Connection: keep-alive
Date: Sun, 25 Feb 2024 10:42:14 GMT
Cache-Control: max-age=86400, public, no-transform, must-revalidate
Etag: "0537f226f86f885c39735efcd189b859b"
Expires: Thu, 29 Feb 2024 14:33:27 GMT
Last-Modified: Sat, 24 Feb 2024 14:33:27 GMT
Ali-Swift-Global-Savetime: 1708857734
Via: cache14.l2de2[406,406,200-0,M], cache4.l2de2[409,0], ens-cache5.de7[415,414,200-0,M], ens-cache5.de7[416,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 25 Feb 2024 10:42:14 GMT
X-Swift-CacheTime: 86400
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Timing-Allow-Origin: *
EagleId: a3b5839917088577341928157e

GET download.pplive.com/PPTV(pplive)_forqd318.exe

58.215.136.250

301 Moved Permanently

177 B

URL User Request GET HTTP

download.pplive.com/PPTV(pplive)_forqd318.exe

IP / ASN

58.215.136.250

#138950 Jiangsu Wuxi International IDC network

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-18

Last Seen2025-03-01

Times Seen2698

Size177 B (177 bytes)

MD5f54c7e6bb75767aca5ccf89f57a211cc

SHA1727eb27cf24bd0f5d8deee8380fa3abdb5fbc255

SHA256f2ad1fe4f548a607486b947a480cfe17aca8e499b0668a5350e36f2e7ca24dc9

HTTP Headers

GET /PPTV(pplive)_forqd318.exe HTTP/1.1
Host: download.pplive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: styx
Date: Sun, 25 Feb 2024 10:42:15 GMT
Content-Type: text/html
Content-Length: 177
Connection: keep-alive
Location: http://ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd318.exe

GET ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd318.exe

111.177.9.196

200 OK

10 MB

URL User Request GET HTTPS

ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd318.exe

IP / ASN

111.177.9.196

#136192 Xiangyang, Hubei Province, P.R.China.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

First Seen2023-06-20

Last Seen2025-05-15

Times Seen75

Size10 MB (10094728 bytes)

MD56dc678b471d68402e9b6666629269f5f

SHA191fe4d2eacd3703034c2b12c28ec5f8677433376

SHA256f4091367b4cd431af2d589320bdf1d8df2b379688f7798394e8706a08b34e8e8

Certificate Info

IssuerGlobalSign nv-sa

Subject*.suning.com

Fingerprint4D:0F:13:53:12:F8:24:79:39:A8:1D:C4:12:71:03:D6:6E:C5:7F:CC

ValidityWed, 12 Jul 2023 01:18:26 GMT - Mon, 12 Aug 2024 01:18:25 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 6/71

HTTP Headers

GET /pcoss/dl/PPTV(pplive)_forqd318.exe HTTP/1.1
Host: ossapp.suning.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Byte-nginx
Content-Type: application/octet-stream
Content-Length: 10094728
Connection: keep-alive
Accept-Ranges: bytes
Age: 2875227
Cache-Control: max-age=7776000
Content-Disposition: filename="PPTV(pplive)_forqd318.exe";filename*=UTF-8''PPTV(pplive)_forqd318.exe
Etag: c5bb6a2e
Last-Modified: Fri, 15 Jan 2021 03:32:48 GMT
Requestid: MTAuMTA4LjQ2LjE0Mzo6ODg4OHwxNzA1OTgyNTEzfDQ5NzE3MDk1NQ==
Strict-Transport-Security: max-age=300
X-Bdcdn-Cache-Status: TCP_HIT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: b4ec9238b5534436d4a70bbaeef15732
X-Request-Ip: 91.90.42.154
X-Response-Cache: edge_hit
X-Response-Cinfo: 91.90.42.154
X-Sdoss-Expiration: 
X-Sdoss-Request-Id: MTAuMTA4LjQ2LjE0Mzo6ODg4OHwxNzA1OTgyNTEzfDQ5NzE3MDk1NQ==
X-Tt-Trace-Tag: id=5
X-Xss-Protection: 1; mode=block
Date: Sun, 25 Feb 2024 10:42:20 GMT
via: cache08.xyct