Overview

URL img003.com/soft/guagua2010beta2setupgw_tg.exe
IP122.226.104.80
ASNAS4134 Chinanet
Location China
Report completed2019-01-18 15:11:17 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-18 2 img003.com/soft/guagua2010beta2setupgw_tg.exe Malware
2019-01-18 2 img001.com/guagua/GuaGua2010Beta2Setup1119_1050.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 122.226.104.80

Date UQ / IDS / BL URL IP
2019-03-19 08:30:39 +0100
0 - 0 - 3 img003.com/soft/qixi55/Qixi2010Setup1104_2003 (...) 122.226.104.80
2019-03-14 06:53:12 +0100
0 - 0 - 1 img006.com/guagua/GuaGua5.1.5Setup0820_3002.exe 122.226.104.80
2019-03-14 06:28:32 +0100
0 - 0 - 1 img006.com/gw/qixi2013Beta3.3Setup0130_1000.exe 122.226.104.80
2019-03-02 08:05:46 +0100
0 - 1 - 1 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-02-24 04:31:11 +0100
0 - 0 - 2 img003.com/re58/qixi_20090219042.exe 122.226.104.80
2019-02-23 16:01:04 +0100
0 - 1 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80
2019-02-17 10:56:44 +0100
0 - 0 - 2 img003.com/soft/coop/GuaGua2010Beta2Setup2010 (...) 122.226.104.80
2019-02-14 11:02:26 +0100
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.3_Simple_Setup (...) 122.226.104.80
2019-02-12 12:09:29 +0100
0 - 0 - 1 img006.com/gw/Qixi2013Beta3.5Setup1213_1000.exe 122.226.104.80
2019-02-12 11:34:00 +0100
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2019-03-21 19:22:46 +0100
0 - 0 - 1 hz1010.com/upfiles/soft/201304/ADSL.rar 183.129.178.147
2019-03-21 19:13:06 +0100
0 - 2 - 1 down04993391.cdnxiazai.com/cx/160624/16/flash (...) 59.47.232.75
2019-03-21 19:12:38 +0100
0 - 0 - 1 xz.198424.com/soft2/tftpd32.450.zip 140.249.38.224
2019-03-21 19:02:22 +0100
0 - 2 - 0 553052.top/tnb 222.186.180.44
2019-03-21 19:01:59 +0100
0 - 0 - 1 dx5.198174.com/qmsapp.apk 61.154.126.91
2019-03-21 18:54:55 +0100
0 - 0 - 1 3.g.pc6.com/sc/360_6802893/setup.apk 218.92.227.203
2019-03-21 18:52:54 +0100
0 - 1 - 1 6g.pc6.com/3262920885/pc/rrmvvip.exe 222.241.7.188
2019-03-21 18:52:46 +0100
0 - 0 - 1 down05010884.cdnxiazai.com/cx/160624/17/setup (...) 59.47.232.75
2019-03-21 18:45:26 +0100
0 - 0 - 2 jh.01lm.com/jht/Happy88_B005_32149.exe 221.235.187.9
2019-03-21 18:45:16 +0100
0 - 1 - 2 download.re58.cn/down/girlshow_22380800001.exe 183.146.208.21

Last 10 reports on domain: img003.com

Date UQ / IDS / BL URL IP
2019-03-19 08:30:39 +0100
0 - 0 - 3 img003.com/soft/qixi55/Qixi2010Setup1104_2003 (...) 122.226.104.80
2019-03-12 15:30:21 +0100
0 - 0 - 1 d.img003.com/re58/girlshow_22000030333.exe 61.155.140.250
2019-02-24 04:31:11 +0100
0 - 0 - 2 img003.com/re58/qixi_20090219042.exe 122.226.104.80
2019-02-22 06:30:48 +0100
0 - 1 - 1 d.img003.com/re58/kele_22380015000.exe 61.155.140.250
2019-02-20 11:35:44 +0100
0 - 0 - 1 d.img003.com/re58/pingguo_20090201957.exe 61.155.140.250
2019-02-20 11:34:44 +0100
0 - 0 - 1 d.img003.com/re58/pingguo_21100075487.exe 61.155.140.250
2019-02-20 11:34:42 +0100
0 - 0 - 1 d.img003.com/re58/kele_22091502621.exe 61.155.140.250
2019-02-17 10:56:44 +0100
0 - 0 - 2 img003.com/soft/coop/GuaGua2010Beta2Setup2010 (...) 122.226.104.80
2019-02-09 18:32:24 +0100
0 - 0 - 1 d.img003.com/re58/girl_20300028293.exe 61.155.140.250
2019-02-09 16:00:54 +0100
0 - 0 - 1 d.img003.com/re58/girl_20300028293.exe 61.155.140.250


JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (9)


Request Response
                                        
                                            GET /soft/guagua2010beta2setupgw_tg.exe HTTP/1.1 
Host: img003.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         122.226.104.80
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 18 Jan 2019 15:15:55 GMT
Content-Length: 154
Connection: keep-alive
Location: http://img001.com/guagua/GuaGua2010Beta2Setup1119_1050.exe


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /guagua/GuaGua2010Beta2Setup1119_1050.exe HTTP/1.1 
Host: img001.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         58.51.152.48
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: DnionOS/1.11.2.4_6
Date: Fri, 18 Jan 2019 14:10:42 GMT
Content-Length: 154
Connection: keep-alive
Location: http://www.guagua.cn
Age: 0
Via: http/1.1 CMC-CT-CNC-SDJN-P-118-89 (DLC-6.1.12), http/1.1 CT-HBXG-C-152-48 (DLC-6.1.12)
HitType: TCP_MISS
Server-Info: DnionATS


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Server: nginx
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: no-cache
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Transfer-Encoding: chunked
Content-Encoding: gzip
X-NWS-UUID-VERIFY: 92662033b8ea2b38108aabcc7301ddf8
Vary: Accept-Encoding
Etag: W/"5c388e11-ab4"
X-Daa-Tunnel: hop_count=5
X-NWS-LOG-UUID: 15882778995035837103 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Upstream, Hit From Upstream, Hit From Inner Cluster, Hit From Upstream, Hit From Inner Cluster


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1189
Md5:    39058465237699ae3ce4d28c0405090e
Sha1:   80ce2cc41a3f9461f29b47e618566acb1fd14aa6
Sha256: 0666b715de0809b057b419882c37f9ac8d906df4f5064ef196c7b2da8f7b9cee
                                        
                                            GET /jquery-1.7.2.min.js HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=gbk
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 33692
Content-Encoding: gzip
X-NWS-LOG-UUID: 6166474450043806578 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3 Gz, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33692
Md5:    d083088cd7374667da1eef37398e2340
Sha1:   e032b787c67f8f1340981d05ce64ff84ae8b12e9
Sha256: 42261416ca4125eff6564fcf0178408490cbf0e69b068d47086ac08f91c903f3
                                        
                                            GET /images/app-qrcode.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 8306
X-NWS-LOG-UUID: 8475192754892498828 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 250 x 250, 8-bit/color RGBA, non-interlaced
Size:   8306
Md5:    723db425cb14b0dec208b3d8e2090c78
Sha1:   3eeae386c17882cb15e0ad76400a65fac9b216de
Sha256: d46f5992cdde095bfa46f96c3d8119ded84b5e8fa9383f95648e03034cb617ec
                                        
                                            GET /images/btn-app-handle.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 27660
X-NWS-LOG-UUID: 9971477086506259797 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 230 x 360, 8-bit colormap, non-interlaced
Size:   27660
Md5:    c7521425fd073ea5001d719ff743a5b4
Sha1:   fc4f299ee6b68f9a22570a37ce512614bd34235b
Sha256: 6cf8da7c80d2b0a21961ccc0beec998a671b431c42fa5d682eb1475d47023d8f
                                        
                                            GET /images/bg-down-app.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 378088
X-NWS-LOG-UUID: 3383088274668038678 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 1920 x 1024, 8-bit colormap, non-interlaced
Size:   378088
Md5:    8749270ba05a009985d8af94e25f8b9f
Sha1:   5aa6fd5e57c8b900fcfea636bea40504db21d966
Sha256: 7fc8cc3b56cc9db35fd1a92dddbdd5f8bc113434d30b71e1d1443ef32250c54f
                                        
                                            GET /images/guaguahome.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:47 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:47 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 5238
X-NWS-LOG-UUID: 11664401739326107661 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   5238
Md5:    f201efd7439c9732c20d1e6d25d66109
Sha1:   fecfd69cd788a23288da3d19bb7489cac8b35ca2
Sha256: 0a3b8df2ab0b3f093971b90b60185ab1a44c38c61c60dfeef4561b800c290051
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:47 GMT
Cache-Control: max-age=600
Expires: Fri, 18 Jan 2019 14:20:47 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 1150
X-NWS-LOG-UUID: 1079343136573523456 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    909f37ba591b1e562629a5a962d8e7a8
Sha1:   0679aa5307d078f9ecd808073d19fa21acbc980c
Sha256: 65b544f968c8b2538d54d2cfb5793f0b4495402ff0c9d1f2502df26fe9c7030b