Overview

URL img003.com/soft/guagua2010beta2setupgw_tg.exe
IP122.226.104.80
ASNAS4134 Chinanet
Location China
Report completed2019-01-18 15:11:17 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-18 2 img003.com/soft/guagua2010beta2setupgw_tg.exe Malware
2019-01-18 2 img001.com/guagua/GuaGua2010Beta2Setup1119_1050.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 122.226.104.80

Date UQ / IDS / BL URL IP
2019-06-02 19:59:03 +0200
0 - 0 - 2 img003.com/soft/qixi55/qixi2010setup.exe 122.226.104.80
2019-06-02 17:25:58 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-06-02 15:27:15 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-06-02 14:07:27 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062139.exe 122.226.104.80
2019-06-02 13:56:05 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-06-02 13:42:18 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116053655.exe 122.226.104.80
2019-06-02 13:40:56 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062667.exe 122.226.104.80
2019-06-02 13:04:47 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21111019700.exe 122.226.104.80
2019-06-02 12:09:21 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062139.exe 122.226.104.80
2019-06-02 11:59:16 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2019-06-15 00:35:34 +0200
0 - 0 - 0 114.228.157.50 114.228.157.50
2019-06-14 16:29:02 +0200
0 - 0 - 0 119.86.30.13 119.86.30.13
2019-06-14 10:07:11 +0200
0 - 0 - 0 175.6.235.244 175.6.235.244
2019-06-13 21:20:04 +0200
0 - 0 - 0 flamess.cn 114.116.163.34
2019-06-13 19:01:36 +0200
0 - 0 - 0 218.91.0.217 218.91.0.217
2019-06-13 12:11:39 +0200
0 - 0 - 0 ad.foxitreader.cn 171.8.242.148
2019-06-13 12:06:40 +0200
0 - 0 - 0 www.customs.gov.cn/ 36.111.137.204
2019-06-13 09:08:18 +0200
0 - 0 - 0 222.85.26.203 222.85.26.203
2019-06-13 05:52:12 +0200
0 - 0 - 1 outlook.office.365.com 183.134.218.76
2019-06-13 04:46:33 +0200
0 - 0 - 0 114.104.155.56 114.104.155.56

Last 10 reports on domain: img003.com

Date UQ / IDS / BL URL IP
2019-06-02 19:59:03 +0200
0 - 0 - 2 img003.com/soft/qixi55/qixi2010setup.exe 122.226.104.80
2019-05-25 19:59:22 +0200
0 - 0 - 2 img003.com/soft/qixi55/qixi2010setup.exe 122.226.104.80
2019-05-23 01:21:51 +0200
0 - 1 - 2 d.img003.com/re58 61.155.140.250
2019-05-20 00:45:26 +0200
0 - 1 - 3 d.img003.com/guaguadance 61.155.140.250
2019-05-03 05:52:55 +0200
0 - 0 - 2 img003.com/soft/qixi55/qixi2010setup.exe 122.226.104.80
2019-04-19 04:23:34 +0200
0 - 0 - 2 img003.com/soft/coop/GuaGua2010Beta2Setup2010 (...) 122.226.104.80
2019-04-09 17:31:43 +0200
0 - 0 - 1 d.img003.com/re58/girl_20300028293.exe 61.155.140.250
2019-03-30 02:36:11 +0100
0 - 0 - 2 d.img003.com/kaifa 61.155.140.250
2019-03-19 08:30:39 +0100
0 - 0 - 3 img003.com/soft/qixi55/Qixi2010Setup1104_2003 (...) 122.226.104.80
2019-03-12 15:30:21 +0100
0 - 0 - 1 d.img003.com/re58/girlshow_22000030333.exe 61.155.140.250


JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (9)


Request Response
                                        
                                            GET /soft/guagua2010beta2setupgw_tg.exe HTTP/1.1 
Host: img003.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         122.226.104.80
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 18 Jan 2019 15:15:55 GMT
Content-Length: 154
Connection: keep-alive
Location: http://img001.com/guagua/GuaGua2010Beta2Setup1119_1050.exe


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /guagua/GuaGua2010Beta2Setup1119_1050.exe HTTP/1.1 
Host: img001.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         58.51.152.48
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: DnionOS/1.11.2.4_6
Date: Fri, 18 Jan 2019 14:10:42 GMT
Content-Length: 154
Connection: keep-alive
Location: http://www.guagua.cn
Age: 0
Via: http/1.1 CMC-CT-CNC-SDJN-P-118-89 (DLC-6.1.12), http/1.1 CT-HBXG-C-152-48 (DLC-6.1.12)
HitType: TCP_MISS
Server-Info: DnionATS


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Server: nginx
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: no-cache
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Transfer-Encoding: chunked
Content-Encoding: gzip
X-NWS-UUID-VERIFY: 92662033b8ea2b38108aabcc7301ddf8
Vary: Accept-Encoding
Etag: W/"5c388e11-ab4"
X-Daa-Tunnel: hop_count=5
X-NWS-LOG-UUID: 15882778995035837103 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Upstream, Hit From Upstream, Hit From Inner Cluster, Hit From Upstream, Hit From Inner Cluster


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1189
Md5:    39058465237699ae3ce4d28c0405090e
Sha1:   80ce2cc41a3f9461f29b47e618566acb1fd14aa6
Sha256: 0666b715de0809b057b419882c37f9ac8d906df4f5064ef196c7b2da8f7b9cee
                                        
                                            GET /jquery-1.7.2.min.js HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=gbk
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 33692
Content-Encoding: gzip
X-NWS-LOG-UUID: 6166474450043806578 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3 Gz, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33692
Md5:    d083088cd7374667da1eef37398e2340
Sha1:   e032b787c67f8f1340981d05ce64ff84ae8b12e9
Sha256: 42261416ca4125eff6564fcf0178408490cbf0e69b068d47086ac08f91c903f3
                                        
                                            GET /images/app-qrcode.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 8306
X-NWS-LOG-UUID: 8475192754892498828 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 250 x 250, 8-bit/color RGBA, non-interlaced
Size:   8306
Md5:    723db425cb14b0dec208b3d8e2090c78
Sha1:   3eeae386c17882cb15e0ad76400a65fac9b216de
Sha256: d46f5992cdde095bfa46f96c3d8119ded84b5e8fa9383f95648e03034cb617ec
                                        
                                            GET /images/btn-app-handle.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 27660
X-NWS-LOG-UUID: 9971477086506259797 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 230 x 360, 8-bit colormap, non-interlaced
Size:   27660
Md5:    c7521425fd073ea5001d719ff743a5b4
Sha1:   fc4f299ee6b68f9a22570a37ce512614bd34235b
Sha256: 6cf8da7c80d2b0a21961ccc0beec998a671b431c42fa5d682eb1475d47023d8f
                                        
                                            GET /images/bg-down-app.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:44 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:44 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 378088
X-NWS-LOG-UUID: 3383088274668038678 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 1920 x 1024, 8-bit colormap, non-interlaced
Size:   378088
Md5:    8749270ba05a009985d8af94e25f8b9f
Sha1:   5aa6fd5e57c8b900fcfea636bea40504db21d966
Sha256: 7fc8cc3b56cc9db35fd1a92dddbdd5f8bc113434d30b71e1d1443ef32250c54f
                                        
                                            GET /images/guaguahome.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:47 GMT
Cache-Control: max-age=604800
Expires: Fri, 25 Jan 2019 14:10:47 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 5238
X-NWS-LOG-UUID: 11664401739326107661 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   5238
Md5:    f201efd7439c9732c20d1e6d25d66109
Sha1:   fecfd69cd788a23288da3d19bb7489cac8b35ca2
Sha256: 0a3b8df2ab0b3f093971b90b60185ab1a44c38c61c60dfeef4561b800c290051
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         220.194.79.107
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 18 Jan 2019 14:10:47 GMT
Cache-Control: max-age=600
Expires: Fri, 18 Jan 2019 14:20:47 GMT
Last-Modified: Fri, 11 Jan 2019 12:37:37 GMT
Content-Length: 1150
X-NWS-LOG-UUID: 1079343136573523456 4c4df2ad367f7a7282b8c634e5bb5346
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    909f37ba591b1e562629a5a962d8e7a8
Sha1:   0679aa5307d078f9ecd808073d19fa21acbc980c
Sha256: 65b544f968c8b2538d54d2cfb5793f0b4495402ff0c9d1f2502df26fe9c7030b