Overview

URL img006.com/guaguadance/guaguadance1020_2222.exe
IP122.226.104.80
ASNAS4134 Chinanet
Location China
Report completed2018-12-24 11:33:48 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-24 2 img006.com/guaguadance/guaguadance1020_2222.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 122.226.104.80

Date UQ / IDS / BL URL IP
2019-04-19 04:23:34 +0200
0 - 0 - 2 img003.com/soft/coop/GuaGua2010Beta2Setup2010 (...) 122.226.104.80
2019-04-13 16:36:43 +0200
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.3_Simple_Setup (...) 122.226.104.80
2019-04-10 17:14:30 +0200
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80
2019-04-10 05:57:21 +0200
0 - 0 - 1 img006.com/gw/Qixi2013Beta3.5Setup1213_1000.exe 122.226.104.80
2019-04-09 17:14:38 +0200
0 - 0 - 1 img006.com/gw/caihong2013Beta3.3Setup0130_1000.exe 122.226.104.80
2019-03-24 11:47:55 +0100
0 - 0 - 1 img006.com/guaguadance/guaguadance1020_2222.exe 122.226.104.80
2019-03-24 11:47:14 +0100
0 - 0 - 1 img006.com/guaguadance/GuaGuaDance1020_2222.exe 122.226.104.80
2019-03-19 08:30:39 +0100
0 - 0 - 3 img003.com/soft/qixi55/Qixi2010Setup1104_2003 (...) 122.226.104.80
2019-03-14 06:53:12 +0100
0 - 0 - 1 img006.com/guagua/GuaGua5.1.5Setup0820_3002.exe 122.226.104.80
2019-03-14 06:28:32 +0100
0 - 0 - 1 img006.com/gw/qixi2013Beta3.3Setup0130_1000.exe 122.226.104.80

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2019-04-24 08:44:15 +0200
0 - 0 - 0 https://inv-veri.chinatax.gov.cn/ 58.222.40.69
2019-04-24 08:38:59 +0200
0 - 0 - 0 www.ljpte.com 183.136.214.152
2019-04-24 07:57:13 +0200
0 - 0 - 1 u1.innerpeer.com/zhugeyixuezcd1.exe 122.226.188.14
2019-04-24 07:57:05 +0200
0 - 0 - 1 u1.innerpeer.com/qqltjl.exe 122.226.188.14
2019-04-24 07:56:59 +0200
0 - 0 - 1 dx5.198174.com/qutuizs.apk 122.228.95.142
2019-04-24 07:56:54 +0200
0 - 0 - 1 dianxin8.91tzy.com/luxiangjitv.apk 222.241.7.166
2019-04-24 07:56:56 +0200
0 - 0 - 1 dianxin8.91tzy.com/wz_autohome.apk 222.241.7.166
2019-04-24 07:56:49 +0200
0 - 0 - 1 down2.869v.com/Game_358jMiu.exe 122.225.107.85
2019-04-24 07:56:50 +0200
0 - 0 - 1 u5.innerpeer.com/apk3/bilianlaobanniang.apk 122.226.188.14
2019-04-24 07:56:47 +0200
0 - 0 - 1 dx20.91tzy.com/sanzanghongbao.apk 218.75.155.229

Last 10 reports on domain: img006.com

Date UQ / IDS / BL URL IP
2019-04-13 16:36:43 +0200
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.3_Simple_Setup (...) 122.226.104.80
2019-04-10 17:14:30 +0200
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80
2019-04-10 05:57:21 +0200
0 - 0 - 1 img006.com/gw/Qixi2013Beta3.5Setup1213_1000.exe 122.226.104.80
2019-04-09 17:14:38 +0200
0 - 0 - 1 img006.com/gw/caihong2013Beta3.3Setup0130_1000.exe 122.226.104.80
2019-03-24 11:47:55 +0100
0 - 0 - 1 img006.com/guaguadance/guaguadance1020_2222.exe 122.226.104.80
2019-03-24 11:47:14 +0100
0 - 0 - 1 img006.com/guaguadance/GuaGuaDance1020_2222.exe 122.226.104.80
2019-03-14 06:53:12 +0100
0 - 0 - 1 img006.com/guagua/GuaGua5.1.5Setup0820_3002.exe 122.226.104.80
2019-03-14 06:28:32 +0100
0 - 0 - 1 img006.com/gw/qixi2013Beta3.3Setup0130_1000.exe 122.226.104.80
2019-02-23 16:01:04 +0100
0 - 1 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80
2019-02-14 11:02:26 +0100
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.3_Simple_Setup (...) 122.226.104.80


JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (8)


Request Response
                                        
                                            GET /guaguadance/guaguadance1020_2222.exe HTTP/1.1 
Host: img006.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         122.226.104.80
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 24 Dec 2018 10:33:16 GMT
Content-Length: 154
Connection: keep-alive
Location: http://www.guagua.cn


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Server: nginx
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:19 GMT
Cache-Control: no-cache
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Transfer-Encoding: chunked
Content-Encoding: gzip
X-NWS-UUID-VERIFY: 3ef9686624f0568cf6eb74300a0c5b02
Vary: Accept-Encoding
Etag: W/"5be97271-ab4"
X-Daa-Tunnel: hop_count=4
X-NWS-LOG-UUID: 8958482446762247404 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Upstream, Hit From Upstream, Hit From Inner Cluster, Hit From Upstream


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1189
Md5:    39058465237699ae3ce4d28c0405090e
Sha1:   80ce2cc41a3f9461f29b47e618566acb1fd14aa6
Sha256: 0666b715de0809b057b419882c37f9ac8d906df4f5064ef196c7b2da8f7b9cee
                                        
                                            GET /jquery-1.7.2.min.js HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=gbk
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:19 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:19 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 33692
Content-Encoding: gzip
X-NWS-LOG-UUID: 1020472152199393925 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3 Gz, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33692
Md5:    d083088cd7374667da1eef37398e2340
Sha1:   e032b787c67f8f1340981d05ce64ff84ae8b12e9
Sha256: 42261416ca4125eff6564fcf0178408490cbf0e69b068d47086ac08f91c903f3
                                        
                                            GET /images/app-qrcode.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:20 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:20 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 8306
X-NWS-LOG-UUID: 3858141759284125646 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 250 x 250, 8-bit/color RGBA, non-interlaced
Size:   8306
Md5:    723db425cb14b0dec208b3d8e2090c78
Sha1:   3eeae386c17882cb15e0ad76400a65fac9b216de
Sha256: d46f5992cdde095bfa46f96c3d8119ded84b5e8fa9383f95648e03034cb617ec
                                        
                                            GET /images/guaguahome.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:21 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:21 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 5238
X-NWS-LOG-UUID: 17956838393650224486 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   5238
Md5:    f201efd7439c9732c20d1e6d25d66109
Sha1:   fecfd69cd788a23288da3d19bb7489cac8b35ca2
Sha256: 0a3b8df2ab0b3f093971b90b60185ab1a44c38c61c60dfeef4561b800c290051
                                        
                                            GET /images/btn-app-handle.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:20 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:20 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 27660
X-NWS-LOG-UUID: 11954462249570215262 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3


--- Additional Info ---
Magic:  PNG image, 230 x 360, 8-bit colormap, non-interlaced
Size:   27660
Md5:    c7521425fd073ea5001d719ff743a5b4
Sha1:   fc4f299ee6b68f9a22570a37ce512614bd34235b
Sha256: 6cf8da7c80d2b0a21961ccc0beec998a671b431c42fa5d682eb1475d47023d8f
                                        
                                            GET /images/bg-down-app.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:20 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:20 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 378088
X-NWS-LOG-UUID: 13834601551979087418 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 1920 x 1024, 8-bit colormap, non-interlaced
Size:   378088
Md5:    8749270ba05a009985d8af94e25f8b9f
Sha1:   5aa6fd5e57c8b900fcfea636bea40504db21d966
Sha256: 7fc8cc3b56cc9db35fd1a92dddbdd5f8bc113434d30b71e1d1443ef32250c54f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:23 GMT
Cache-Control: max-age=600
Expires: Mon, 24 Dec 2018 10:43:23 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 1150
X-NWS-LOG-UUID: 17911848842846241410 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    909f37ba591b1e562629a5a962d8e7a8
Sha1:   0679aa5307d078f9ecd808073d19fa21acbc980c
Sha256: 65b544f968c8b2538d54d2cfb5793f0b4495402ff0c9d1f2502df26fe9c7030b