Overview

URL img006.com/guaguadance/guaguadance1020_2222.exe
IP122.226.104.80
ASNAS4134 Chinanet
Location China
Report completed2018-12-24 11:33:48 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-24 2 img006.com/guaguadance/guaguadance1020_2222.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 122.226.104.80

Date UQ / IDS / BL URL IP
2019-06-02 19:59:03 +0200
0 - 0 - 2 img003.com/soft/qixi55/qixi2010setup.exe 122.226.104.80
2019-06-02 17:25:58 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-06-02 15:27:15 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-06-02 14:07:27 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062139.exe 122.226.104.80
2019-06-02 13:56:05 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80
2019-06-02 13:42:18 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116053655.exe 122.226.104.80
2019-06-02 13:40:56 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062667.exe 122.226.104.80
2019-06-02 13:04:47 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21111019700.exe 122.226.104.80
2019-06-02 12:09:21 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062139.exe 122.226.104.80
2019-06-02 11:59:16 +0200
0 - 1 - 2 zh.re58.cn/c/girlshow_21116062841.exe 122.226.104.80

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2019-06-30 16:58:24 +0200
0 - 0 - 1 122.228.19.79 122.228.19.79
2019-06-30 01:25:16 +0200
0 - 0 - 1 www.remote88.com 221.229.204.28
2019-06-30 00:49:54 +0200
0 - 0 - 1 www.remote88.com 221.229.204.28
2019-06-30 00:34:56 +0200
0 - 0 - 0 124.156.198.92 124.156.198.92
2019-06-27 15:07:26 +0200
0 - 0 - 0 222.244.147.121 222.244.147.121
2019-06-27 14:04:17 +0200
0 - 0 - 0 180.119.141.202 180.119.141.202
2019-06-27 11:53:46 +0200
0 - 4 - 7 www.crc-gas.com/ 221.224.15.244
2019-06-27 04:46:38 +0200
0 - 0 - 0 www.trulyrs.com/ 118.122.224.180
2019-06-27 00:56:00 +0200
0 - 0 - 4 b2b.huangye88.com/tianjin/guanggao/pn6/ 61.184.215.223
2019-06-27 00:48:40 +0200
0 - 0 - 5 b2b.huangye88.com/tianjin/guanggao/pn2/ 61.184.215.223

Last 10 reports on domain: img006.com

Date UQ / IDS / BL URL IP
2019-05-24 05:26:25 +0200
0 - 1 - 0 img006.com/guagua/GuaGua5.1.5Setup0820_3002.exe 122.226.104.80
2019-05-24 05:23:19 +0200
0 - 1 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80
2019-05-24 05:23:14 +0200
0 - 1 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80
2019-05-24 05:22:49 +0200
0 - 1 - 1 img006.com/gw/kele/KeLe2012Beta3.0Setup0615_0.exe 122.226.104.80
2019-05-24 05:22:44 +0200
0 - 1 - 1 img006.com/guagua_tg/GuaGua5.1.3_Simple_Setup (...) 122.226.104.80
2019-05-24 05:22:17 +0200
0 - 1 - 1 img006.com/gw/Qixi2013Beta3.5Setup1213_1000.exe 122.226.104.80
2019-05-24 05:22:07 +0200
0 - 1 - 1 img006.com/gw/caihong2013Beta3.3Setup0130_1000.exe 122.226.104.80
2019-05-10 08:36:03 +0200
0 - 0 - 1 img006.com/guagua/GuaGua-0.8.0.7-1.apk 122.226.104.80
2019-04-13 16:36:43 +0200
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.3_Simple_Setup (...) 122.226.104.80
2019-04-10 17:14:30 +0200
0 - 0 - 1 img006.com/guagua_tg/GuaGua5.1.5Setup_0927142 (...) 122.226.104.80


JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (8)


Request Response
                                        
                                            GET /guaguadance/guaguadance1020_2222.exe HTTP/1.1 
Host: img006.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         122.226.104.80
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 24 Dec 2018 10:33:16 GMT
Content-Length: 154
Connection: keep-alive
Location: http://www.guagua.cn


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Server: nginx
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:19 GMT
Cache-Control: no-cache
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Transfer-Encoding: chunked
Content-Encoding: gzip
X-NWS-UUID-VERIFY: 3ef9686624f0568cf6eb74300a0c5b02
Vary: Accept-Encoding
Etag: W/"5be97271-ab4"
X-Daa-Tunnel: hop_count=4
X-NWS-LOG-UUID: 8958482446762247404 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Upstream, Hit From Upstream, Hit From Inner Cluster, Hit From Upstream


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1189
Md5:    39058465237699ae3ce4d28c0405090e
Sha1:   80ce2cc41a3f9461f29b47e618566acb1fd14aa6
Sha256: 0666b715de0809b057b419882c37f9ac8d906df4f5064ef196c7b2da8f7b9cee
                                        
                                            GET /jquery-1.7.2.min.js HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=gbk
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:19 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:19 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 33692
Content-Encoding: gzip
X-NWS-LOG-UUID: 1020472152199393925 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3 Gz, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33692
Md5:    d083088cd7374667da1eef37398e2340
Sha1:   e032b787c67f8f1340981d05ce64ff84ae8b12e9
Sha256: 42261416ca4125eff6564fcf0178408490cbf0e69b068d47086ac08f91c903f3
                                        
                                            GET /images/app-qrcode.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:20 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:20 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 8306
X-NWS-LOG-UUID: 3858141759284125646 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 250 x 250, 8-bit/color RGBA, non-interlaced
Size:   8306
Md5:    723db425cb14b0dec208b3d8e2090c78
Sha1:   3eeae386c17882cb15e0ad76400a65fac9b216de
Sha256: d46f5992cdde095bfa46f96c3d8119ded84b5e8fa9383f95648e03034cb617ec
                                        
                                            GET /images/guaguahome.jpg HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:21 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:21 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 5238
X-NWS-LOG-UUID: 17956838393650224486 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   5238
Md5:    f201efd7439c9732c20d1e6d25d66109
Sha1:   fecfd69cd788a23288da3d19bb7489cac8b35ca2
Sha256: 0a3b8df2ab0b3f093971b90b60185ab1a44c38c61c60dfeef4561b800c290051
                                        
                                            GET /images/btn-app-handle.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:20 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:20 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 27660
X-NWS-LOG-UUID: 11954462249570215262 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3


--- Additional Info ---
Magic:  PNG image, 230 x 360, 8-bit colormap, non-interlaced
Size:   27660
Md5:    c7521425fd073ea5001d719ff743a5b4
Sha1:   fc4f299ee6b68f9a22570a37ce512614bd34235b
Sha256: 6cf8da7c80d2b0a21961ccc0beec998a671b431c42fa5d682eb1475d47023d8f
                                        
                                            GET /images/bg-down-app.png HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.guagua.cn/

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:20 GMT
Cache-Control: max-age=604800
Expires: Mon, 31 Dec 2018 10:33:20 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 378088
X-NWS-LOG-UUID: 13834601551979087418 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  PNG image, 1920 x 1024, 8-bit colormap, non-interlaced
Size:   378088
Md5:    8749270ba05a009985d8af94e25f8b9f
Sha1:   5aa6fd5e57c8b900fcfea636bea40504db21d966
Sha256: 7fc8cc3b56cc9db35fd1a92dddbdd5f8bc113434d30b71e1d1443ef32250c54f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.guagua.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         139.215.203.199
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Mon, 24 Dec 2018 10:33:23 GMT
Cache-Control: max-age=600
Expires: Mon, 24 Dec 2018 10:43:23 GMT
Last-Modified: Mon, 12 Nov 2018 12:30:41 GMT
Content-Length: 1150
X-NWS-LOG-UUID: 17911848842846241410 25a9babe326be19ecf8cbc6724e45e0b
X-Cache-Lookup: Hit From Disktank3, Hit From Inner Cluster
X-Daa-Tunnel: hop_count=1


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    909f37ba591b1e562629a5a962d8e7a8
Sha1:   0679aa5307d078f9ecd808073d19fa21acbc980c
Sha256: 65b544f968c8b2538d54d2cfb5793f0b4495402ff0c9d1f2502df26fe9c7030b