Report - res.ssjss.cn/zemupdate/mmkv.dll

Report Overview

Submitted URL
res.ssjss.cn/zemupdate/mmkv.dll
IP
122.228.193.4
ASN
#134771 WENZHOU, ZHEJIANG Province, P.R.China.
Submitted
2024-04-20 15:58:04
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2024-04-17	668 B	2.9 kB	36.248.38.100
res.ssjss.cn	unknown	2023-12-05	2024-04-13	2024-04-15	485 B	258 kB	122.228.193.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	res.ssjss.cn/zemupdate/mmkv.dll	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
res.ssjss.cn/zemupdate/mmkv.dll
IP
122.228.193.4
ASN
#134771 WENZHOU, ZHEJIANG Province, P.R.China.

File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections
Size
257 kB (257416 bytes)
Hash
253e42927341e1905183d16a34e42d3c
7bd177b223230d526019e95eec674b7fae8537ad
66735ec91ac4f2ee0beae3542603becc0ef584dc221d5698a6bf38087ffa1f7f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.trust-provider.cn/

36.248.38.100

599 B

URL
ocsp.trust-provider.cn/
IP
36.248.38.100:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
data
Size
599 B (599 bytes)
Hash
eba1a11201782bfac5d2cfbca5468646
215ae7559932358f8ebf7bd0bbe2b29e9c0b6f9d
d9a160ab6958f2ebd69230d1f8415b2d46a92fdd7031d8e1038c5b6091fa98ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
ctl-cache-status: MISS from sg-singapore2-ca13, HIT from fj-quanzhou7-ca48, HIT from js-nanjing1-ca35
etag: "215ae7559932358f8ebf7bd0bbe2b29e9c0b6f9d"
age: 2
request-id: 6623e5f4a1ada0d450a7b6e8a125494e
date: Sat, 20 Apr 2024 15:57:40 GMT
x-ccacdn-proxy-id: scdpinlb5
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
accept-ranges: bytes
last-modified: Sat, 20 Apr 2024 10:10:17 GMT
expires: Sat, 27 Apr 2024 10:10:16 GMT
cache-control: max-age=3600
cf-ray: 877654cb8db448fa-SIN
via: n172-013-216.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 171362866028e3bfe18a3370f66a1d7f713eca0777
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=33, edge;dur=0

ocsp.trust-provider.cn/

183.201.243.154

599 B

URL
ocsp.trust-provider.cn/
IP
183.201.243.154:0
ASN
#132510 IDC ShanXi China Mobile communications corporation

File type
data
Size
599 B (599 bytes)
Hash
eba1a11201782bfac5d2cfbca5468646
215ae7559932358f8ebf7bd0bbe2b29e9c0b6f9d
d9a160ab6958f2ebd69230d1f8415b2d46a92fdd7031d8e1038c5b6091fa98ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
ctl-cache-status: MISS from sg-singapore2-ca13, MISS from fj-quanzhou7-ca48, HIT from sn-xian3-ca05
etag: "215ae7559932358f8ebf7bd0bbe2b29e9c0b6f9d"
last-modified: Sat, 20 Apr 2024 10:10:17 GMT
x-frame-options: SAMEORIGIN
request-id: 6623e5f5669172f16455a7631c092180
date: Sat, 20 Apr 2024 15:57:41 GMT
expires: Sat, 27 Apr 2024 10:10:16 GMT
age: 3
cache-control: max-age=3600
x-ccacdn-proxy-id: scdpinlb5
cf-cache-status: EXPIRED
accept-ranges: bytes
cf-ray: 877654cb8db448fa-SIN
via: n157-200-219.xamp.ToB,n183-201-243-132.bdcdn-tycm06.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1713628661f2bd1cb2d23969af3c270746b89aed5d
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS,  origin;dur=7, edge;dur=17, cdn-cache;desc=MISS

res.ssjss.cn/zemupdate/mmkv.dll

122.228.193.4

200 OK

257 kB

URL User Request GET HTTP/2
res.ssjss.cn/zemupdate/mmkv.dll
IP
122.228.193.4:443
ASN
#134771 WENZHOU, ZHEJIANG Province, P.R.China.

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectres.ssjss.cn
FingerprintD1:D3:F4:A0:3E:18:A9:33:9C:D6:7E:41:88:DF:13:48:A2:ED:50:78
ValidityMon, 15 Apr 2024 00:00:00 GMT - Tue, 15 Apr 2025 23:59:59 GMT

File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections
Size
257 kB (257416 bytes)
Hash
253e42927341e1905183d16a34e42d3c
7bd177b223230d526019e95eec674b7fae8537ad
66735ec91ac4f2ee0beae3542603becc0ef584dc221d5698a6bf38087ffa1f7f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

HTTP Headers

GET /zemupdate/mmkv.dll HTTP/1.1
Host: res.ssjss.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 20 Apr 2024 15:57:41 GMT
content-type: application/octet-stream
content-length: 257416
last-modified: Sat, 13 Apr 2024 13:54:16 GMT
etag: "661a8e88-3ed88"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers