Report - pdds.ucweb.com/download/stfile/ooursrpuqopsoprl/iflytek-arm64-v8a-20240202191119.zip

Report Overview

Submitted URL
pdds.ucweb.com/download/stfile/ooursrpuqopsoprl/iflytek-arm64-v8a-20240202191119.zip
IP
59.82.31.142
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-03-29 02:15:40
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pdds.ucweb.com	198884	2003-05-20	2015-02-05	2024-03-28	538 B	793 B	59.82.31.142
pdds-cdn.uc.cn	105752	2003-03-17	2019-04-12	2024-03-26	651 B	3.9 MB	115.223.42.211

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pdds-cdn.uc.cn/3-4/stfile/2403/88d85d27bf361293298773094ed26c09/iflytek-arm64-v8a-20240202191119.zip?auth_key=1712283314-0-0-74e66081e1986b102356c96a5e230d1c&SESSID=2ef2f913ec55ae48cf7d83290a28b120
IP
115.223.42.211
ASN
#134771 WENZHOU, ZHEJIANG Province, P.R.China.

File type
Zip archive data, at least v1.0 to extract, compression method=deflate
Size
3.9 MB (3931733 bytes)
Hash
88d85d27bf361293298773094ed26c09
bcad6a76857a8ed5c58847bf11f6df703a8e8da9
a35f492e4e84672382b2df7505746a2e296254401a212bcd012a5fc04ed9ca5d

Archive (3)

Filename

Md5

File type

libAIKIT.so

7cd58837b81b5e02e88ab7881d5858f0

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libebd1bade4_v1025_aee.so

c70227cd8a2e6e78cb0f6428363f4ec0

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

lib_info.json

0ce14566c5c8b2dd20cd7424f35652ee

JSON text data

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	pdds.ucweb.com/download/stfile/ooursrpuqopsoprl/iflytek-arm64-v8a-20240202191119.zip	59.82.31.142	302 Found	0 B
URL User Request GET HTTP/2 pdds.ucweb.com/download/stfile/ooursrpuqopsoprl/iflytek-arm64-v8a-20240202191119.zip IP 59.82.31.142:443 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Certificate IssuerGlobalSign nv-sa Subject.tanx.com FingerprintF0:2F:16:5B:D1:19:2A:8F:20:E7:A2:C8:F4:4B:97:86:15:8E:E4:34 ValidityFri, 02 Jun 2023 06:02:03 GMT - Wed, 03 Jul 2024 05:56:05 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /download/stfile/ooursrpuqopsoprl/iflytek-arm64-v8a-20240202191119.zip HTTP/1.1 Host: pdds.ucweb.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Fri, 29 Mar 2024 02:15:14 GMT content-length: 0 location: https://pdds-cdn.uc.cn/3-4/stfile/2403/88d85d27bf361293298773094ed26c09/iflytek-arm64-v8a-20240202191119.zip?auth_key=1712283314-0-0-74e66081e1986b102356c96a5e230d1c&SESSID=2ef2f913ec55ae48cf7d83290a28b120 server: Tengine x-application-context: pdds:9019 set-cookie: downloadid=2ef2f913ec55ae48cf7d83290a28b120; Max-Age=1800; Expires=Fri, 29-Mar-2024 02:45:14 GMT x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 x-frame-options: DENY strict-transport-security: max-age=31536000 ; includeSubDomains eagleeye-traceid: 0bf8fe5a17116785142532834e6a46 timing-allow-origin: X-Firefox-Spdy: h2

	pdds-cdn.uc.cn/3-4/stfile/2403/88d85d27bf361293298773094ed26c09/iflytek-arm64-v8a-20240202191119.zip?auth_key=1712283314-0-0-74e66081e1986b102356c96a5e230d1c&SESSID=2ef2f913ec55ae48cf7d83290a28b120	115.223.42.211	200 OK	3.9 MB
URL User Request GET HTTP/2 pdds-cdn.uc.cn/3-4/stfile/2403/88d85d27bf361293298773094ed26c09/iflytek-arm64-v8a-20240202191119.zip?auth_key=1712283314-0-0-74e66081e1986b102356c96a5e230d1c&SESSID=2ef2f913ec55ae48cf7d83290a28b120 IP 115.223.42.211:443 ASN #134771 WENZHOU, ZHEJIANG Province, P.R.China. Certificate IssuerGlobalSign nv-sa Subject.uc.cn FingerprintEF:76:66:0B:BC:06:CB:DC:CA:4F:DB:1A:04:75:36:84:9F:9A:72:F3 ValidityFri, 05 Jan 2024 01:56:02 GMT - Wed, 05 Feb 2025 01:56:01 GMT File type Zip archive data, at least v1.0 to extract, compression method=deflate Size 3.9 MB (3931733 bytes) Hash 88d85d27bf361293298773094ed26c09 bcad6a76857a8ed5c58847bf11f6df703a8e8da9 a35f492e4e84672382b2df7505746a2e296254401a212bcd012a5fc04ed9ca5d HTTP Headers GET /3-4/stfile/2403/88d85d27bf361293298773094ed26c09/iflytek-arm64-v8a-20240202191119.zip?auth_key=1712283314-0-0-74e66081e1986b102356c96a5e230d1c&SESSID=2ef2f913ec55ae48cf7d83290a28b120 HTTP/1.1 Host: pdds-cdn.uc.cn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: Tengine content-type: application/zip content-length: 3931733 date: Fri, 29 Mar 2024 02:06:56 GMT x-oss-request-id: 6606224029BE303633DA9CAF x-oss-cdn-auth: success accept-ranges: bytes x-oss-object-type: Multipart x-oss-storage-class: Standard x-oss-server-time: 48 ali-swift-global-savetime: 1711678016 via: cache10.l2cn3125[0,0,304-0,H], cache55.l2cn3125[1,0], cache55.l2cn3125[1,0], ens-cache24.cn6841[0,0,200-0,H], ens-cache18.cn6841[0,0] etag: "EB48CC9DA6B0771D338B93DC810A3737-4" last-modified: Thu, 07 Mar 2024 11:11:58 GMT x-oss-hash-crc64ecma: 11037990139421336429 age: 499 x-cache: HIT TCP_MEM_HIT dirn:13:233039394 mlen:0 x-swift-savetime: Fri, 29 Mar 2024 02:14:48 GMT x-swift-cachetime: 3600 timing-allow-origin: eagleid: 73df2aa617116785153496122e X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers