Report - pdds.ucweb.com/download/stfile/ppvqrppxspqtprrwm/libmsc-armeabi-v7a.zip

Report Overview

Submitted URL
pdds.ucweb.com/download/stfile/ppvqrppxspqtprrwm/libmsc-armeabi-v7a.zip
IP
59.82.31.215
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.
Submitted
2024-04-18 07:30:06
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pdds.ucweb.com	198884	2003-05-20	2015-02-05	2024-04-17	525 B	780 B	59.82.23.63
pdds-cdn.uc.cn	105752	2003-03-17	2019-04-12	2024-04-17	638 B	3.6 MB	61.160.227.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pdds-cdn.uc.cn/27-4/stfile/2210/a032c1a4a6ec59a3d7e89c818b289875/libmsc-armeabi-v7a.zip?auth_key=1714030181-0-0-44a00ee91ccedadf818acd222d3a3a30&SESSID=11971a3c7622b3bd1a2d4e9d390b4115
IP
61.160.227.234
ASN
#4134 Chinanet

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.6 MB (3640999 bytes)
Hash
a032c1a4a6ec59a3d7e89c818b289875
f8bf4db7df96c469bdf63ad2307477a9a982a4f3
562a46783bfae4c3ccb9744be5d98c36dc7cd3fa5f041186cdf67912ca049cb2

Archive (1)

Filename

Md5

File type

libmsc.so

09bd638d08e07d54daa27c9b1b55b077

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	pdds.ucweb.com/download/stfile/ppvqrppxspqtprrwm/libmsc-armeabi-v7a.zip	59.82.23.63	302 Found	0 B
URL User Request GET HTTP/2 pdds.ucweb.com/download/stfile/ppvqrppxspqtprrwm/libmsc-armeabi-v7a.zip IP 59.82.23.63:443 ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd. Certificate IssuerGlobalSign nv-sa Subject.tanx.com FingerprintF0:2F:16:5B:D1:19:2A:8F:20:E7:A2:C8:F4:4B:97:86:15:8E:E4:34 ValidityFri, 02 Jun 2023 06:02:03 GMT - Wed, 03 Jul 2024 05:56:05 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /download/stfile/ppvqrppxspqtprrwm/libmsc-armeabi-v7a.zip HTTP/1.1 Host: pdds.ucweb.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Thu, 18 Apr 2024 07:29:41 GMT content-length: 0 location: https://pdds-cdn.uc.cn/27-4/stfile/2210/a032c1a4a6ec59a3d7e89c818b289875/libmsc-armeabi-v7a.zip?auth_key=1714030181-0-0-44a00ee91ccedadf818acd222d3a3a30&SESSID=11971a3c7622b3bd1a2d4e9d390b4115 server: Tengine x-application-context: pdds:9019 set-cookie: downloadid=11971a3c7622b3bd1a2d4e9d390b4115; Max-Age=1800; Expires=Thu, 18-Apr-2024 07:59:41 GMT x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 x-frame-options: DENY strict-transport-security: max-age=31536000 ; includeSubDomains eagleeye-traceid: 213cd14f17134253814875434e6b27 timing-allow-origin: X-Firefox-Spdy: h2

	pdds-cdn.uc.cn/27-4/stfile/2210/a032c1a4a6ec59a3d7e89c818b289875/libmsc-armeabi-v7a.zip?auth_key=1714030181-0-0-44a00ee91ccedadf818acd222d3a3a30&SESSID=11971a3c7622b3bd1a2d4e9d390b4115	61.160.227.234	200 OK	3.6 MB
URL User Request GET HTTP/2 pdds-cdn.uc.cn/27-4/stfile/2210/a032c1a4a6ec59a3d7e89c818b289875/libmsc-armeabi-v7a.zip?auth_key=1714030181-0-0-44a00ee91ccedadf818acd222d3a3a30&SESSID=11971a3c7622b3bd1a2d4e9d390b4115 IP 61.160.227.234:443 ASN #4134 Chinanet Certificate IssuerGlobalSign nv-sa Subject.uc.cn FingerprintEF:76:66:0B:BC:06:CB:DC:CA:4F:DB:1A:04:75:36:84:9F:9A:72:F3 ValidityFri, 05 Jan 2024 01:56:02 GMT - Wed, 05 Feb 2025 01:56:01 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 3.6 MB (3640999 bytes) Hash a032c1a4a6ec59a3d7e89c818b289875 f8bf4db7df96c469bdf63ad2307477a9a982a4f3 562a46783bfae4c3ccb9744be5d98c36dc7cd3fa5f041186cdf67912ca049cb2 HTTP Headers GET /27-4/stfile/2210/a032c1a4a6ec59a3d7e89c818b289875/libmsc-armeabi-v7a.zip?auth_key=1714030181-0-0-44a00ee91ccedadf818acd222d3a3a30&SESSID=11971a3c7622b3bd1a2d4e9d390b4115 HTTP/1.1 Host: pdds-cdn.uc.cn User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: Tengine content-type: application/zip content-length: 3640999 date: Thu, 18 Apr 2024 06:47:54 GMT x-oss-request-id: 6620C21AD3E66634337354E8 x-oss-cdn-auth: success accept-ranges: bytes x-oss-object-type: Multipart x-oss-storage-class: Standard x-oss-server-time: 51 ali-swift-global-savetime: 1713422874 via: cache37.l2cn1827[0,-1,304-0,H], cache63.l2cn1827[0,0], cache63.l2cn1827[1,0], vcache9.cn5881[0,0,200-0,H], vcache10.cn5881[2,0] etag: "75FD45D5DB795356CE839D3DDCB5D824-4" last-modified: Thu, 13 Oct 2022 12:18:22 GMT x-oss-hash-crc64ecma: 14304227178654034308 age: 2508 x-cache: HIT TCP_MEM_HIT dirn:11:171960370 mlen:0 x-swift-savetime: Thu, 18 Apr 2024 07:29:23 GMT x-swift-cachetime: 3600 timing-allow-origin: eagleid: 3da0e39e17134253824645841e X-Firefox-Spdy: h2