Report - cdndown.tongda2000.com/oa/2013adv/ispirit_for

Report Overview

Submitted URL
cdndown.tongda2000.com/oa/2013adv/ispirit_for_MAC.zip
IP
180.101.203.207
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network
Submitted
2024-05-05 02:36:51
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdndown.tongda2000.com	unknown	2002-06-28	2013-04-25	2019-04-30	507 B	618 kB	180.101.203.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdndown.tongda2000.com/oa/2013adv/ispirit_for_MAC.zip
IP
180.101.203.207
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
617 kB (617023 bytes)
Hash
83a6947dfe9b85b8477945723f807f2f
e34ebc150fa6455652359a26e609fd7abb344126
4c3ed5ddcfaa85f8c2f6f06b9a9e95b09ff0734e2e45e7537aa1e43a00a66ab3

Archive (48)

Filename

Md5

File type

.DS_Store

131f7f641219e011b2e60043590a1bf6

Apple Desktop Services Store

._.DS_Store

236abd9a367e5a390f2728fd931a7f1c

AppleDouble encoded Macintosh file

Info.plist

adfe2eacd9801a27fbf643ce337dcac0

XML 1.0 document, Unicode text, UTF-8 text

通达OA精灵

44aa15b44b9ae101a9a87fcd0502d106

PkgInfo

23b7d7d024abb0f558420e098800bf27

ASCII text, with no line terminators

app.icns

d8580577f173ef6ceef391a22a990563

Mac OS X icon, 99336 bytes, "h8mk" type

back.png

0e4f279b8a82f3db411f19f649c66410

PNG image data, 320 x 444, 8-bit/color RGBA, non-interlaced

btn_address.png

b20b7898bc2dc58ee99d147d1d2f0878

PNG image data, 31 x 30, 8-bit/color RGBA, non-interlaced

btn_address_setting1.png

0ba5bfe5ff1699753eed0ca579f3c383

PNG image data, 45 x 44, 8-bit/color RGBA, non-interlaced

btn_login1.png

4f73e27bb39ad85a645f9a1ee3a76425

PNG image data, 440 x 85, 8-bit/color RGBA, non-interlaced

button_1.png

53732c669a7a3ee3f3c8c31359286c21

PNG image data, 96 x 39, 8-bit/color RGBA, non-interlaced

button_2.PNG

ea9d21c4caad19968176490a36f702d5

PNG image data, 96 x 39, 8-bit/color RGBA, non-interlaced

button_3.PNG

bc461ca7c2155a54bf84f7435678bad7

PNG image data, 96 x 39, 8-bit/color RGBA, non-interlaced

button_background.png

9bd77be76b1c9fd2969211146bcfc67e

PNG image data, 281 x 91, 8-bit/color RGBA, non-interlaced

cloud.png

c2820fbf013def1d52b83c8ef96adcc1

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

cloud_hover.png

57175ffc9e96b282ba54be51fb652e72

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

delete.png

9826fc2c9fb534635e9d829857a82b13

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

Credits.rtf

23a43751f07f945728091b1ad2e4c666

Rich Text Format data, version 1, ANSI, code page 936

InfoPlist.strings

51ef59b60e5b41b91519cc662a9fe886

Unicode text, UTF-16, little-endian text

MainMenu.nib

18c231973d2a3a27a5ad1bce1df4f4dd

Apple binary property list

MyDocument.nib

978b218b614ad03c9f2ee8772fb8dc39

Apple binary property list

icon120.png

8da47ec8c90a1eb70cb7726e7cc902c3

PNG image data, 250 x 142, 8-bit/color RGBA, non-interlaced

info.txt

84a40ad3ddb8c76d06fefc0aaf76d4e5

Unicode text, UTF-8 text, with CR line terminators

IPChooseViewController.nib

bb4feae7826eed066f5e95ad0dfa8346

Apple binary property list

login_bk.png

59d055d0a7cb6ee743bb3fdd2bca0024

PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced

login_bottom.png

f6cdbea67c242e0a9e4cd133fd9fe508

PNG image data, 325 x 109, 8-bit/color RGBA, non-interlaced

login_edit.png

4938c6f9fbfd102b4c982560743cb707

PNG image data, 250 x 197, 8-bit/color RGBA, non-interlaced

LoginView.nib

ea6e95a0fbcf7cc4b1a30a7bc1aee285

Apple binary property list

logo.png

b29d6b1eda35dff8accea142031a96b9

PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced

mail.png

095a4478ffcb43cc4998c3db07c0f25c

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

mailHover.png

101a7f6cf66887575ca284b2c5a09555

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

main.ico

7abe9281d4f68726010109385ef0992f

MS Windows icon resource - 19 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel

ManagingViewController.nib

baff64aa454d2aa644372a63545defbd

Apple binary property list

mass.png

4d604eb99f5fd129ce086160606a3c9c

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

massHover.png

20bbf5296cedcae34af294cfba0fcf84

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

MessageBox.nib

715228da4cdfd24a6c3b97f2c2df870f

Apple binary property list

MyDocument.mom

f1a6759bc308bb088962d49a49f026af

Apple binary property list

MyDocument.omo

529d3c1283d22e1d917f4bb9fe2e8d18

data

VersionInfo.plist

3f29b3e985ad0a6fafdca6e7549582e8

Apple binary property list

NavView.nib

1c3e2c7fafbc2fe54cc22dcabe43a6d2

Apple binary property list

newback.png

f026bf7fdd0b5aa09594d3757f3e5199

PNG image data, 320 x 444, 8-bit/color RGB, non-interlaced

newicon120.png

8f0c8118d7fd3a1d1663d94dcadfb281

PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced

notice.png

94ff18d163a40e3a45ecbf4f05fce392

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

noticeHover.png

426e11a4bf6b02e493e67f3291fb1b84

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

SecurePass.nib

65f4304d9a7ebad1aa3fbe9352e3df4f

Apple binary property list

task_center _hover.png

34b726fa70799224a1a07728e1afe438

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

task_center.png

c38e48947e9d45122c9e3ab92256045d

PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced

WebJavaScriptTextInputPanel.nib

96a48af44b54e9a6e3d5f0ef068b751d

Apple binary property list

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cdndown.tongda2000.com/oa/2013adv/ispirit_for_MAC.zip	180.101.203.207	200 OK	617 kB
URL User Request GET HTTP/2 cdndown.tongda2000.com/oa/2013adv/ispirit_for_MAC.zip IP 180.101.203.207:443 ASN #140292 CHINATELECOM Jiangsu province Suzhou 5G network Certificate IssuerDigiCert, Inc. Subject.tongda2000.com FingerprintD3:C3:3F:8B:A8:55:08:1D:46:C7:57:49:A8:22:3A:1E:EA:BB:EF:D8 ValidityTue, 25 Apr 2023 00:00:00 GMT - Fri, 24 May 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 617 kB (617023 bytes) Hash 83a6947dfe9b85b8477945723f807f2f e34ebc150fa6455652359a26e609fd7abb344126 4c3ed5ddcfaa85f8c2f6f06b9a9e95b09ff0734e2e45e7537aa1e43a00a66ab3 HTTP Headers `GET /oa/2013adv/ispirit_for_MAC.zip HTTP/1.1 Host: cdndown.tongda2000.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: Tengine content-type: application/zip content-length: 617023 date: Sun, 05 May 2024 02:34:45 GMT x-oss-request-id: 6636F045EEC74238329FCEA6 x-oss-cdn-auth: success accept-ranges: bytes etag: "83A6947DFE9B85B8477945723F807F2F" last-modified: Thu, 04 Jun 2020 18:09:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 738149252980687474 x-oss-storage-class: Standard content-md5: g6aUff6bhbhHeUVyP4B/Lw== x-oss-server-time: 86 ali-swift-global-savetime: 1714876485 via: cache16.l2cn3160[0,0,200-0,H], cache41.l2cn3160[1,0], kunlun4.cn2528[0,0,200-0,H], kunlun6.cn2528[1,0] age: 101 x-cache: HIT TCP_MEM_HIT dirn:10:142635411 x-swift-savetime: Sun, 05 May 2024 02:36:20 GMT x-swift-cachetime: 3600 timing-allow-origin: eagleid: b465cb8817148765860211323e X-Firefox-Spdy: h2

cdndown.tongda2000.com/oa/2013adv/ispirit_for_MAC.zip

180.101.203.207

200 OK

617 kB

URL User Request GET HTTP/2
cdndown.tongda2000.com/oa/2013adv/ispirit_for_MAC.zip
IP
180.101.203.207:443
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network

Certificate
IssuerDigiCert, Inc.
Subject*.tongda2000.com
FingerprintD3:C3:3F:8B:A8:55:08:1D:46:C7:57:49:A8:22:3A:1E:EA:BB:EF:D8
ValidityTue, 25 Apr 2023 00:00:00 GMT - Fri, 24 May 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
617 kB (617023 bytes)
Hash
83a6947dfe9b85b8477945723f807f2f
e34ebc150fa6455652359a26e609fd7abb344126
4c3ed5ddcfaa85f8c2f6f06b9a9e95b09ff0734e2e45e7537aa1e43a00a66ab3

HTTP Headers

GET /oa/2013adv/ispirit_for_MAC.zip HTTP/1.1
Host: cdndown.tongda2000.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/zip
content-length: 617023
date: Sun, 05 May 2024 02:34:45 GMT
x-oss-request-id: 6636F045EEC74238329FCEA6
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "83A6947DFE9B85B8477945723F807F2F"
last-modified: Thu, 04 Jun 2020 18:09:22 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 738149252980687474
x-oss-storage-class: Standard
content-md5: g6aUff6bhbhHeUVyP4B/Lw==
x-oss-server-time: 86
ali-swift-global-savetime: 1714876485
via: cache16.l2cn3160[0,0,200-0,H], cache41.l2cn3160[1,0], kunlun4.cn2528[0,0,200-0,H], kunlun6.cn2528[1,0]
age: 101
x-cache: HIT TCP_MEM_HIT dirn:10:142635411
x-swift-savetime: Sun, 05 May 2024 02:36:20 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b465cb8817148765860211323e
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (48)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers