Report - cl.ssouy.com/download/steam_api.dll

Report Overview

Submitted URL
cl.ssouy.com/download/steam_api.dll_30@65786.exe
IP
168.76.252.79
ASN
#137951 ASLINE LIMITED
Submitted
2024-03-28 10:38:21
Access
public
Website Title
日月同行信息技术（北京）有限公司-官网
Final URL
cl.ssouy.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cl.ssouy.com	unknown	2019-12-28	2017-01-18	2024-03-27	1.5 kB	10 kB	168.76.252.79
43.139.22.16:1668	unknown	unknown	No data	No data	690 B	35 kB	43.139.22.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	43.139.22.16	Sinkholed
2024-03-28	medium	43.139.22.16	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

cl.ssouy.com/download/steam_api.dll_30@65786.exe

168.76.252.79

301 Moved Permanently

17 B

URL User Request GET HTTP/1.1
cl.ssouy.com/download/steam_api.dll_30@65786.exe
IP
168.76.252.79:80
ASN
#137951 ASLINE LIMITED

File type
ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
58ace0ea86287f4a3c3258b0af3e6993
e04c5335922c5e457f0a7cd62c93c4a7f699f829
d18ed36671b8618520016c81125aa889a5b800872038c5e009ef49cd305088cd

HTTP Headers

GET /download/steam_api.dll_30@65786.exe HTTP/1.1
Host: cl.ssouy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 28 Mar 2024 10:37:03 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://cl.ssouy.com:80
Trace-Id: c43e97f857e7c01717c535602b66978c
X-Cache: MISS

cl.ssouy.com/

168.76.252.79

3.1 kB

URL User Request GET
cl.ssouy.com/
IP
168.76.252.79:0
ASN
#137951 ASLINE LIMITED

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
3.1 kB (3098 bytes)
Hash
22d841434f7be0128ad1119fae7e907f
9db1dcfa324e45bc6a684871f95edb765ee5e82a
0bb5d3302fe7a866714b5a0bd0ea9920e667bdee1c5e859ac74990e695a11130

HTTP Headers

GET / HTTP/1.1
Host: cl.ssouy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 10:37:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Trace-Id: 53b3babd58e7c017d4c6356055bda0f8
X-Cache: MISS
Content-Encoding: gzip

cl.ssouy.com/public/css/css6.css

168.76.252.79

200 OK

2.1 kB

URL GET HTTP/1.1
cl.ssouy.com/public/css/css6.css
IP
168.76.252.79:80
ASN
#137951 ASLINE LIMITED

Requested by
http://cl.ssouy.com/

File type
CSV text
Size
2.1 kB (2090 bytes)
Hash
76d8f0426dcee1c0460b0536d8a24a8b
2ab3c9aab06e56223b9957dacbed6ffe5f7be049
32c283ed975d580b207c547f42c228f5ca9c6fad5590c3cdb4fc92ea2f68dc34

HTTP Headers

GET /public/css/css6.css HTTP/1.1
Host: cl.ssouy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cl.ssouy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 10:37:09 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 29 Nov 2023 12:04:43 GMT
X-Cache: MISS
Content-Encoding: gzip

43.139.22.16:1668/pic/17736.jpg

43.139.22.16

200 OK

9.8 kB

URL GET HTTP/1.1
43.139.22.16:1668/pic/17736.jpg
IP
43.139.22.16:1668
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://cl.ssouy.com/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 40", baseline, precision 8, 363x225, components 3
Size
9.8 kB (9818 bytes)
Hash
eac34c5a84cd8092e272506b09919a99
cd803d26a2e4377f6e28980a289d17a2a444bba3
185de78397a1dffafb03ee5ef108c1339565bb9291bc6e86f8883b50568c1ce2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pic/17736.jpg HTTP/1.1
Host: 43.139.22.16:1668
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cl.ssouy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 10:38:08 GMT
Content-Type: image/jpeg
Content-Length: 9818
Last-Modified: Mon, 23 Oct 2023 07:04:08 GMT
Connection: keep-alive
ETag: "65361ae8-265a"
Expires: Sat, 27 Apr 2024 10:38:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

43.139.22.16:1668/web/web6/banner.jpg

43.139.22.16

200 OK

25 kB

URL GET HTTP/1.1
43.139.22.16:1668/web/web6/banner.jpg
IP
43.139.22.16:1668
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://cl.ssouy.com/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1680x480, components 3
Size
25 kB (24909 bytes)
Hash
7f9e93290a9940a5870c149cc20cf16a
beb1c9a34a2c84f8d805a0b5df26f04b9702607d
a255116ac0ac536ca1ba162e3ac38cd49e169aef0364f853da2fd2d2ee261384

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web/web6/banner.jpg HTTP/1.1
Host: 43.139.22.16:1668
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cl.ssouy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 10:38:08 GMT
Content-Type: image/jpeg
Content-Length: 24909
Last-Modified: Tue, 14 Nov 2023 15:56:15 GMT
Connection: keep-alive
ETag: "6553989f-614d"
Expires: Sat, 27 Apr 2024 10:38:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

cl.ssouy.com/favicon.ico

168.76.252.79

200 OK

4.3 kB

URL GET HTTP/1.1
cl.ssouy.com/favicon.ico
IP
168.76.252.79:80
ASN
#137951 ASLINE LIMITED

Requested by
http://cl.ssouy.com/

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
da865a0b09efc4afb8b82adb67bd1923
dd9bf440da4950cf6a004d4d3803dd4db9718e93
5bb8acdc25ba3e8be7607d4ea4095347f74e081d817eee079345056b741473f8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cl.ssouy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cl.ssouy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 10:37:13 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 4286
Connection: keep-alive
Last-Modified: Tue, 12 Sep 2023 10:12:35 GMT
X-Cache: MISS
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers