Report - download.pplive.com/PPTV(pplive)

Report Overview

Visitedpublic

2024-03-14 12:20:05

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.pplive.com	unknown	2004-12-13	2012-05-20 22:18:23	2024-03-13 04:16:37	415 B	401 B	58.215.136.250
ossapp.suning.com	unknown	1997-12-18	2020-11-21 05:15:17	2024-03-13 04:16:43	506 B	12 MB	61.184.9.218
ocsp.global.sheca.com	unknown	1998-12-25	2022-06-20 14:45:50	2024-03-13 18:15:18	340 B	2.2 kB	79.133.176.230

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd334.exe

IP / ASN

61.184.9.218

#4134 Chinanet

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

Size12 MB (11510728 bytes)

MD52563fce181127b9c4f73c64db06b5bc7

SHA1cb8320c456f4edf7e712a2992ca32956ed8f00e5

SHA2568626fc63a76e02add7697cd33c758f9938c851a832afd66ebced05c25eb194b7

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/69

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.global.sheca.com/ovscag5

79.133.176.230

1.5 kB

URL HTTP

ocsp.global.sheca.com/ovscag5

IP / ASN

79.133.176.230

#24429 Zhejiang Taobao Network Co.,Ltd

Requested byN/A

Resource Info

File typedata

First Seen2024-03-14

Last Seen2024-08-20

Times Seen3

Size1.5 kB (1492 bytes)

MD558b8b07108caaa2e50645d6c5b43e490

SHA1d26bd8dba9427271e81241e71ea033969f1911dd

SHA256f86a70825f196276f84b060a99c2c2ca30c76cf70b4948375ab65638853d1986

HTTP Headers

POST /ovscag5 HTTP/1.1
Host: ocsp.global.sheca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 1492
Connection: keep-alive
Date: Thu, 14 Mar 2024 08:21:35 GMT
Cache-Control: max-age=86400, public, no-transform, must-revalidate
Etag: "058b8b07108caaa2e50645d6c5b43e490"
Expires: Tue, 19 Mar 2024 00:59:40 GMT
Last-Modified: Thu, 14 Mar 2024 00:59:40 GMT
Ali-Swift-Global-Savetime: 1710404495
Via: cache14.l2de2[0,0,200-0,H], cache9.l2de2[1,0], cache3.gb1[55,55,200-0,M], cache3.gb1[58,0]
Age: 14284
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 14 Mar 2024 12:19:39 GMT
X-Swift-CacheTime: 72116
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Timing-Allow-Origin: *
EagleId: 4f85b09717104187796331421e

GET download.pplive.com/PPTV(pplive)_forqd334.exe

58.215.136.250

301 Moved Permanently

177 B

URL User Request GET HTTP

download.pplive.com/PPTV(pplive)_forqd334.exe

IP / ASN

58.215.136.250

#138950 Jiangsu Wuxi International IDC network

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-18

Last Seen2025-03-01

Times Seen2698

Size177 B (177 bytes)

MD5f54c7e6bb75767aca5ccf89f57a211cc

SHA1727eb27cf24bd0f5d8deee8380fa3abdb5fbc255

SHA256f2ad1fe4f548a607486b947a480cfe17aca8e499b0668a5350e36f2e7ca24dc9

HTTP Headers

GET /PPTV(pplive)_forqd334.exe HTTP/1.1
Host: download.pplive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: styx
Date: Thu, 14 Mar 2024 12:19:40 GMT
Content-Type: text/html
Content-Length: 177
Connection: keep-alive
Location: http://ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd334.exe

GET ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd334.exe

61.184.9.218

200 OK

12 MB

URL User Request GET HTTPS

ossapp.suning.com/pcoss/dl/PPTV(pplive)_forqd334.exe

IP / ASN

61.184.9.218

#4134 Chinanet

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

First Seen2024-08-20

Last Seen2025-03-23

Times Seen3

Size12 MB (11510728 bytes)

MD52563fce181127b9c4f73c64db06b5bc7

SHA1cb8320c456f4edf7e712a2992ca32956ed8f00e5

SHA2568626fc63a76e02add7697cd33c758f9938c851a832afd66ebced05c25eb194b7

Certificate Info

IssuerGlobalSign nv-sa

Subject*.suning.com

Fingerprint4D:0F:13:53:12:F8:24:79:39:A8:1D:C4:12:71:03:D6:6E:C5:7F:CC

ValidityWed, 12 Jul 2023 01:18:26 GMT - Mon, 12 Aug 2024 01:18:25 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/69

HTTP Headers

GET /pcoss/dl/PPTV(pplive)_forqd334.exe HTTP/1.1
Host: ossapp.suning.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Byte-nginx
Content-Type: application/octet-stream
Content-Length: 11510728
Connection: keep-alive
Accept-Ranges: bytes
Age: 2900208
Cache-Control: max-age=7776000
Content-Disposition: filename="PPTV(pplive)_forqd334.exe";filename*=UTF-8''PPTV(pplive)_forqd334.exe
Etag: 9241028c
Last-Modified: Fri, 15 Jan 2021 03:33:08 GMT
Requestid: MTAuMTA4LjQ2LjE1Nzo6ODg4OHwxNzA3NTE4NTc1fDM3OTc1MTE3OA==
Strict-Transport-Security: max-age=300
Via: cache45.yzmp,cache06.hbxyct04
X-Bdcdn-Cache-Status: TCP_MISS,TCP_HIT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 53b9da692ccd2ed39c4150e601ebfe3e
X-Request-Ip: 91.90.42.154
X-Response-Cache: parent_hit
X-Response-Cinfo: 91.90.42.154
X-Sdoss-Expiration: 
X-Sdoss-Request-Id: MTAuMTA4LjQ2LjE1Nzo6ODg4OHwxNzA3NTE4NTc1fDM3OTc1MTE3OA==
X-Tt-Trace-Tag: id=5
X-Xss-Protection: 1; mode=block
Date: Thu, 14 Mar 2024 12:19:43 GMT