Report - qzonestyle.gtimg.cn/qzone/qzact/act/external/weishi-sucai/Android_misc_res/smartkit/backgrounddetect/background_segment_so.zip

Report Overview

Submitted URL
qzonestyle.gtimg.cn/qzone/qzact/act/external/weishi-sucai/Android_misc_res/smartkit/backgrounddetect/background_segment_so.zip
IP
203.205.136.80
ASN
#132203 Tencent Building, Kejizhongyi Avenue
Submitted
2024-04-25 14:33:14
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qzonestyle.gtimg.cn	22170	2008-10-09	2012-06-29	2024-04-23	580 B	8.8 MB	203.205.136.80

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
qzonestyle.gtimg.cn/qzone/qzact/act/external/weishi-sucai/Android_misc_res/smartkit/backgrounddetect/background_segment_so.zip
IP
203.205.136.80
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
8.8 MB (8781537 bytes)
Hash
b45444fd08ec8476c9ad084f41e14152
2d3f03da219e14eb4ce9ec4c748004c6bffcca20
207c3d5dd723f1ef92ac194c572a37968ab813edecaba7297e014ee25e7ca004

Archive (13)

Filename

Md5

File type

._background_segment_so

64ae041501bada29438f7c8fa18892ff

AppleDouble encoded Macintosh file

libSegCommon.so

cba058cb226355508d4bfe60c40c8d8b

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

._libSegCommon.so

d43b47546c6e1087abd10b6a51e1d357

AppleDouble encoded Macintosh file

libSegMedium_armeabi.so

cc6e90dda8efd75afb490f17e560f0f0

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

._libSegMedium_armeabi.so

d43b47546c6e1087abd10b6a51e1d357

AppleDouble encoded Macintosh file

.DS_Store

0e6d4a6c391157b669d1bb99198595f7

Apple Desktop Services Store

._.DS_Store

b3751de82d6ceb07f221ca384c2db7d8

AppleDouble encoded Macintosh file

libMaskCutUtil.so

ed4b739e7c91f89a537d0caec77f9afb

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

._libMaskCutUtil.so

0dd853c8f0d45c62269d5524d1c26b04

AppleDouble encoded Macintosh file

libSegLow_armeabi.so

795f3f131466315d7b66d4ac38c4ee13

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

._libSegLow_armeabi.so

d43b47546c6e1087abd10b6a51e1d357

AppleDouble encoded Macintosh file

libSegHigh_armeabi.so

9e1d4f2bf5b5bd8f127a0b78eacdf0ec

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

._libSegHigh_armeabi.so

d43b47546c6e1087abd10b6a51e1d357

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

qzonestyle.gtimg.cn/qzone/qzact/act/external/weishi-sucai/Android_misc_res/smartkit/backgrounddetect/background_segment_so.zip

203.205.136.80

200 OK

8.8 MB

URL User Request GET HTTP/2
qzonestyle.gtimg.cn/qzone/qzact/act/external/weishi-sucai/Android_misc_res/smartkit/backgrounddetect/background_segment_so.zip
IP
203.205.136.80:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerDigiCert Inc
Subjectweixin.qq.com
Fingerprint7D:14:52:85:FF:98:24:BF:F7:B1:E2:4D:95:0F:FB:A3:79:99:AD:FB
ValidityTue, 26 Mar 2024 00:00:00 GMT - Fri, 11 Apr 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
8.8 MB (8781537 bytes)
Hash
b45444fd08ec8476c9ad084f41e14152
2d3f03da219e14eb4ce9ec4c748004c6bffcca20
207c3d5dd723f1ef92ac194c572a37968ab813edecaba7297e014ee25e7ca004

HTTP Headers

GET /qzone/qzact/act/external/weishi-sucai/Android_misc_res/smartkit/backgrounddetect/background_segment_so.zip HTTP/1.1
Host: qzonestyle.gtimg.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 06 Jul 2022 18:05:06 GMT
etag: "b45444fd08ec8476c9ad084f41e14152"
content-type: application/zip
cache-control: max-age=0
age: 14
content-length: 8781537
accept-ranges: bytes
x-nws-log-uuid: 4790277382812583854
server: Lego Server
date: Thu, 25 Apr 2024 14:32:47 GMT
x-cache-lookup: Cache Hit
alt-svc: quic=":443";ma=86400;v="39,38,37,36,35"
vary: Origin,Accept
access-control-expose-headers: x-client-proto-ver, X-Client-Ip, X-Server-Ip, X-Upstream-IP
x-client-ip: 91.90.42.154
x-server-ip: 203.205.136.80_eth0
x-upstream-ip: $upstream_server
x-real-ip: 91.90.42.154
X-Firefox-Spdy: h2