Report - 3.39.249.172/static/file/LSPosed-v1.10.1-7115-zygisk-release.zip

Report Overview

Visited public
2024-10-29 06:29:41
Tags
URL
3.39.249.172/static/file/LSPosed-v1.10.1-7115-zygisk-release.zip
Finishing URL
about:privatebrowsing
IP / ASN
3.39.249.172
#16509 AMAZON-02
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
3.39.249.172	unknown	unknown	No data	No data	434 B	2.6 MB	3.39.249.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-10-29 06:29:17	medium	Client IP	3.39.249.172	ET INFO Dotted Quad Host ZIP Request

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-29	medium	3.39.249.172	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
3.39.249.172/static/file/LSPosed-v1.10.1-7115-zygisk-release.zip
IP
3.39.249.172
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.6 MB (2608607 bytes)
Hash
0df0ede3834ce83378a0ae67ad8032bb
06ff21dc6394dbc090aaf4622fbecbd990d4a055
870c5a3ba596788eed77dd599680527841404a6c2a0c5647f216048801477926

Archive (52)

Filename

Md5

File type

update-binary

0d1d1f2bcb2243ad630a52fdcfb2c426

ASCII text

update-binary.sha256

4a2c52a51afe0d0f5b81a27f8d08cc08

ASCII text, with no line terminators

updater-script

b39cd178923d60d67de5c5b81a78c242

ASCII text

updater-script.sha256

9b9222c09a411f4b6d0558dd843e8192

ASCII text, with no line terminators

README.md

aff81e5627fa91583fe903278137f41c

Unicode text, UTF-8 text, with very long lines (761)

README.md.sha256

9fff3f69b24a25dc84979fe7b0a33d30

ASCII text, with no line terminators

dex2oat

206685bc28d6578b0ce995b5db704e7a

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

dex2oat.sha256

c55e768c6567428d3fe11af5a9ee87ce

ASCII text, with no line terminators

dex2oat

f4460234db0fc687812a908445189298

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

dex2oat.sha256

1d0f05afcf9742efe204a9f1d869ff08

ASCII text, with no line terminators

dex2oat

0980ee742f7df8b22a927457b798cfe5

ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)

dex2oat.sha256

eedf42e905d9f0c11f28c0d8b6b86bd8

ASCII text, with no line terminators

dex2oat

629f02134d479ffd56a69f483893aabe

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

dex2oat.sha256

b1912a721250789594fee3748c6e49db

ASCII text, with no line terminators

customize.sh

57aa2c3d1d90d43d0dd0f76d1815de9d

ASCII text

customize.sh.sha256

9e5293cb989bae8704ad2ac19b9c824e

ASCII text, with no line terminators

daemon

2386d2006d0e860501b4093e836a8a27

a /system/bin/sh script, ASCII text executable

daemon.apk

615d1107043f2e058ef528bcc769a5c1

Android package (APK), with gradle app-metadata.properties Zip archive data, at least v0.0 to extract, compression method=deflate

daemon.apk.sha256

920a56e837c85ecda6958639e194a043

ASCII text, with no line terminators

daemon.sha256

5fe2f75578496b8c3a2cc8288ce2dc9d

ASCII text, with no line terminators

lspd.dex

75ea6e3cf301664d7ece15607c2f4c9a

Dalvik dex file version 038

lspd.dex.sha256

2972bfd713cc280899c4cb32383f6489

ASCII text, with no line terminators

liblspd.so

ced9863587b9e196426bd26bddb6d5b4

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

liblspd.so.sha256

7433895711b2732dda81c511ef441201

ASCII text, with no line terminators

liblspd.so

5e1ad2b713f9f80c36421c2b388c77fc

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

liblspd.so.sha256

459dabe358d40092ee78e9dee528da6b

ASCII text, with no line terminators

liblspd.so

0706a9c81e53f3ab9ac8507dfda2eb41

ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)

liblspd.so.sha256

45face174b3c25141d9a2109af22c267

ASCII text, with no line terminators

liblspd.so

203c5a83833846171eb53dc1141659b5

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

liblspd.so.sha256

bb9f322644bda1feffa41d871256d69c

ASCII text, with no line terminators

manager.apk

787cfc0316159685f680f9bb3351aa28

Android package (APK), with gradle app-metadata.properties Zip archive data, at least v0.0 to extract, compression method=deflate

manager.apk.sha256

2d2411fc163ba69ec89776cb62bc6932

ASCII text, with no line terminators

module.prop

0cdd8f8a5f092a5c418a39a940e67ce5

ASCII text

module.prop.sha256

2b12874b21c99c28f421596a051a4ec8

ASCII text, with no line terminators

post-fs-data.sh

83e07c659246b7562d9a88e297f768e1

ASCII text

post-fs-data.sh.sha256

629f07b73cef584398cb09025c65d214

ASCII text, with no line terminators

sepolicy.rule

32b09a2b93dbf53a7ac00cdffd1232a7

ASCII text

sepolicy.rule.sha256

cacb7f00c97f5de3b074f94b44dff831

ASCII text, with no line terminators

service.sh

8fed76cec5392d4b32c1b50dd2833e94

ASCII text

service.sh.sha256

b060f8cb5c599f7e25f472f70a0336ce

ASCII text, with no line terminators

system.prop

18b58992519e0baf422f0fa1885fb25d

ASCII text

system.prop.sha256

1240bcd7e9f739d57dd1d9115616a4db

ASCII text, with no line terminators

uninstall.sh

6da51cbb0436938bbd0c79cca6422974

ASCII text

uninstall.sh.sha256

f6e8fe5805f3f008f8cdbf0ac02e71e9

ASCII text, with no line terminators

util_functions.sh

47c8bfff9919498b142b3876f21e5beb

ASCII text

util_functions.sh.sha256

606c84e895e82404a65e7926d4d1a6f0

ASCII text, with no line terminators

verify.sh

3235823e38972d48cad7816df576b4fb

ASCII text

verify.sh.sha256

4d976ec42d72680b081e0813893262b7

ASCII text, with no line terminators

index.html

cba5fc688241ad8dd1211d5ec7c0d0a5

HTML document, ASCII text, with no line terminators

index.html.sha256

7bd5ceb34e5f6df1318c372da28985eb

ASCII text, with no line terminators

src.9287e622.js

7185239e555e809b06b221c5e1cbbb98

JavaScript source, ASCII text, with very long lines (7501)

src.9287e622.js.sha256

e5b5a9696f60f92a76019818b9fe7db3

ASCII text, with no line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

3.39.249.172/static/file/LSPosed-v1.10.1-7115-zygisk-release.zip

3.39.249.172

200 OK

2.6 MB

URL User Request GET HTTP/1.1
3.39.249.172/static/file/LSPosed-v1.10.1-7115-zygisk-release.zip
IP
3.39.249.172:80
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.6 MB (2608607 bytes)
Hash
0df0ede3834ce83378a0ae67ad8032bb
06ff21dc6394dbc090aaf4622fbecbd990d4a055
870c5a3ba596788eed77dd599680527841404a6c2a0c5647f216048801477926

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host ZIP Request

HTTP Headers

GET /static/file/LSPosed-v1.10.1-7115-zygisk-release.zip HTTP/1.1
Host: 3.39.249.172
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Oct 2024 06:29:17 GMT
Content-Type: application/zip
Content-Length: 2608607
Last-Modified: Fri, 25 Oct 2024 14:48:44 GMT
Connection: keep-alive
ETag: "671bafcc-27cddf"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (52)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers