Report - kemono.party/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG

Report Overview

Visitedpublic

2023-10-23 23:54:45

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kemono.party	183450	2020-01-03	2020-01-19 15:54:17	2023-10-22 13:32:01	571 B	661 B	190.115.31.142
kemono.su	unknown	2022-08-25	2023-06-03 19:18:19	2023-10-23 05:15:45	568 B	695 B	190.115.16.14
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2023-10-22 18:19:33	513 B	1.2 kB	35.244.181.201
c6.kemono.su	unknown	2022-08-25	2023-10-22 01:02:11	2023-10-23 00:52:00	609 B	5.6 kB	91.149.227.6
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2023-10-22 18:49:42	295 B	512 kB	2.18.121.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-23 23:54:22	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-23 23:54:22	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-23 23:54:22	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-23 23:54:22	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

IP / ASN

2.18.121.73

#16625 AKAMAI-AS

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate\012- data

Size512 kB (511815 bytes)

MD5152eda253e242e18443ef3282495bc7c

SHA1ff0fa85565f21ec4931baad4573b4c0bd08c4019

SHA2568e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

JavaScript (0)

HTTP Transactions (5)

	URL	IP	Response	Size
	kemono.party/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk	190.115.31.142		164 B
URL HTTP kemono.party/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk IP / ASN 190.115.31.142 #262254 DDOS-GUARD CORP. Requested byN/A Resource Info File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators First Seen2023-04-05 Last Seen2025-03-01 Times Seen2246 Size164 B (164 bytes) MD5f23c4815ecaef1588f16ac735c0e15d6 SHA1026bf8cdd5076014b6fc822878e0086eb44da556 SHA25643a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0 HTTP Headers GET /data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk HTTP/1.1 Host: kemono.party User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 308 Permanent Redirect server: ddos-guard content-security-policy: upgrade-insecure-requests; set-cookie: __ddg1_=jqluArk6QH1ANO9ez95g; Domain=.kemono.party; HttpOnly; Path=/; Expires=Tue, 22-Oct-2024 23:54:21 GMT date: Mon, 23 Oct 2023 23:54:21 GMT content-type: text/html content-length: 164 location: https://kemono.su/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk age: 0 ddg-cache-status: MISS,MISS X-Firefox-Spdy: h2`

	GET kemono.su/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk	190.115.16.14		138 B
URL User Request GET HTTPS kemono.su/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk IP / ASN 190.115.16.14 #262254 DDOS-GUARD CORP. Requested byN/A Resource Info File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators First Seen2023-04-05 Last Seen2025-07-26 Times Seen38800 Size138 B (138 bytes) MD5aff950cab4c0265e21d401db15f1026d SHA1f03e18461817f7a6546c8bf8fa8d686d7e30aca0 SHA256753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0 Certificate Info IssuerLet's Encrypt Subjectkemono.su FingerprintAD:4C:63:CD:DA:B3:87:EA:E2:9D:D0:1D:C5:C7:C1:B9:7D:77:64:1E ValidityThu, 19 Oct 2023 10:28:21 GMT - Wed, 17 Jan 2024 10:28:20 GMT HTTP Headers GET /data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk HTTP/1.1 Host: kemono.su User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: ddos-guard content-security-policy: upgrade-insecure-requests; set-cookie: __ddg1_=iJh71Vrf2iX6nM3MT9ws; Domain=.kemono.su; HttpOnly; Path=/; Expires=Tue, 22-Oct-2024 23:54:21 GMT date: Mon, 23 Oct 2023 23:54:21 GMT content-type: text/html content-length: 138 location: https://c6.kemono.su/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk strict-transport-security: max-age=63072000; includeSubDomains; preload age: 0 ddg-cache-status: MISS,MISS X-Firefox-Spdy: h2

	aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL HTTP aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml IP / ASN 35.244.181.201 #15169 GOOGLE Requested byN/A Resource Info File typeXML 1.0 document text\012- XML document, ASCII text, with very long lines (332) First Seen2023-10-13 Last Seen2025-06-20 Times Seen185315 Size444 B (444 bytes) MD53b324dec137a87ef7e24a30a65b13dd0 SHA1c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 SHA2566cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: 17856 rule-data-version: 3 content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-12-08-22-56-18.chain; p384ecdsa=QSTT1NUmEo8SveEQX2AsHx04xX3mVM4-FyzJBzNGhsapDuwZfYX0-w9tA_VCn2xvAtvYBInYPQxd3vyqb0stwPLfJFXoT2fR22QntoLd0cniRamfBHIkSTgoz8l15gOi strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Mon, 23 Oct 2023 23:53:07 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 95 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

	GET c6.kemono.su/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk	91.149.227.6	200 OK	5.3 kB
URL User Request GET HTTPS c6.kemono.su/data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk IP / ASN 91.149.227.6 #58110 IP Volume LTD Requested byN/A Resource Info File typePEM certificate\012- , ASCII text First Seen2023-10-20 Last Seen2023-11-09 Times Seen11 Size5.3 kB (5315 bytes) MD5c3eaa5a52d40dae56b833f65fdebd46b SHA1522e9553c2631d1700b8976fc35ef4424fa5effb SHA256ff3076dfd2dd07847ca6bcf9cf0555d2d259bfe74c1d8b123468692c1c0bd0e6 Certificate Info IssuerLet's Encrypt Subjectc6.kemono.su FingerprintBD:3F:24:DD:3E:B5:26:99:50:9F:98:7F:2A:FA:84:B6:F8:66:0C:9F ValiditySat, 21 Oct 2023 22:00:22 GMT - Fri, 19 Jan 2024 22:00:21 GMT HTTP Headers GET /data/eb/aa/ebaafe434d706028e9e9c17b8f31a00b2cf5214796b03ba294e94a89de640a76.zip?f=PotG_Android-0.2.apk HTTP/1.1 Host: c6.kemono.su User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: __ddg1_=iJh71Vrf2iX6nM3MT9ws Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Mon, 23 Oct 2023 23:54:14 GMT content-type: application/zip content-length: 85778600 last-modified: Sun, 04 Jul 2021 05:01:54 GMT etag: "60e140c2-51ce0a8" content-disposition: inline; filename=PotG_Android-0.2.apk accept-ranges: bytes X-Firefox-Spdy: h2`

	ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip	2.18.121.73		512 kB
URL HTTP ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip IP / ASN 2.18.121.73 #16625 AKAMAI-AS Requested byN/A Resource Info File typeZip archive data, at least v2.0 to extract, compression method=deflate\012- data First Seen2023-04-05 Last Seen2025-03-24 Times Seen32987 Size512 kB (511815 bytes) MD5152eda253e242e18443ef3282495bc7c SHA1ff0fa85565f21ec4931baad4573b4c0bd08c4019 SHA2568e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48 HTTP Headers `GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1 Host: ciscobinary.openh264.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive` `HTTP/1.1 200 OK Last-Modified: Wed, 07 Jun 2023 18:17:03 GMT ETag: 152eda253e242e18443ef3282495bc7c Content-Length: 511815 Accept-Ranges: bytes X-Timestamp: 1686161822.36709 Content-Type: application/zip X-Trans-Id: tx850f8ba461544848b47ef-006519bffadfw1 Cache-Control: public, max-age=252896 Expires: Thu, 26 Oct 2023 22:09:38 GMT Date: Mon, 23 Oct 2023 23:54:42 GMT Connection: keep-alive`

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

File detected

JavaScript (0)

HTTP Transactions (5)

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers