Report - 123.159.205.190:8888/lf5-webcastcdn-tos.douyinstatic.com/obj/webcast/782c5eb036cb203aa50d7925f286545d.zip?jump_ttl=1&bdcdn_rkey=vt80

Report Overview

Submitted URL
123.159.205.190:8888/lf5-webcastcdn-tos.douyinstatic.com/obj/webcast/782c5eb036cb203aa50d7925f286545d.zip?jump_ttl=1&bdcdn_rkey=vt80_hnpycu01
IP
123.159.205.190
ASN
#4837 CHINA UNICOM China169 Backbone
Submitted
2024-05-07 08:09:13
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
123.159.205.190:8888	unknown	unknown	No data	No data	511 B	661 kB	123.159.205.190

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	123.159.205.190	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
123.159.205.190:8888/lf5-webcastcdn-tos.douyinstatic.com/obj/webcast/782c5eb036cb203aa50d7925f286545d.zip?jump_ttl=1&bdcdn_rkey=vt80_hnpycu01
IP
123.159.205.190
ASN
#4837 CHINA UNICOM China169 Backbone

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
660 kB (659885 bytes)
Hash
782c5eb036cb203aa50d7925f286545d
7149aa97a5bd30ce38a376e159833b0985981417
1a865e91959d20ff2d57cbc646f24a53843c3e18db7ea471ec37d2a362a7aaf8

Archive (2)

Modified	Filename	Size	Md5	File type
2024-02-04 03:34	config.json	170 B	0e897b214659bbbeb04f46c13a8ff104	JSON text data
2024-02-04 03:35	output.mp4	662 kB	4e8c8d45532995b2851d09aa24e1f233	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

123.159.205.190:8888/lf5-webcastcdn-tos.douyinstatic.com/obj/webcast/782c5eb036cb203aa50d7925f286545d.zip?jump_ttl=1&bdcdn_rkey=vt80_hnpycu01

123.159.205.190

660 kB

URL
123.159.205.190:8888/lf5-webcastcdn-tos.douyinstatic.com/obj/webcast/782c5eb036cb203aa50d7925f286545d.zip?jump_ttl=1&bdcdn_rkey=vt80_hnpycu01
IP
123.159.205.190:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
660 kB (659885 bytes)
Hash
782c5eb036cb203aa50d7925f286545d
7149aa97a5bd30ce38a376e159833b0985981417
1a865e91959d20ff2d57cbc646f24a53843c3e18db7ea471ec37d2a362a7aaf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lf5-webcastcdn-tos.douyinstatic.com/obj/webcast/782c5eb036cb203aa50d7925f286545d.zip?jump_ttl=1&bdcdn_rkey=vt80_hnpycu01 HTTP/1.1
Host: 123.159.205.190:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Byte-nginx
Content-Type: application/zip
Content-Length: 659885
Connection: keep-alive
Accept-Ranges: bytes
Age: 275367
Cache-Control: max-age=2592000
Content-Md5: eCxesDbLIDqlDXkl8oZUXQ==
Etag: "782c5eb036cb203aa50d7925f286545d"
Last-Modified: Sun, 04 Feb 2024 03:35:10 GMT
Server-Timing: inner; dur=49
X-Bdcdn-Cache-Status: TCP_HIT
X-Request-Id: 4e2e89809755dfe2c5cea8e8dcf99d62
X-Request-Ip: 91.90.42.154
X-Response-Cache: edge_hit
X-Response-Cinfo: 91.90.42.154
X-Tos-Hash-Crc64ecma: 13514338674167249674
X-Tos-Request-Id: dc18eb35adea32876635adea-a8ca320-a804150
X-Tos-Response-Time: Sat, 04 May 2024 03:39:22 GMT
X-Tos-Storage-Class: STANDARD
X-Tt-Logid: 20240504113922EE4E07B3B66BF868F57F
X-Tt-Trace-Host: 01d9fb51af60db2f6b88cd397a105564f2795ab2e92700b89e6c954a4a3c713a97df1a85deeff3b3fc71b388cf1461e4fd877b2f4e6eeff782971cfafbb8b1aa02a34f18f6cab3f4c5542aabe4e00720099a2f3578cf32863c5ae75a2a5013cc0e618d7b090104c56f4ae658a6c643af10
X-Tt-Trace-Id: 2024050411392201012023606300304DF99CC
X-Tt-Trace-Tag: id=5
Date: Tue, 07 May 2024 08:08:48 GMT
via: mixed02.zjwzcu01_acdn
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers