Report - 222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa

Report Overview

Visited public
2024-10-05 11:43:39
Tags
URL
222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip
Finishing URL
222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip
IP / ASN
222.71.180.226
#4812 China Telecom Group
Title
Keyman/CANoe.DiVa_V12.0.zip at master - Keyman - Gitea: Git with a cup of tea

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-03 18:12:15	327 B	888 B	23.36.76.226
222.71.180.226:3000	unknown	unknown	No data	No data	3.2 kB	507 kB	222.71.180.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-05	medium	222.71.180.226	Sinkholed
2024-10-05	medium	222.71.180.226	Sinkholed
2024-10-05	medium	222.71.180.226	Sinkholed
2024-10-05	medium	222.71.180.226	Sinkholed
2024-10-05	medium	222.71.180.226	Sinkholed
2024-10-05	medium	222.71.180.226	Sinkholed
2024-10-05	medium	222.71.180.226	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	unknown	325 B	2024-10-06 09:22	2024-12-03 15:35
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-10-06 09:22 Last Seen2024-12-03 15:35 Times Seen5 Hash 2d74558b1f17b0dd5536408bfe863331 0eb6296605b50475f860a8f98910fa1c02ca3730 ee956b4340e02fc97a3f3e6b7d278d2224504c403d27e042e146965fe58bb79e Loading...

	222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip	1.0 kB	2024-10-06 09:22	2024-10-06 09:22
Pretty URL 222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip IP 222.71.180.226 ASN #4812 China Telecom Group Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-06 09:22 Last Seen2024-10-06 09:22 Times Seen1 Hash c064dd1dcc78d0c0667b0e18241ea29f fa119f8790fd5b0b6bd3bdb055d8db89f506555a 255b46a8a436b8db925b340cbc22933e03c048f31f4a4f5c2c214934f90ee025 Loading...

	222.71.180.226:3000/assets/js/index.js?v=f706969c070b7f4de847f972aedcc989	837 kB	2024-10-06 09:22	2024-10-06 09:22
Pretty URL 222.71.180.226:3000/assets/js/index.js?v=f706969c070b7f4de847f972aedcc989 IP 222.71.180.226 ASN #4812 China Telecom Group Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-06 09:22 Last Seen2024-10-06 09:22 Times Seen4 Hash cc20e552b62535895aa539be128b9a8f 189107d3df3a5d882c4057989dea9d155c6fb67a ea79162252fc8800bedfb2c07a825eca47627917e4478915a85f95591e2e8070 Loading...

	unknown	8.3 kB	2024-10-06 09:22	2024-10-06 09:22
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-10-06 09:22 Last Seen2024-10-06 09:22 Times Seen1 Hash 8b41dadafb04370d354fe6f61433f2d1 217c4d70f7cf32aaf0db7e1f23162a39b024baba 910927033122f3c2063dd80a99c887d314e56551ddb047673d046bb308d45894 Loading...

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3edd7e02dd93d4fa92970165e37ea200
fdb009fd9b963ab8cc365829be152f0a424e0933
85ad693617bfd03634246d0c9e3ee02c6d21d9824d25459e5e63bc51b646cc00

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "85AD693617BFD03634246D0C9E3EE02C6D21D9824D25459E5E63BC51B646CC00"
Last-Modified: Fri, 04 Oct 2024 14:08:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17523
Expires: Sat, 05 Oct 2024 16:35:16 GMT
Date: Sat, 05 Oct 2024 11:43:13 GMT
Connection: keep-alive

222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip

222.71.180.226

33 kB

URL
222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip
IP
222.71.180.226:0
ASN
#4812 China Telecom Group

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1423)
Size
33 kB (33374 bytes)
Hash
0b72c7337ba6afa3089dc6c0b6eadd9d
aaff9fb213a3a1871b079fc0e4da05576dd14973
3fff5f0ae9bdab1d4bcd772671aaa9fec370e05ee908255fc5ab049b672f1dab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: i_like_gitea=d963a56e9760dfa6; Path=/; HttpOnly; SameSite=Lax
_csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA; Path=/; Expires=Sun, 06 Oct 2024 11:43:10 GMT; HttpOnly; SameSite=Lax
macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Date: Sat, 05 Oct 2024 11:43:11 GMT
Transfer-Encoding: chunked

222.71.180.226:3000/assets/css/theme-auto.css?v=f706969c070b7f4de847f972aedcc989

222.71.180.226

200 OK

3.4 kB

URL GET HTTP/1.1
222.71.180.226:3000/assets/css/theme-auto.css?v=f706969c070b7f4de847f972aedcc989
IP
222.71.180.226:3000
ASN
#4812 China Telecom Group

Requested by
http://222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip

File type
ASCII text, with very long lines (13907)
Size
3.4 kB (3420 bytes)
Hash
2d8dc746a96cde3c5ec1f2b1d95fe658
32e57c6a65db88c4c9c54c8b01138e512afe5dce
16bf2101993322bd44628b9ffca3ff1fd3eb291bc0ee2aa08db7cd3f5bf4cef8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/theme-auto.css?v=f706969c070b7f4de847f972aedcc989 HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Etag: "MTM5MDh0aGVtZS1hdXRvLmNzc1dlZCwgMjAgSnVsIDIwMjIgMDY6MzY6MDYgR01U"
Last-Modified: Wed, 20 Jul 2022 06:36:06 GMT
Date: Sat, 05 Oct 2024 11:43:11 GMT
Transfer-Encoding: chunked

222.71.180.226:3000/assets/css/index.css?v=f706969c070b7f4de847f972aedcc989

222.71.180.226

200 OK

132 kB

URL GET HTTP/1.1
222.71.180.226:3000/assets/css/index.css?v=f706969c070b7f4de847f972aedcc989
IP
222.71.180.226:3000
ASN
#4812 China Telecom Group

Requested by
http://222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip

File type
ASCII text, with very long lines (65536), with no line terminators
Size
132 kB (132229 bytes)
Hash
ab4906db5cd40889b4e62d3d115b3e0d
5cbc1cac8c351eb83fe6ca602b46f92816fd925f
772ada1dace6cbb6f7178330e9a55ef292c125935b4c89ae45639327ba692cf2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/index.css?v=f706969c070b7f4de847f972aedcc989 HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Etag: "ODY1MjMyaW5kZXguY3NzV2VkLCAyMCBKdWwgMjAyMiAwNjozNjowNiBHTVQ="
Last-Modified: Wed, 20 Jul 2022 06:36:06 GMT
Date: Sat, 05 Oct 2024 11:43:11 GMT
Transfer-Encoding: chunked

222.71.180.226:3000/assets/js/index.js?v=f706969c070b7f4de847f972aedcc989

222.71.180.226

254 kB

URL
222.71.180.226:3000/assets/js/index.js?v=f706969c070b7f4de847f972aedcc989
IP
222.71.180.226:0
ASN
#4812 China Telecom Group

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
254 kB (254220 bytes)
Hash
cc20e552b62535895aa539be128b9a8f
189107d3df3a5d882c4057989dea9d155c6fb67a
ea79162252fc8800bedfb2c07a825eca47627917e4478915a85f95591e2e8070

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/index.js?v=f706969c070b7f4de847f972aedcc989 HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Etag: "ODM3MjMzaW5kZXguanNXZWQsIDIwIEp1bCAyMDIyIDA2OjM2OjA2IEdNVA=="
Last-Modified: Wed, 20 Jul 2022 06:36:06 GMT
Date: Sat, 05 Oct 2024 11:43:11 GMT
Transfer-Encoding: chunked

222.71.180.226:3000/assets/img/logo.svg

222.71.180.226

200 OK

1.1 kB

URL GET HTTP/1.1
222.71.180.226:3000/assets/img/logo.svg
IP
222.71.180.226:3000
ASN
#4812 China Telecom Group

Requested by
http://222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1078 bytes)
Hash
040de3d1e9bbfb70fd0287dac0214106
576426b10f7441422977eed04e199112110e4dfa
e50bd7150872581fe0e1d1eea9872bfe08ec15f50d800bdd699d3c49c7792100

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo.svg HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: image/svg+xml
Etag: "MjIwN2xvZ28uc3ZnV2VkLCAyMCBKdWwgMjAyMiAwNjozNjowNiBHTVQ="
Last-Modified: Wed, 20 Jul 2022 06:36:06 GMT
Date: Sat, 05 Oct 2024 11:43:13 GMT
Content-Length: 1078

222.71.180.226:3000/assets/fonts/icons.woff2

222.71.180.226

79 kB

URL
222.71.180.226:3000/assets/fonts/icons.woff2
IP
222.71.180.226:0
ASN
#4812 China Telecom Group

File type
Web Open Font Format (Version 2), TrueType, length 79444, version 331.524
Size
79 kB (79444 bytes)
Hash
b15db15f746f29ffa02638cb455b8ec0
75a88815c47a249eadb5f0edc1675957f860cca7
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/icons.woff2 HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://222.71.180.226:3000/assets/css/index.css?v=f706969c070b7f4de847f972aedcc989
Cookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Length: 79444
Content-Type: font/woff2
Etag: "Nzk0NDRpY29ucy53b2ZmMldlZCwgMjAgSnVsIDIwMjIgMDY6MzY6MDYgR01U"
Last-Modified: Wed, 20 Jul 2022 06:36:06 GMT
Date: Sat, 05 Oct 2024 11:43:13 GMT

222.71.180.226:3000/assets/img/favicon.svg

222.71.180.226

1.1 kB

URL
222.71.180.226:3000/assets/img/favicon.svg
IP
222.71.180.226:0
ASN
#4812 China Telecom Group

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1078 bytes)
Hash
040de3d1e9bbfb70fd0287dac0214106
576426b10f7441422977eed04e199112110e4dfa
e50bd7150872581fe0e1d1eea9872bfe08ec15f50d800bdd699d3c49c7792100

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon.svg HTTP/1.1
Host: 222.71.180.226:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: image/svg+xml
Etag: "MjIwN2Zhdmljb24uc3ZnV2VkLCAyMCBKdWwgMjAyMiAwNjozNjowNiBHTVQ="
Last-Modified: Wed, 20 Jul 2022 06:36:06 GMT
Date: Sat, 05 Oct 2024 11:43:13 GMT
Content-Length: 1078

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN