{"report_id":"8155f0a3-3478-484c-b1a9-a0bb9364c56c","version":6,"status":"done","tags":[],"date":"2024-12-04T03:02:12Z","url":{"schema":"http","addr":"talenteye.italent.cn/static/crx/BeisenKeepV4.5.23.zip","fqdn":"talenteye.italent.cn","domain":"italent.cn","tld":"cn"},"ip":{"addr":"8.208.102.5","port":0,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-12T03:02:12Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"talenteye.italent.cn","ip":{"addr":"8.208.102.5","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Kingdom","country_code":"GB"},"domain_registered":"2010-04-22","domain_rank":0,"first_seen":"2022-08-25T10:35:32Z","last_seen":"2024-12-03T07:42:41.778941Z","alert_count":0,"request_count":1,"received_data":830,"sent_data":507,"comment":"","tags":null,"fingerprints":null},{"fqdn":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com","ip":{"addr":"8.141.181.232","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"2012-04-01","domain_rank":0,"first_seen":"2024-12-03T07:42:41.451593Z","last_seen":"2024-12-03T07:42:41.451593Z","alert_count":0,"request_count":1,"received_data":2413541,"sent_data":537,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"8be5cec971d4f4340c3be86b870b95c9","sha1":"0f0053c5e1e1bb35cdd2dc4ce860171f278484f6","sha256":"2504bb6534575516d6a8709011b0829d510ad03c3d9452d9cb32bfefc50b3e26","sha512":"0e59e8d5bc0b40ece67fa36ad64d6527f6163780890b13b7d7e800cd9cfbfc519febd8a3c94c1690b1ea6ccb9d6ca57d353f31feca5183ee7c672f69ca69e43a","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2413070,"url":{"schema":"https","addr":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com/talenteye/BeisenKeepV4.5.23.zip","fqdn":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"8.141.181.232","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"archive":[{"path":"BeisenKeepV4.5.23.crx","filename":"BeisenKeepV4.5.23.crx","modified":"","Modified":"2024-03-08T20:01:32+08:00","magic":"Google Chrome extension, version 3","size":2426168,"md5":"6e385dd32644eef68ae594f2d3b3e8c1","sha1":"faf22430b080248f54db29dbb6bd79e307740077","sha256":"7fd7394ddb28a3c1b9b28d080bb0725fad2ff8ecb4c34d7f5c3396c1d9965d97","sha512":"b4979a205ace7876e72fff8778ef0ea709955614533a1b2d1e5069c69789c82db8daedab7fe585e69533333690cd2041fa083c8266d1ce062e95fc005c3ca6d2","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"8be5cec971d4f4340c3be86b870b95c9","sha1":"0f0053c5e1e1bb35cdd2dc4ce860171f278484f6","sha256":"2504bb6534575516d6a8709011b0829d510ad03c3d9452d9cb32bfefc50b3e26","sha512":"0e59e8d5bc0b40ece67fa36ad64d6527f6163780890b13b7d7e800cd9cfbfc519febd8a3c94c1690b1ea6ccb9d6ca57d353f31feca5183ee7c672f69ca69e43a","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2413070,"url":{"schema":"https","addr":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com/talenteye/BeisenKeepV4.5.23.zip","fqdn":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"8.141.181.232","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"archive":[{"path":"BeisenKeepV4.5.23.crx","filename":"BeisenKeepV4.5.23.crx","modified":"","Modified":"2024-03-08T20:01:32+08:00","magic":"Google Chrome extension, version 3","size":2426168,"md5":"6e385dd32644eef68ae594f2d3b3e8c1","sha1":"faf22430b080248f54db29dbb6bd79e307740077","sha256":"7fd7394ddb28a3c1b9b28d080bb0725fad2ff8ecb4c34d7f5c3396c1d9965d97","sha512":"b4979a205ace7876e72fff8778ef0ea709955614533a1b2d1e5069c69789c82db8daedab7fe585e69533333690cd2041fa083c8266d1ce062e95fc005c3ca6d2","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-04T03:01:48Z","timestamp":1733281308,"ip_dst":{"addr":"8.141.181.232","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.2","port":33532,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2024-12-04T03:01:48.256964+0000\",\"flow_id\":1076133149529642,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":33532,\"dest_ip\":\"8.141.181.232\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":789,\"bytes_toclient\":5332,\"start\":\"2024-12-04T03:01:47.775722+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"talenteye.italent.cn/static/crx/BeisenKeepV4.5.23.zip","fqdn":"talenteye.italent.cn","domain":"italent.cn","tld":"cn"},"ip":{"addr":"8.208.102.5","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-04T03:01:47.139Z","timestamp":1733281307139,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.italent.cn","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 16 Jan 2024 00:00:00 GMT","end":"Sun, 02 Feb 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5F:FA:3A:AD:C9:FF:45:E4:43:AB:FE:58:E5:96:4B:0E:A4:BB:BC:64","sha256":"3B:39:4F:7B:F3:84:45:43:8F:BC:B5:32:36:A2:93:8E:72:D2:49:A7:42:C7:78:5D:22:6B:33:7F:E3:3B:08:EF"}}},"request":{"raw":"GET /static/crx/BeisenKeepV4.5.23.zip HTTP/1.1\r\nHost: talenteye.italent.cn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 208\r\nConnection: keep-alive\r\nKeep-Alive: timeout=300\r\nX-PaaS-DeviceType: PC\r\nCache-Control: private\r\nLocation: https://talenteye-resource-prod.oss-cn-beijing.aliyuncs.com/talenteye/BeisenKeepV4.5.23.zip\r\nServer: QuarkGateway\r\nDate: Wed, 04 Dec 2024 03:01:47 GMT\r\nAccess-Control-Expose-Headers: Sign-Fail-Patche,EagleEye-TraceID\r\nOrigin-Agent-Cluster: ?0\r\nArea: BeiJing\r\nEagleEye-TraceID: b1a1de7c-093a-4bc8-aea6-20c3b1b2bbe2\r\nX-PAAS-Request-ID: 0718fc99-7cc9-4f1a-ba76-fbbdc764e4fc\r\nEagleEye-ConversationID: 94479493-c271-4045-83c7-ded7769f84f5\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":208,"size_decoded":208,"mime_type":"application/zip","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"585003d375f0d2a882867f88c6343d6a","sha1":"670fe34f60cb1d245a4cff49de54d96bc096b01e","sha256":"0ce369353c3e8e594017f9fd20545ee4591191b88f7692f448a6ac9d41ec508a","sha512":"bf8a029ed9c5bd3277046a0d7ce3229a2a5aeae86b7c8627beaf3aacfc9eebf78dd2941da2d9fe1ccb4f0997acb512307b78b23b021c4cd6e3b50934c173b1af","ssdeep":"","tlshash":"06d0a7b690419e0d85b237ac6899336ab0d921b97950951455c68c97586e2668807887","first_seen":"2024-12-04T03:02:14.837806Z","last_seen":"2024-12-04T03:02:14.837806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1103,"timings":{"blocked":469,"dns":1,"connect":24,"send":0,"wait":161,"receive":0,"ssl":444},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com/talenteye/BeisenKeepV4.5.23.zip","fqdn":"talenteye-resource-prod.oss-cn-beijing.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"8.141.181.232","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-04T03:01:47.775Z","timestamp":1733281307775,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cn-beijing.oss.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign Organization Validation CA - SHA256 - G3","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Sep 2024 02:01:17 GMT","end":"Thu, 04 Sep 2025 00:00:00 GMT"},"fingerprint":{"sha1":"D1:23:35:44:3F:9E:CB:D4:27:A7:8D:0C:24:DF:23:D3:EC:1D:75:3D","sha256":"37:13:F8:A0:98:98:F5:B9:DF:29:63:EA:3B:AA:0A:68:D3:5B:96:FD:BA:4A:5F:6B:C3:04:4A:50:1C:70:8E:78"}}},"request":{"raw":"GET /talenteye/BeisenKeepV4.5.23.zip HTTP/1.1\r\nHost: talenteye-resource-prod.oss-cn-beijing.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Wed, 04 Dec 2024 03:01:48 GMT\r\nContent-Type: application/zip\r\nContent-Length: 2413070\r\nConnection: keep-alive\r\nx-oss-request-id: 674FC61C5A7A543239BF1032\r\nAccept-Ranges: bytes\r\nETag: \"8BE5CEC971D4F4340C3BE86B870B95C9\"\r\nLast-Modified: Tue, 05 Nov 2024 03:30:24 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18296963882714097578\r\nx-oss-storage-class: Standard\r\nContent-MD5: i+XOyXHU9DQMO+hrhwuVyQ==\r\nx-oss-server-time: 18\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2413070,"size_decoded":2413070,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"8be5cec971d4f4340c3be86b870b95c9","sha1":"0f0053c5e1e1bb35cdd2dc4ce860171f278484f6","sha256":"2504bb6534575516d6a8709011b0829d510ad03c3d9452d9cb32bfefc50b3e26","sha512":"0e59e8d5bc0b40ece67fa36ad64d6527f6163780890b13b7d7e800cd9cfbfc519febd8a3c94c1690b1ea6ccb9d6ca57d353f31feca5183ee7c672f69ca69e43a","ssdeep":"49152:Acm1GzCbHKaRnzF17rLBv6rwRFkfDGlHrj81j39SnfXtMC:AFka5RnznrLV+wRmLIv6z96n","tlshash":"a7b533596b6af93ade0e31f8f2c1741620df9d20e075385d45e881ecda3987222f35e9","first_seen":"2024-12-04T03:02:14.840215Z","last_seen":"2025-05-04T08:06:07.975419Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3286,"timings":{"blocked":723,"dns":1,"connect":238,"send":0,"wait":256,"receive":1584,"ssl":480},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}