Report - lbsnavi.cdn.bcebos.com/base/online/20210817170619/trafficControl.zip

Report Overview

Visited public
2024-05-21 02:49:24
Tags
URL
lbsnavi.cdn.bcebos.com/base/online/20210817170619/trafficControl.zip
Finishing URL
about:privatebrowsing
IP / ASN
58.254.180.65
#136958 China Unicom Guangdong IP network
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

8

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2024-05-16 05:54:01	333 B	963 B	104.18.38.66
lbsnavi.cdn.bcebos.com	225390	2014-08-28	2018-04-16 09:41:20	2024-05-14 11:44:08	522 B	67 kB	58.254.180.65

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-21 02:49:10	medium	Client IP	192.169.69.26	ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download
2024-05-21 02:49:10	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-21 02:49:10	medium	Client IP	192.169.69.26	ETPRO HUNTING EXE Request to DuckDNS DynDNS Domain
2024-05-21 02:49:11	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-21 02:49:19	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-21 02:49:19	medium	Client IP	192.169.69.26	ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download
2024-05-21 02:49:19	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-21 02:49:19	medium	Client IP	192.169.69.26	ETPRO HUNTING EXE Request to DuckDNS DynDNS Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
lbsnavi.cdn.bcebos.com/base/online/20210817170619/trafficControl.zip
IP
58.254.180.65
ASN
#136958 China Unicom Guangdong IP network

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
66 kB (66407 bytes)
Hash
0c5a87009bf3a07ae6e712796d5b36d8
6c4e2c2bc6404e15cb1a945c57957bcfc5d171d3
23c3bcec4cb86e52c885bca86e694b59cb1fb6bf99c035192823e8f784cf330d

Archive (4)

Modified	Filename	Size	Md5	File type
2021-08-13 16:55	traffic_control.mtl	270 B	b7041413fefc5743488b532761025bef	Unicode text, UTF-8 text, with CRLF line terminators
2021-08-13 16:55	._traffic_control.mtl	194 B	a0e560e40a4b5cd42cc14d42ddc6c0b8	AppleDouble encoded Macintosh file
2021-08-13 16:55	traffic_control.obj	199 kB	a17e5b2bd9153231ab05d2359b3c4832	Unicode text, UTF-8 text, with CRLF line terminators
2021-08-13 16:55	._traffic_control.obj	350 B	6be7b9e7ce3687c58f5c945efddeaa5b	AppleDouble encoded Macintosh file

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	ocsp.sectigochina.com/	104.18.38.66		471 B
URL ocsp.sectigochina.com/ IP 104.18.38.66:0 ASN #13335 CLOUDFLARENET File type data Size 471 B (471 bytes) Hash 1bdacade64fc7e83d5932baeec1be937 e80166ed1b25a3339cee8dc1e81470725c1d54e4 dce235a81f3c6415bfe82d573f3c8957a150c8232e085b8d3734b06828fcb905 HTTP Headers `POST / HTTP/1.1 Host: ocsp.sectigochina.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Tue, 21 May 2024 02:48:59 GMT Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Last-Modified: Mon, 20 May 2024 05:57:59 GMT Expires: Mon, 27 May 2024 05:57:58 GMT Etag: "e80166ed1b25a3339cee8dc1e81470725c1d54e4" Cache-Control: max-age=529802,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb4 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 88714029ed5c56a5-OSL`

	lbsnavi.cdn.bcebos.com/base/online/20210817170619/trafficControl.zip	58.254.180.65	200 OK	66 kB
URL User Request GET HTTP/2 lbsnavi.cdn.bcebos.com/base/online/20210817170619/trafficControl.zip IP 58.254.180.65:443 ASN #136958 China Unicom Guangdong IP network Certificate IssuerBaidu, Inc. Subjecta.bdydns.com Fingerprint16:A0:3C:F6:B3:02:F1:7C:44:03:97:2C:60:91:81:C0:71:C1:A6:FF ValidityWed, 03 Apr 2024 00:00:00 GMT - Fri, 04 Apr 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 66 kB (66407 bytes) Hash 0c5a87009bf3a07ae6e712796d5b36d8 6c4e2c2bc6404e15cb1a945c57957bcfc5d171d3 23c3bcec4cb86e52c885bca86e694b59cb1fb6bf99c035192823e8f784cf330d HTTP Headers GET /base/online/20210817170619/trafficControl.zip HTTP/1.1 Host: lbsnavi.cdn.bcebos.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: JSP3/2.0.14 date: Tue, 21 May 2024 02:48:59 GMT content-type: application/zip content-length: 66407 expires: Wed, 22 May 2024 03:05:32 GMT last-modified: Tue, 17 Aug 2021 09:06:19 GMT etag: "0c5a87009bf3a07ae6e712796d5b36d8" age: 171769 accept-ranges: bytes content-md5: DFqHAJvzoHrm5xJ5bVs22A== x-bce-content-crc32: 2817138168 x-bce-debug-id: GKTFFmpR6Xul7/+NyQ/ijFz6utHhnU4Rz31Kpbx9/1VbA/wB1lnWRscCrudVpYSMhHln9CAO6mzkK7REadf2mg== x-bce-request-id: d51e6dbc-ab4f-40f2-bab5-adc256d1da89 x-bce-storage-class: STANDARD ohc-global-saved-time: Sun, 19 May 2024 03:05:32 GMT ohc-cache-hit: gz3un56 [2], xaix56 [4] ohc-file-size: 66407 x-cache-status: HIT X-Firefox-Spdy: h2