Report - p3-platform-cn-static.picovr.com/tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe?r=1681181814847245000

Report Overview

Submitted URL
p3-platform-cn-static.picovr.com/tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe?r=1681181814847245000
IP
61.170.80.233
ASN
#4812 China Telecom Group
Submitted
2024-05-10 01:04:09
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
p3-platform-cn-static.picovr.com	unknown	2015-02-28	2023-03-30	2024-01-16	568 B	29 MB	61.170.80.226
status.rapidssl.com	6946	2002-04-05	2018-06-15	2024-05-09	331 B	642 B	192.229.221.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 01:03:37	medium	Client IP	61.110.197.11	ET INFO Executable Download from dotted-quad Host
2024-05-10 01:03:57	medium	Client IP	61.110.197.11	ET INFO Executable Download from dotted-quad Host
2024-05-10 01:04:02	medium	Client IP	61.110.197.11	ET INFO Executable Download from dotted-quad Host
2024-05-10 01:04:06	medium	Client IP	61.110.197.11	ET INFO Executable Download from dotted-quad Host

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
p3-platform-cn-static.picovr.com/tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe?r=1681181814847245000
IP
61.170.80.226
ASN
#4812 China Telecom Group

File type
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 13 sections
Size
29 MB (29185536 bytes)
Hash
71faeff4f977c2298d4e5f426f0487b8
a437e278d7de31d7c941fc9e655b9d295b9c8d2a
7318d4b5207076a1f91781f7c0f294e067b1f0abecdae15c79b749f1b87957e3

JavaScript (1)

		Size	First Seen	Last Seen
	#1 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 16:18:40 Times Seen37881458 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (2)

	URL	IP	Response	Size
	status.rapidssl.com/	192.229.221.95		471 B
URL status.rapidssl.com/ IP 192.229.221.95:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash 22d1042b125e6e052061396d64a4b7ee 36f22efc2ab416600c5827296d0db20dc17d0261 20b74dc274656c783d5e104df8466fbe631b46d1dae56e898ff7f7275900c0e6 HTTP Headers `POST / HTTP/1.1 Host: status.rapidssl.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Cache-Control: max-age=7200 Content-Type: application/ocsp-response Date: Fri, 10 May 2024 01:03:40 GMT Server: ECAcc (amb/6B53) Content-Length: 471`

	p3-platform-cn-static.picovr.com/tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe?r=1681181814847245000	61.170.80.226		29 MB
URL User Request GET p3-platform-cn-static.picovr.com/tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe?r=1681181814847245000 IP 61.170.80.226:0 ASN #4812 China Telecom Group Certificate IssuerDigiCert Inc Subject.picovr.com Fingerprint46:33:CE:D9:D1:F6:FA:9E:D2:4F:2A:9B:A5:4C:51:41:B7:94:92:E2 ValidityFri, 09 Jun 2023 00:00:00 GMT - Fri, 07 Jun 2024 23:59:59 GMT File type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 13 sections Size 29 MB (29185536 bytes) Hash 71faeff4f977c2298d4e5f426f0487b8 a437e278d7de31d7c941fc9e655b9d295b9c8d2a 7318d4b5207076a1f91781f7c0f294e067b1f0abecdae15c79b749f1b87957e3 HTTP Headers GET /tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe?r=1681181814847245000 HTTP/1.1 Host: p3-platform-cn-static.picovr.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: Tengine content-type: application/x-msdos-program content-length: 29185536 date: Fri, 10 May 2024 01:03:37 GMT cache-control: max-age=31536000 content-md5: cfrv9Pl3wimNTl9CbwSHuA== last-modified: Thu, 09 May 2024 13:45:50 GMT nw-session-id: 202405092145506A974DBCECE82EACB8EEpkvhm01ot nw-session-trace: 2024-05-09T21:45:50.420938117+08:00 141 x-bdcdn-cache-status: TCP_HIT x-kfc-cachekey: http://1l663x1b0h/tos-cn-i-1l663x1b0h/windows-noncn/202304111056/pico-cli.exe x-powered-by: ImageX x-response-date: Thu, 09 May 2024 21:45:50 GMT x-tt-logid: 202405092145506A974DBCECE82EACB8EE via: n132-090-149, cache25.l2cn3160[42,42,200-0,M], cache43.l2cn3160[44,0], vcache11.cn6012[0,-1,200-0,H], vcache2.cn6012[5,0] x-request-ip: fdbd:dc03:6:136::218 x-tt-trace-tag: id=03;cdn-cache=hit;type=static x-response-cinfo: fdbd:dc03:6:136::218 x-response-cache: edge_hit server-timing: inner; dur=13 x-tt-trace-host: 0151b567526ef235778a9b4b7a8ef0ff291e61656fdec529193f55f72e4543eede129430f4a89e53c0f55d3330439776329271a3591c041af46d236a1c1702d845e2b046f71260952802bd03ec43a3a30979c9f0211e4ee41b6d459057d8d5f2b9 x-tt-trace-id: 00-2405100903371F78327B2655765B0BCA-71CE92A24F46966D-00 ali-swift-global-savetime: 1715303017 age: 3 x-cache: HIT TCP_MEM_HIT dirn:-2:-2 x-swift-savetime: Fri, 10 May 2024 01:03:37 GMT x-swift-cachetime: 31536000 timing-allow-origin: eagleid: 3daa501617153030205058093e X-Firefox-Spdy: h2