Report - lookdiv.com/%E6%BF%80%E6%B4%BB%E7%A0%812020-2024.zip

Report Overview

Submitted URL
lookdiv.com/%E6%BF%80%E6%B4%BB%E7%A0%812020-2024.zip
IP
43.139.174.177
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited
Submitted
2024-05-10 10:30:10
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2024-05-09	334 B	1.5 kB	112.50.95.96
lookdiv.com	unknown	2019-09-09	2019-11-13	2021-02-02	506 B	112 kB	43.139.174.177

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
lookdiv.com/%E6%BF%80%E6%B4%BB%E7%A0%812020-2024.zip
IP
43.139.174.177
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
112 kB (111803 bytes)
Hash
b0d15d497202c84bbc06d0d51e85cafa
2e0b0d970f8fa4672012e350be1c16cb548e18e3
0832691230f8194cff9842ba846808c2c85bacef6a170089eec590b53f01fdec

Archive (35)

Modified	Filename	Size	Md5	File type
2022-10-23 19:07	CLion��_______˫��.vbs	2.8 kB	c6ced3f8f41290b8530ee9c0da5a4496	ASCII text, with CRLF line terminators
2022-10-23 20:44	DataGrip��____˫��.vbs	2.8 kB	f0664f3e5bff8a6713acda92104fcef4	ASCII text, with CRLF line terminators
2023-06-26 22:41	DataSpell��___ ˫��.vbs	2.8 kB	fc2bfec707e76f2161ddb87c0c7a22e2	ASCII text, with CRLF line terminators
2022-10-23 19:03	GoLand��_____ ˫��.vbs	2.8 kB	eec6145a16c93bf76419ee27ee481508	ASCII text, with CRLF line terminators
2022-10-23 16:23	IDEA��_________˫��.vbs	2.8 kB	6d3b8124f4a10961aeda20b63566f662	ASCII text, with CRLF line terminators
2022-10-23 19:07	PhpStorm��___˫��.vbs	2.8 kB	4351724322a217398bd6938852de59a6	ASCII text, with CRLF line terminators
2022-10-23 16:08	PyCharm��____˫��.vbs	2.8 kB	7559c25867db4a0e3f56528ab272e0c6	ASCII text, with CRLF line terminators
2023-06-26 23:46	Rider��________˫��.vbs	2.8 kB	7287cf925b998402ed705f56446401af	ASCII text, with CRLF line terminators
2022-10-23 19:06	WebStorm��__˫��.vbs	2.8 kB	e892e22fc71a7435cd4cff753f6117cf	ASCII text, with CRLF line terminators
2022-07-01 10:51	active-agt.jar	49 kB	2fa1b1364515dce93eb67c423b570deb	Zip archive data, at least v1.0 to extract, compression method=deflate
2022-10-23 16:30	clion.key	5.6 kB	3935af9ee05419ff2d0d724a1e6bc6c4	data
2022-06-28 11:50	clion64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-07-01 10:51	dns.conf	67 B	f01ce69d967d52ddf0d72a1c9ca5c9bf	ASCII text
2022-07-01 10:51	power.conf	7.5 kB	bb2144dc9371c0dbb9a52ceb0fa2e723	ASCII text, with very long lines (3710)
2022-07-01 10:51	url.conf	74 B	fea2bfbedda20d5ad9429f537e15f4ce	ASCII text
2022-08-05 02:13	datagrip.key	5.3 kB	6f5469c153ff60b609fa426f677c1f36	data
2022-06-28 11:50	datagrip64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2023-06-26 22:44	dataspell.key	5.1 kB	eb7bc5b6e549c81b382f3ff26a83e4ba	data
2022-06-28 11:50	dataspell64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-10-23 16:27	goland.key	5.6 kB	d103da072d4d297da16fc64bc3eb9da5	data
2022-06-28 11:50	goland64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-10-23 16:22	idea.key	6.7 kB	7c514522b1b9aa2318f4f2e343c3c06b	data
2022-07-26 10:17	idea64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-10-23 16:31	phpstorm.key	5.6 kB	0f0b2ea5a28c07230e785202895a9fd8	data
2022-06-28 11:50	phpstorm64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-07-01 10:51	dns.jar	4.9 kB	4f3c516c1704a5569725246d57dd1ae7	Zip archive data, at least v1.0 to extract, compression method=deflate
2022-07-01 10:51	hideme.jar	7.2 kB	cdab6a30b0949a741f13935f5483c303	Zip archive data, at least v1.0 to extract, compression method=deflate
2022-07-04 17:29	power.jar	12 kB	cdc01ec1abee702c535da143fb3947d9	Zip archive data, at least v1.0 to extract, compression method=deflate
2022-07-01 10:51	url.jar	4.5 kB	6b181e5b8255db4cd9beb1c6af5f420e	Zip archive data, at least v1.0 to extract, compression method=deflate
2022-10-23 15:45	pycharm.key	5.6 kB	ec722d4bfe7d46a7a29ef598b1b774f6	data
2022-06-28 11:50	pycharm64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2023-06-26 23:43	rider.key	5.4 kB	47b498f74d91213bd3e3f3a31a0ecc7d	data
2022-06-28 11:50	rider64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e
2022-10-23 16:32	webstorm.key	5.4 kB	465b55f3b990b08f156a6dc41e1ddb7b	data
2022-07-26 10:17	webstorm64.exe.vmoptions	0 B	d41d8cd98f00b204e9800998ecf8427e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/60

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.trust-provider.cn/

112.50.95.96

599 B

URL
ocsp.trust-provider.cn/
IP
112.50.95.96:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
data
Size
599 B (599 bytes)
Hash
ec994188702cd3ceaefc70a51a8f9f5c
9fcaac2d03532ff0604cc986405333cc6dfa9858
727eed520aeb2cf9d5321b152c57a2cdae3feaa81e9d5276f93c4fa4957a1dab

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
Date: Fri, 10 May 2024 10:29:46 GMT
Last-Modified: Tue, 07 May 2024 19:17:33 GMT
Expires: Tue, 14 May 2024 19:17:32 GMT
Etag: "9fcaac2d03532ff0604cc986405333cc6dfa9858"
Cache-Control: max-age=3600
X-CCACDN-Proxy-ID: scdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
CF-RAY: 8819400609100984-HKG
Age: 0
Ctl-Cache-Status: MISS from hk-xianggang4-ca01, MISS from fj-quanzhou7-ca52, MISS from zj-shaoxing1-ca15, MISS from zj-shaoxing1-ca06
Request-Id: 663df71a0e8580ddfec626beb1915b9d
via: n172-013-213.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1715336986bc93aca3804a39536c91e83ff5e86f86
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=352, edge;dur=0

lookdiv.com/%E6%BF%80%E6%B4%BB%E7%A0%812020-2024.zip

43.139.174.177

112 kB

URL
lookdiv.com/%E6%BF%80%E6%B4%BB%E7%A0%812020-2024.zip
IP
43.139.174.177:0
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
112 kB (111803 bytes)
Hash
b0d15d497202c84bbc06d0d51e85cafa
2e0b0d970f8fa4672012e350be1c16cb548e18e3
0832691230f8194cff9842ba846808c2c85bacef6a170089eec590b53f01fdec

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/60

HTTP Headers

GET /%E6%BF%80%E6%B4%BB%E7%A0%812020-2024.zip HTTP/1.1
Host: lookdiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 10:29:46 GMT
content-type: application/zip
content-length: 111803
last-modified: Thu, 21 Mar 2024 01:25:29 GMT
etag: "65fb8c89-1b4bb"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (35)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers