Report - du-cut.cdn.bcebos.com/operation-upload/2023-11/1700793184185/d72942ae907d9d194b73a37d770ab4f3.zip

Report Overview

Visited public
2024-01-01 06:18:48
Tags
URL
du-cut.cdn.bcebos.com/operation-upload/2023-11/1700793184185/d72942ae907d9d194b73a37d770ab4f3.zip
Finishing URL
about:privatebrowsing
IP / ASN
124.238.241.38
#58539 Langfang,Hebei province, P.R.China
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2023-12-31 05:38:38	690 B	1.9 kB	172.64.149.190
du-cut.cdn.bcebos.com	unknown	2014-08-28	2023-07-26 02:42:00	2023-12-13 05:48:16	563 B	6.2 MB	111.225.213.38

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
du-cut.cdn.bcebos.com/operation-upload/2023-11/1700793184185/d72942ae907d9d194b73a37d770ab4f3.zip
IP
111.225.213.38
ASN
#58539 Langfang,Hebei province, P.R.China

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.2 MB (6210184 bytes)
Hash
d72942ae907d9d194b73a37d770ab4f3
eb406b000b755aa4654790bb3694d0ca08a49898
81cb2722acb2c47a4c8df0fac280ef3d54ea6bd8eb770a0187758e0a816096bd

Archive (2)

Filename

Md5

File type

libBARDumix.so

5de3439b150c65fc5a46d20e567760a3

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

._libBARDumix.so

224092ff4c256398b175fa7eb948724c

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	ocsp.sectigochina.com/	172.64.149.190		471 B
URL ocsp.sectigochina.com/ IP 172.64.149.190:0 ASN #13335 CLOUDFLARENET File type data Size 471 B (471 bytes) Hash a649e52ce14100b7a7998866460e9c89 744e148cb28ac98c96982d1b580133cce878b870 607fbd478ef1e85b2e24e998323b586c8ec76a8fa96b3cd8acacba075139dc5d HTTP Headers `POST / HTTP/1.1 Host: ocsp.sectigochina.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Mon, 01 Jan 2024 06:18:20 GMT Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Last-Modified: Sun, 31 Dec 2023 18:12:52 GMT Expires: Sun, 07 Jan 2024 18:12:51 GMT Etag: "744e148cb28ac98c96982d1b580133cce878b870" Cache-Control: max-age=561388,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb5 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 83e8a4f48a270afe-OSL`

	ocsp.sectigochina.com/	172.64.149.190		471 B
URL ocsp.sectigochina.com/ IP 172.64.149.190:0 ASN #13335 CLOUDFLARENET File type data Size 471 B (471 bytes) Hash a649e52ce14100b7a7998866460e9c89 744e148cb28ac98c96982d1b580133cce878b870 607fbd478ef1e85b2e24e998323b586c8ec76a8fa96b3cd8acacba075139dc5d HTTP Headers `POST / HTTP/1.1 Host: ocsp.sectigochina.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Mon, 01 Jan 2024 06:18:20 GMT Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Last-Modified: Sun, 31 Dec 2023 18:12:52 GMT Expires: Sun, 07 Jan 2024 18:12:51 GMT Etag: "744e148cb28ac98c96982d1b580133cce878b870" Cache-Control: max-age=561388,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb5 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 83e8a4f48b9a569a-OSL`

	du-cut.cdn.bcebos.com/operation-upload/2023-11/1700793184185/d72942ae907d9d194b73a37d770ab4f3.zip	111.225.213.38	200 OK	6.2 MB
URL User Request GET HTTP/2 du-cut.cdn.bcebos.com/operation-upload/2023-11/1700793184185/d72942ae907d9d194b73a37d770ab4f3.zip IP 111.225.213.38:443 ASN #58539 Langfang,Hebei province, P.R.China Certificate IssuerBaidu, Inc. Subjecta.bdydns.com Fingerprint91:D1:34:1D:18:15:9F:69:7A:32:CD:F9:5A:0D:C1:9C:4E:73:79:A4 ValidityMon, 17 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 6.2 MB (6210184 bytes) Hash d72942ae907d9d194b73a37d770ab4f3 eb406b000b755aa4654790bb3694d0ca08a49898 81cb2722acb2c47a4c8df0fac280ef3d54ea6bd8eb770a0187758e0a816096bd HTTP Headers GET /operation-upload/2023-11/1700793184185/d72942ae907d9d194b73a37d770ab4f3.zip HTTP/1.1 Host: du-cut.cdn.bcebos.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: JSP3/2.0.14 date: Mon, 01 Jan 2024 06:18:20 GMT content-type: application/zip content-length: 6210184 expires: Thu, 04 Jan 2024 06:17:58 GMT last-modified: Fri, 24 Nov 2023 03:20:03 GMT etag: "d72942ae907d9d194b73a37d770ab4f3" accept-ranges: bytes content-md5: 1ylCrpB9nRlLc6N9dwq08w== x-bce-content-crc32: 1918720432 x-bce-debug-id: WKmKIN6CNiDfu24zMcb1YfAKiHnGlyuxd2pso5bBqsCZSgIuOY5cvX8opm859eqnY9a58cUhtzh03Ov3xgF7ig== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 38499444-6935-4d39-86b1-85d6a1e3b160 x-bce-storage-class: STANDARD ohc-global-saved-time: Mon, 01 Jan 2024 06:17:58 GMT ohc-upstream-trace: 113.142.198.244; 111.225.213.50 ohc-cache-hit: lf6ct50 [2], xaix244 [2] ohc-response-time: 1 0 38 66 115 115 ohc-file-size: 6210184 x-cache-status: MISS access-control-allow-origin: * X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers