Report - www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip

Report Overview

Submitted URL
www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip
IP
49.12.127.200
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-04 14:03:00
Access
public
Website Title
Warning: Potential Security Risk Ahead
Final URL
about:certerror?e=nssBadCert&u=https%3A//www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip&c=UTF-8&d=%20
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cyberfolks2.ocsp-certum.com	unknown	2013-12-19	2023-07-09	2024-05-03	678 B	3.5 kB	23.36.79.10
www.zspz.zbaszyn.pl	unknown	2004-09-15	2017-05-02	2023-06-14	958 B	3.3 MB	49.12.127.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip
IP
49.12.127.200
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.3 MB (3291895 bytes)
Hash
6080e7cc78dcec1b2e1dfe43e4487f6b
92294688ceb1f4a3f8369a52acaa3606889fa033
0577a8c00f062f76674e623fd3629652f4455a32ce8acbf629a665f62013c3f0

Archive (3)

Filename

Md5

File type

certyfikat.crt

09089c6a34cb5b1013b254a09e6e6ba7

PEM certificate

windows.pdf

2589ce8a3121788f5aed87c27ea386b9

PDF document, version 1.7, 16 pages

cert_install.msi

68b2227582fb64f2540066870bf2df66

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1250, Title: Installation Database, Subject: Certyfikaty OSE, Author: NASK PIB, Keywords: Installer, Comments: This installer database contains the logic and data required to install Certyfikaty OSE., Template: Intel;1045, Revision Number: {2EB41583-889D-47EB-BA3E-A72300A44D6E}, Create Time/Date: Fri Apr 26 12:44:28 2019, Last Saved Time/Date: Fri Apr 26 12:44:28 2019, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

JavaScript (1)

	URL	Size	First Seen	Last Seen
	about:certerror?e=nssBadCert&u=https%3A//www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip&c=UTF-8&d=%20	0 B	2023-03-07	2024-05-18
Pretty URL about:certerror?e=nssBadCert&u=https%3A//www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip&c=UTF-8&d=%20 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 15:13:57 Times Seen37788314 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (4)

	URL	IP	Response	Size
	cyberfolks2.ocsp-certum.com/	23.36.79.10		1.5 kB
URL cyberfolks2.ocsp-certum.com/ IP 23.36.79.10:0 ASN #20940 Akamai International B.V. File type data Size 1.5 kB (1485 bytes) Hash 1ce1dd0933fd0dff3673155dbd2cfe42 3e17d9b24c6c64e2018e0969494cb3f6ef72da4f d9203282ac570183163384c383daebfed2676f4f768aaed27b315efcf10164c8 HTTP Headers `POST / HTTP/1.1 Host: cyberfolks2.ocsp-certum.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1485 X-Cached: HIT Strict-Transport-Security: max-age=63072000,includeSubDomains,preload Cache-Control: max-age=844 Date: Sat, 04 May 2024 14:02:34 GMT Connection: keep-alive X-N: S`

	www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip	49.12.127.200	301 Moved Permanently	795 B
URL User Request GET HTTP/1.1 www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip IP 49.12.127.200:80 ASN #24940 Hetzner Online GmbH File type HTML document, ASCII text, with CRLF, LF line terminators Size 795 B (795 bytes) Hash 5d8d79c3cb9af023240b1be6f5057aaa df22980677b134e83d878893f7c7984e0d78a240 e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6 HTTP Headers `GET /pdfs/certyfikaty_ose/windows-certyfikat-ose.zip HTTP/1.1 Host: www.zspz.zbaszyn.pl User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Connection: Keep-Alive Keep-Alive: timeout=5, max=100 content-type: text/html content-length: 795 date: Sat, 04 May 2024 14:02:34 GMT server: LiteSpeed location: https://www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip vary: User-Agent`

	cyberfolks2.ocsp-certum.com/	23.36.79.17		1.5 kB
URL cyberfolks2.ocsp-certum.com/ IP 23.36.79.17:0 ASN #20940 Akamai International B.V. File type data Size 1.5 kB (1485 bytes) Hash baa5e523d33aed6c6ee010ea95d20cf1 df0d16233f1ac24eb975d63fb3466fa0690f033d c569bb6165bb67a2fd8a1fa97304198694f6c9cb299fd8d24903fe6c4add887f HTTP Headers `POST / HTTP/1.1 Host: cyberfolks2.ocsp-certum.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 1485 X-Cached: STALE Strict-Transport-Security: max-age=63072000,includeSubDomains,preload Cache-Control: max-age=897 Date: Sat, 04 May 2024 14:02:36 GMT Connection: keep-alive X-N: S`

	www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip	49.12.127.200	301 Moved Permanently	3.3 MB
URL User Request GET HTTP/1.1 www.zspz.zbaszyn.pl/pdfs/certyfikaty_ose/windows-certyfikat-ose.zip IP 49.12.127.200:80 ASN #24940 Hetzner Online GmbH File type Zip archive data, at least v2.0 to extract, compression method=store Size 3.3 MB (3291895 bytes) Hash 6080e7cc78dcec1b2e1dfe43e4487f6b 92294688ceb1f4a3f8369a52acaa3606889fa033 0577a8c00f062f76674e623fd3629652f4455a32ce8acbf629a665f62013c3f0 HTTP Headers GET /pdfs/certyfikaty_ose/windows-certyfikat-ose.zip HTTP/1.1 Host: www.zspz.zbaszyn.pl User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK content-type: application/zip last-modified: Thu, 18 May 2023 18:48:16 GMT etag: "323af7-646672f0-457cbb45202b399e;;;" accept-ranges: bytes content-length: 3291895 date: Sat, 04 May 2024 14:02:36 GMT server: LiteSpeed vary: User-Agent alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers