Report Overview
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
files.catbox.moe | 174913 | 2015-04-06 | 2015-06-30 | 2024-05-03 | 481 B | 1.7 kB | 108.181.20.35 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Timestamp | Severity | Source IP | Destination IP | Alert |
---|---|---|---|---|
2024-05-10 09:39:30 | medium | Client IP | 108.181.20.35 | |
2024-05-10 09:39:30 | medium | Client IP | 108.181.20.35 | |
2024-05-10 09:39:30 | medium | Client IP | 108.181.20.35 | |
2024-05-10 09:39:30 | medium | Client IP | 108.181.20.35 |
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-05-10 | medium | files.catbox.moe/umuqj8.zip | Detects suspicious tiny ZIP files with phishing attachment characteristics |
2024-05-10 | medium | files.catbox.moe/umuqj8.zip | Detects suspicius tiny ZIP files with malicious lnk files |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
files.catbox.moe/umuqj8.zip
IP
108.181.20.35
ASN
#40676 AS40676
File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.2 kB (1156 bytes)
Hash
25bec2c1d36753e5f779eaa5cd7394f9
53f71191ddf5125d36cf6666ebec780b6a4b688c
Archive (1)
Filename | Md5 | File type | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Consolidated_Statement.pdf.lnk | bc5f3ad9b05c8fa5bf399b1b99fe88da
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=13, Archive, ctime=Sat May 8 08:16:08 2021, mtime=Sat May 8 08:16:08 2021, atime=Sat May 8 08:16:08 2021, length=450560, window=hide |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public InfoSec YARA rules | malware | Identifies PowerShell artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies scripting artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies download artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public Nextron YARA rules | malware | Detects suspicious tiny ZIP files with phishing attachment characteristics |
YARAhub by abuse.ch | malware | Detects suspicius tiny ZIP files with malicious lnk files |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
files.catbox.moe/umuqj8.zip | 108.181.20.35 | 200 OK | 1.2 kB | ||||||||||
Detections
HTTP Headers
| |||||||||||||