Report - 78.90.234.180:8080/text/12864-hej-prijatelju.sfb.zip

Report Overview

Submitted URL
78.90.234.180:8080/text/12864-hej-prijatelju.sfb.zip
IP
78.90.234.180
ASN
#29580 A1 Bulgaria EAD
Submitted
2024-04-24 12:29:43
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
78.90.234.180:8080	unknown	unknown	No data	No data	922 B	1.4 kB	78.90.234.180

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	78.90.234.180	Sinkholed
2024-04-24	medium	78.90.234.180	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
78.90.234.180:8080/cache/dl/Philippe-Djian_-_Navyn_kym_sebe_si_-_3105-b.txt.zip
IP
78.90.234.180
ASN
#29580 A1 Bulgaria EAD

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
303 B (303 bytes)
Hash
f05e9128c7d193aaf073ac9cbbcc13f3
3ba0cefc4013e5bf8dc4666905dda23983b5c3af
4e2c846261ec4aeab8ee2d4f3c986579491fa84ffba19f9bd13c0cc2c97b394d

Archive (1)

Modified	Filename	Size	Md5	File type
2023-07-01 21:06	Philippe-Djian_-_Navyn_kym_sebe_si_-_3105-b.txt	128 B	60468e4ec14457e25cabc71e119ff3fd	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

78.90.234.180:8080/text/12864-hej-prijatelju.sfb.zip

78.90.234.180

302 Found

488 B

URL User Request GET HTTP/1.1
78.90.234.180:8080/text/12864-hej-prijatelju.sfb.zip
IP
78.90.234.180:8080
ASN
#29580 A1 Bulgaria EAD

File type
HTML document, ASCII text
Size
488 B (488 bytes)
Hash
1b30e5ad2ea3fc9d417f726da2a8c260
36f050204b43d1e5c50ed99444114c86c672e5a0
a48bcfed40dca8884fbe31ee6155eb4ad010fcef9e7ad6e87ca5730c22f3edb6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /text/12864-hej-prijatelju.sfb.zip HTTP/1.1
Host: 78.90.234.180:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: CHITANKASESSID=v3q7j257otg8ukfv4rmua4g7k4; path=/; HttpOnly
Cache-Control: no-cache
Location: /cache/dl/Philippe-Djian_-_Navyn_kym_sebe_si_-_3105-b.txt.zip
Date: Wed, 24 Apr 2024 12:29:19 GMT

78.90.234.180:8080/cache/dl/Philippe-Djian_-_Navyn_kym_sebe_si_-_3105-b.txt.zip

78.90.234.180

200 OK

303 B

URL User Request GET HTTP/1.1
78.90.234.180:8080/cache/dl/Philippe-Djian_-_Navyn_kym_sebe_si_-_3105-b.txt.zip
IP
78.90.234.180:8080
ASN
#29580 A1 Bulgaria EAD

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
303 B (303 bytes)
Hash
f05e9128c7d193aaf073ac9cbbcc13f3
3ba0cefc4013e5bf8dc4666905dda23983b5c3af
4e2c846261ec4aeab8ee2d4f3c986579491fa84ffba19f9bd13c0cc2c97b394d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cache/dl/Philippe-Djian_-_Navyn_kym_sebe_si_-_3105-b.txt.zip HTTP/1.1
Host: 78.90.234.180:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: CHITANKASESSID=v3q7j257otg8ukfv4rmua4g7k4
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 12:29:19 GMT
Content-Type: application/zip
Content-Length: 303
Last-Modified: Wed, 24 Apr 2024 12:29:19 GMT
Connection: keep-alive
ETag: "6628fb1f-12f"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (1)

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers