Report - 176.57.181.245:8080/mods/FS22

Report Overview

Submitted URL
176.57.181.245:8080/mods/FS22_BunkersiloPackage.zip
IP
176.57.181.245
ASN
#56876 Ociris GmbH
Submitted
2024-04-25 09:08:47
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
176.57.181.245:8080	unknown	unknown	No data	No data	421 B	4.5 MB	176.57.181.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	176.57.181.245	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
176.57.181.245:8080/mods/FS22_BunkersiloPackage.zip
IP
176.57.181.245
ASN
#56876 Ociris GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.5 MB (4511319 bytes)
Hash
53e54127f917fb0d608c1f94bf0ff923
7ee7f5e5da1020ab020b2c4a4f172a3d307c1289
a619730ffe4cc12da6fb465411ad53e9ceb1357365e788ea338980c653c4150a

Archive (14)

Modified	Filename	Size	Md5	File type
2022-06-30 07:37	icon_Siloplatte.dds	33 kB	8d5647db386aa9ef6643284d4b59a2bc	Microsoft DirectDraw Surface (DDS): 256 x 256, compressed using DX10
2022-11-17 08:26	modDesc.xml	1.3 kB	ba55ba4c7c96acc1f22b283e82b76a04	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
2022-06-30 07:37	Reifen.i3d	7.7 kB	9beb9cbf1c1cba7e20d91851efbe47d5	XML 1.0 document, ASCII text
2022-06-30 07:37	Reifen.i3d.shapes	4.4 MB	1d625da1403eb964340a1c4596e2e0a2	data
2022-11-17 08:27	Reifen.xml	3.4 kB	6b97ddedf6a368ad1c48a037df346bf0	XML 1.0 document, ASCII text, with CRLF line terminators
2022-11-12 11:32	Siloplatte.i3d	4.5 kB	e2795cb29ddef06a4adcf56a3a6657db	XML 1.0 document, ASCII text
2022-11-12 11:32	Siloplatte.i3d.shapes	17 kB	ebe6685e0f2b1a63182c9318d4b95820	data
2022-11-17 08:27	Siloplatte.xml	4.3 kB	691f5c2d7477d7656410b8e163ccdc75	XML 1.0 document, ASCII text, with CRLF line terminators
2022-06-30 07:37	Store_Reifen.dds	262 kB	a36c1a790aa1ebe2282407561845c44c	Microsoft DirectDraw Surface (DDS): 512 x 512, compressed using DX10
2022-06-30 07:37	store_Siloplatte.dds	262 kB	d41440c2ea5758c1201e1626e6062414	Microsoft DirectDraw Surface (DDS): 512 x 512, compressed using DX10
2022-06-30 07:37	Store_Wand.dds	262 kB	6fd02d227118fdaccf6ef0483264878c	Microsoft DirectDraw Surface (DDS): 512 x 512, compressed using DX10
2022-06-30 07:37	Wand.i3d	4.6 kB	cb24c739c645593e1f66a6ff028fcce5	XML 1.0 document, ASCII text
2022-06-30 07:37	Wand.i3d.shapes	12 kB	122f0c341736f7187515dc03d3883db9	data
2022-11-17 08:27	Wand.xml	3.4 kB	a1b7a00444bcffb654f410739717b02f	XML 1.0 document, ASCII text, with CRLF line terminators

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

176.57.181.245:8080/mods/FS22_BunkersiloPackage.zip

176.57.181.245

200 OK

4.5 MB

URL User Request GET HTTP/1.1
176.57.181.245:8080/mods/FS22_BunkersiloPackage.zip
IP
176.57.181.245:8080
ASN
#56876 Ociris GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.5 MB (4511319 bytes)
Hash
53e54127f917fb0d608c1f94bf0ff923
7ee7f5e5da1020ab020b2c4a4f172a3d307c1289
a619730ffe4cc12da6fb465411ad53e9ceb1357365e788ea338980c653c4150a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mods/FS22_BunkersiloPackage.zip HTTP/1.1
Host: 176.57.181.245:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-control: must-revalidate, post-check=0, pre-check=0
Content-description: File Transfer
Content-disposition: attachment; filename="FS22_BunkersiloPackage.zip"
Content-transfer-encoding: binary
Content-type: application/zip
Date: Thu, 25 Apr 2024 11:08:21 GMT
Expires: 0
Last-modified: Thu, 25 Apr 2024 11:08:21 GMT
Pragma: public
Server: GIANTS Dedicated Server GIANTS Dedicated Server/9.2.0.0
Set-Cookie: SessionID=220301713935645; path=/
Content-Length: 4511319

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (14)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers