Report - pomf2.lain.la/f/36znx8te.7z

Report Overview

Visitedpublic

2025-02-16 04:48:57

Tags

Submit Tags

URL

pomf2.lain.la/f/36znx8te.7z

Finishing URL

about:privatebrowsing

IP / ASN

United States

198.251.82.91

#53667 PONYNET

Title

about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

1

Threat Detection Systems

0

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
normandy.cdn.mozilla.net	3562	1998-01-31	2017-01-30	2025-02-12	341 B	1.5 kB	34.49.51.44
classify-client.services.mozilla.com	3824	1994-10-18	2019-01-09	2025-02-12	369 B	385 B	35.190.72.216
pomf2.lain.la	512997	2020-08-27	2021-09-18	2025-02-15	495 B	307 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-16 04:48:40	high	59.54.88.94	Client IP	ET POLICY Executable and linking format (ELF) file download

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	normandy.cdn.mozilla.net/api/v1/	34.49.51.44	200 OK	598 B
URL HTTP normandy.cdn.mozilla.net/api/v1/ IP / ASN 34.49.51.44 #396982 GOOGLE-CLOUD-PLATFORM Requested byN/A Resource Info File typeJSON text data First Seen2023-04-07 Last Seen2025-03-02 Times Seen17753 Size598 B (598 bytes) MD53076f9a5cb273105528b893ff7111e41 SHA1b8990c145fe71b9a2410eea41a60a712b43b82bf SHA25669c578fb0c03a28141a975833f660f4571e7991dc28ae7f9cead37672ee2c9b3 HTTP Headers `GET /api/v1/ HTTP/1.1 Host: normandy.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK x-guploader-uploadid: AHMx-iFdn8po2KDy6MnL1nkwDX_PcOfZta4h510SsQzT6Z3tnjkGggeLCoKW0Ei5DxRCm5ba x-goog-generation: 1733538086068448 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 598 x-goog-hash: crc32c=kFVz4A==, md5=MHb5pcsnMQVSi4k/9xEeQQ== x-goog-storage-class: STANDARD accept-ranges: bytes content-length: 598 server: nginx via: 1.1 google date: Sun, 16 Feb 2025 04:06:45 GMT expires: Sun, 16 Feb 2025 05:06:45 GMT cache-control: public, max-age=3600 age: 2530 last-modified: Sat, 07 Dec 2024 02:21:26 GMT etag: "3076f9a5cb273105528b893ff7111e41" content-type: application/json x-content-type-options: nosniff allow: GET, HEAD, OPTIONS vary: Accept-Encoding,Accept, Origin x-xss-protection: 1; mode=block x-frame-options: DENY alt-svc: clear X-Firefox-Spdy: h2

	classify-client.services.mozilla.com/api/v1/classify_client/	35.190.72.216	200 OK	64 B
URL HTTP classify-client.services.mozilla.com/api/v1/classify_client/ IP / ASN 35.190.72.216 #15169 GOOGLE Requested byN/A Resource Info File typeJSON text data First Seen2025-02-16 Last Seen2025-02-16 Times Seen1 Size64 B (64 bytes) MD5107d6eb4a37c4b24c48750dbcc4de8ce SHA1a781147b746bb2c93ae95e8af6b28d636bb63ea3 SHA2568bdc612e9a78c769e74e4c46460b46d2644ce37c7c42a6bd8d74e710ec9bab34 HTTP Headers `GET /api/v1/classify_client/ HTTP/1.1 Host: classify-client.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Sun, 16 Feb 2025 04:48:55 GMT content-type: application/json content-length: 64 cache-control: max-age=0, no-cache, no-store, must-revalidate strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	GET pomf2.lain.la/f/36znx8te.7z	0.0.0.0	200 OK	0 B
URL User Request GET HTTPS pomf2.lain.la/f/36znx8te.7z IP / ASN 0.0.0.0 #0 Requested byN/A Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-05 Times Seen5676451 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subject.lain.la Fingerprint69:E8:B4:3B:49:5A:A3:9E:A8:9D:D6:1E:27:41:DA:BE:BC:47:E2:AD ValidityMon, 16 Dec 2024 00:22:05 GMT - Sun, 16 Mar 2025 00:22:04 GMT HTTP Headers `GET /f/36znx8te.7z HTTP/1.1 Host: pomf2.lain.la User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Sun, 16 Feb 2025 04:40:42 GMT content-type: application/x-7z-compressed content-length: 316482994 last-modified: Sat, 15 Feb 2025 10:43:37 GMT etag: "67b06fd9-12dd25b2" access-control-allow-origin: https://cytube.lain.la accept-ranges: bytes X-Firefox-Spdy: h2`