Report - org.zip

Report Overview

Visited public
2024-11-20 22:51:02
Tags
URL
org.zip
Finishing URL
org.zip/
IP / ASN
44.231.167.51
#16509 AMAZON-02
Title
org.zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-11-20	414 B	111 kB	142.250.74.136
org.zip	unknown	2023-05-24	2015-07-28	2024-11-20	3.1 kB	1.8 MB	44.231.167.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-11-20 22:50:37	low	Client IP	44.231.167.51	ET INFO HTTP Request to a *.zip Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	org.zip/	0 B	0001-01-01 00:00	2024-11-21 07:38
Pretty URL org.zip/ IP 44.231.167.51 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2024-11-21 07:38 Times Seen3388729 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=G-9KLHTR0CK2	330 kB	2024-11-20 22:51	2024-11-20 22:51
Pretty URL www.googletagmanager.com/gtag/js?id=G-9KLHTR0CK2 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-20 22:51 Last Seen2024-11-20 22:51 Times Seen1 Hash 37015a75b8ce27393e725bdb88db1bf2 0c6af1c6d5252e00fb4056ab65d2729b8b0e2195 18cb7ab4b7251936af7f885b8deb47e440542088b4b208d899eb4020215160e2 Loading...

HTTP Transactions (7)

URL IP Response Size

org.zip/

44.231.167.51

302 Object moved

136 B

URL User Request GET HTTP/2
org.zip/
IP
44.231.167.51:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subject*.org.zip
Fingerprint49:E8:7D:73:67:E1:C5:2D:85:51:42:CB:B2:EA:BA:11:80:DF:C7:DF
ValidityWed, 24 May 2023 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
136 B (136 bytes)
Hash
216f6d3f4b7af8063b67268859028e33
873f362ae8a82e2512457c2cd09a292b5930ce2f
b1795db2b36a86d4c5bfeb62fc8be2cbd558b71050b159c78874628323a14f4b

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: org.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Type: text/html
Location: https://org.zip
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDSSSQSBBS=JCMDEPNCCPCBLNCCJHNFEDGN; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Nov 2024 22:50:37 GMT
Content-Length: 136

org.zip/

44.231.167.51

200 OK

2.6 kB

URL User Request GET HTTP/2
org.zip/
IP
44.231.167.51:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subject*.org.zip
Fingerprint49:E8:7D:73:67:E1:C5:2D:85:51:42:CB:B2:EA:BA:11:80:DF:C7:DF
ValidityWed, 24 May 2023 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
2.6 kB (2557 bytes)
Hash
ff3b7f384ca94741788737aef225c93d
cc267fc94f5507f2669e9c2b4b8379b81add7615
a9a63d11de7eeb6fbed9c90bf68d6bf836b573b6b3e98fff90c5e2396d562f0a

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: org.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDSSSQSBBS=JCMDEPNCCPCBLNCCJHNFEDGN
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
set-cookie: ASPSESSIONIDSWSQSBBS=KCMDEPNCGKLLPPEGEEGJCDJB; secure; path=/
x-powered-by: ASP.NET
date: Wed, 20 Nov 2024 22:50:39 GMT
content-length: 2557
X-Firefox-Spdy: h2

org.zip/css/main.css

44.231.167.51

200 OK

1.1 kB

URL GET HTTP/2
org.zip/css/main.css
IP
44.231.167.51:443
ASN
#16509 AMAZON-02

Requested by
https://org.zip/
Certificate
IssuerSectigo Limited
Subject*.org.zip
Fingerprint49:E8:7D:73:67:E1:C5:2D:85:51:42:CB:B2:EA:BA:11:80:DF:C7:DF
ValidityWed, 24 May 2023 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1110 bytes)
Hash
26127f0f1591fb2ecaec54f7c0cc941f
dfa780fda26a0dbcf90a1006b8791e226eef31bd
132b3e7b065f3d12cc5b0c6912ea95ac6282a57f622434153c787d6800ae7449

HTTP Headers

GET /css/main.css HTTP/1.1
Host: org.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://org.zip/
Cookie: ASPSESSIONIDSSSQSBBS=JCMDEPNCCPCBLNCCJHNFEDGN; ASPSESSIONIDSWSQSBBS=KCMDEPNCGKLLPPEGEEGJCDJB
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Fri, 19 Jan 2024 06:29:04 GMT
accept-ranges: bytes
etag: "2951ecca04ada1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 20 Nov 2024 22:50:39 GMT
content-length: 1110
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-9KLHTR0CK2

142.250.74.136

200 OK

110 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-9KLHTR0CK2
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://org.zip/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint8F:6D:67:20:75:1C:E2:F2:C3:65:DF:AC:EA:22:D8:AD:ED:0A:08:BA
ValidityMon, 21 Oct 2024 08:36:57 GMT - Mon, 13 Jan 2025 08:36:56 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
110 kB (109856 bytes)
Hash
37015a75b8ce27393e725bdb88db1bf2
0c6af1c6d5252e00fb4056ab65d2729b8b0e2195
18cb7ab4b7251936af7f885b8deb47e440542088b4b208d899eb4020215160e2

HTTP Headers

GET /gtag/js?id=G-9KLHTR0CK2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://org.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 20 Nov 2024 22:50:39 GMT
expires: Wed, 20 Nov 2024 22:50:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 109856
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

org.zip/favicon.ico

44.231.167.51

404 Not Found

1.2 kB

URL GET HTTP/2
org.zip/favicon.ico
IP
44.231.167.51:443
ASN
#16509 AMAZON-02

Requested by
https://org.zip/
Certificate
IssuerSectigo Limited
Subject*.org.zip
Fingerprint49:E8:7D:73:67:E1:C5:2D:85:51:42:CB:B2:EA:BA:11:80:DF:C7:DF
ValidityWed, 24 May 2023 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: org.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://org.zip/
Cookie: ASPSESSIONIDSSSQSBBS=JCMDEPNCCPCBLNCCJHNFEDGN; ASPSESSIONIDSWSQSBBS=KCMDEPNCGKLLPPEGEEGJCDJB; _ga_9KLHTR0CK2=GS1.1.1732143039.1.0.1732143039.0.0.0; _ga=GA1.1.1069645175.1732143040
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 20 Nov 2024 22:50:39 GMT
content-length: 1245
X-Firefox-Spdy: h2

org.zip/hook_150h.png

44.231.167.51

200 OK

816 kB

URL GET HTTP/2
org.zip/hook_150h.png
IP
44.231.167.51:443
ASN
#16509 AMAZON-02

Requested by
https://org.zip/
Certificate
IssuerSectigo Limited
Subject*.org.zip
Fingerprint49:E8:7D:73:67:E1:C5:2D:85:51:42:CB:B2:EA:BA:11:80:DF:C7:DF
ValidityWed, 24 May 2023 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
PNG image data, 3668 x 9043, 8-bit/color RGBA, non-interlaced
Size
816 kB (816394 bytes)
Hash
538a98c85b189a3b4c07c304b0d5206a
f557b2ebd88886a180e08d285edd8608ee621a56
12198044d68954b8226ac3f3bcb19a3504b5daec201be2302526f6f649bccad7

HTTP Headers

GET /hook_150h.png HTTP/1.1
Host: org.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://org.zip/
Cookie: ASPSESSIONIDSSSQSBBS=JCMDEPNCCPCBLNCCJHNFEDGN; ASPSESSIONIDSWSQSBBS=KCMDEPNCGKLLPPEGEEGJCDJB
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 19 Jan 2024 06:29:26 GMT
accept-ranges: bytes
etag: "ed64a7d9a04ada1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 20 Nov 2024 22:50:39 GMT
content-length: 816394
X-Firefox-Spdy: h2

org.zip/info/phishing-1920-background.jpg

44.231.167.51

200 OK

1.0 MB

URL GET HTTP/2
org.zip/info/phishing-1920-background.jpg
IP
44.231.167.51:443
ASN
#16509 AMAZON-02

Requested by
https://org.zip/
Certificate
IssuerSectigo Limited
Subject*.org.zip
Fingerprint49:E8:7D:73:67:E1:C5:2D:85:51:42:CB:B2:EA:BA:11:80:DF:C7:DF
ValidityWed, 24 May 2023 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=15, height=2813, bps=194, PhotometricInterpretation=RGB, description=Phishing email text on wooden blocks on top of a laptop. Business concept, manufacturer=NIKON CORPORATION, model=NIKON D90, orientation=upper-left, width=4235], baseline, precision 8, 1920x1275, components 3
Size
1.0 MB (1024682 bytes)
Hash
a83ed610518aa8e9616df0375326e73a
fac7f24795fc3e88094af31da664f8a660f20826
97f18838e4fade47d489b6cb131979f4f516b8928dedac0d349505fbe51e894d

HTTP Headers

GET /info/phishing-1920-background.jpg HTTP/1.1
Host: org.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://org.zip/css/main.css
Cookie: ASPSESSIONIDSSSQSBBS=JCMDEPNCCPCBLNCCJHNFEDGN; ASPSESSIONIDSWSQSBBS=KCMDEPNCGKLLPPEGEEGJCDJB
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
last-modified: Fri, 19 Jan 2024 06:29:23 GMT
accept-ranges: bytes
etag: "c5dedd7a04ada1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 20 Nov 2024 22:50:39 GMT
content-length: 1024682
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size