Report - dosign.it.com/verification/s.php?an=2

Report Overview

Visited public
2025-05-13 17:57:09
Tags
URL
dosign.it.com/verification/s.php?an=2
Finishing URL
about:privatebrowsing
IP / ASN
172.67.190.220
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dosign.it.com	unknown	1992-10-23	2025-05-13	2025-05-13	505 B	2.3 MB	172.67.190.220

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dosign.it.com/verification/s.php?an=2
IP
172.67.190.220
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.3 MB (2314075 bytes)
Hash
6005bc33e2d5de87aab3227f752cc463
47859cd3045ed12f320abbdb1904c1281afa25ed
b67f26314bb801b9ffa670b6e7a39c74004460054d36a3520781dbe5b72cdc42

Archive (16)

Filename

Md5

File type

api-ms-win-crt-convert-l1-1-0.dll

4d44f878d747363c6a34bf3609bbd663

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-environment-l1-1-0.dll

06581caa794c774d61ba8bbe9154c2d2

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-filesystem-l1-1-0.dll

c03e51d51d33076f2417171435914902

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-heap-l1-1-0.dll

ad849152885a1a91438cd1d141fa3802

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-locale-l1-1-0.dll

fd956e443255c677f917d503f5c391d9

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-math-l1-1-0.dll

ac091f3a6dfa5ca6a26ec73672679aab

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-multibyte-l1-1-0.dll

5a791871b5ca66421f3420e773015470

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-runtime-l1-1-0.dll

aa7af0b906336d221759d87da3ccdf66

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-stdio-l1-1-0.dll

485d0124e2645488d4594ca726dbbc34

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-string-l1-1-0.dll

f23a085644371e2622b380d589a5a9f7

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

api-ms-win-crt-time-l1-1-0.dll

a66bde5881977305bddcd50893ff037b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

curl.exe

c2817422c50a8060aca9cc2ccbb0a2d0

PE32 executable (console) Intel 80386, for MS Windows, 8 sections

jp2launcher.exe

d3c216ddb0d7d84bdd599e1b2bee320c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

msvcp140.dll

408e96b7ebb3cb972b90622391607ced

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

msvcp140d.dll

dc739066c9d0ca961cba2f320cade28e

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

vcruntime140.dll

1d4ff3cf64ab08c66ae9a4013c89a3ac

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	meth_stackstrings
VirusTotal	suspicious	VirusTotal - Scan result 3/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

dosign.it.com/verification/s.php?an=2

172.67.190.220

200 OK

2.3 MB

URL User Request GET
dosign.it.com/verification/s.php?an=2
IP
172.67.190.220:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdosign.it.com
Fingerprint08:92:5F:56:5A:AF:A1:C1:EB:42:59:CB:A7:88:FD:09:8F:F3:C6:5B
ValidityWed, 30 Apr 2025 20:39:07 GMT - Tue, 29 Jul 2025 21:37:34 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.3 MB (2314075 bytes)
Hash
6005bc33e2d5de87aab3227f752cc463
47859cd3045ed12f320abbdb1904c1281afa25ed
b67f26314bb801b9ffa670b6e7a39c74004460054d36a3520781dbe5b72cdc42

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/65

HTTP Headers

GET /verification/s.php?an=2 HTTP/1.1
Host: dosign.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 13 May 2025 17:56:36 GMT
content-type: application/octet-stream
server: cloudflare
access-control-allow-origin: *
expires: 0
cache-control: must-revalidate, post-check=0, pre-check=0
pragma: public
content-disposition: attachment; filename=31933
content-transfer-encoding: binary
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LUvkOJDnrt3oierrh8Qp7i184Gz%2Fg5HNHPoayw8CU2ImR0kZ%2BsfjTkxMIafYKUcn6SAGhHb9QOcZfccrAL%2FA0cLoqDw1UqKV3HHFUCnkdg9LHRE%2BVaPjSl9dR8hPrDEa"}]}
set-cookie: PHPSESSID=9p1ci1u0s360e3rsorei6i22eb; Path=/
cf-ray: 93f4088dfb18fe9a-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2