urlquery - report: adaf.xyz/adaf/hm/download/v35.6/8705cae3fff101c2bb6c884f5c68bda983c0955d7fa477692424cd2c727cafea/GDHM_TASBOT

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP	Comment
adaf.xyz (1)	0	2015-07-10 07:28:21	2023-05-21 08:13:24	576	699	0.0.0.0

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

adaf.xyz (1)

2015-07-10 07:28:21

2023-05-21 08:13:24

576

699

0.0.0.0

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff101c2bb6c884f5c68bda983c0955d7fa (...)	Malware

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

adaf.xyz/adaf/hm/download/v35.6/8705cae3fff101c2bb6c884f5c68bda983c0955d7fa (...)

Malware

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.221.209

Date	UQ / IDS / BL	URL	IP
2023-05-27 12:01:46 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v34.0/5b2782ab11c01 (...)	172.67.221.209
2023-05-26 14:06:56 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff10 (...)	172.67.221.209
2023-05-05 02:35:19 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff10 (...)	172.67.221.209
2023-03-29 14:01:03 UTC	0 - 0 - 2	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff10 (...)	172.67.221.209
2023-03-20 15:35:54 UTC	0 - 0 - 2	adaf.xyz/adaf/hm/download/v34.18/b0fc84427313 (...)	172.67.221.209

Last 5 reports on ASN: CLOUDFLARENET

Date	UQ / IDS / BL	URL	IP
2023-06-06 05:23:37 UTC	0 - 2 - 0	www.cbdshop.cc/PageCMS/NewsLetter_Click.aspx? (...)	172.67.174.89
2023-06-06 05:21:27 UTC	0 - 1 - 0	cdn.discordapp.com/attachments/48414214165286 (...)	162.159.129.233
2023-06-06 05:21:00 UTC	0 - 1 - 0	cdn.discordapp.com/attachments/47063523149021 (...)	162.159.130.233
2023-06-06 05:20:56 UTC	0 - 2 - 0	cdn.discordapp.com/attachments/41151452989017 (...)	162.159.130.233
2023-06-06 05:18:34 UTC	0 - 0 - 1	systemwrong.com/spin60411mxpp_bb/?clickid=w4n (...)	104.21.78.132

Last 5 reports on domain: adaf.xyz

Date	UQ / IDS / BL	URL	IP
2023-05-28 12:10:18 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff10 (...)	104.21.70.78
2023-05-27 12:07:36 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff10 (...)	104.21.70.78
2023-05-27 12:01:46 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v34.0/5b2782ab11c01 (...)	172.67.221.209
2023-05-26 14:06:56 UTC	0 - 0 - 1	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff10 (...)	172.67.221.209
2023-05-21 10:29:12 UTC	0 - 0 - 2	adaf.xyz/	104.21.70.78

Last 5 reports with similar screenshot

Date	UQ / IDS / BL	URL	IP
2023-06-06 05:25:00 UTC	0 - 1 - 0	acs.pandasoftware.com/Panda/FREEAV/181305/FRE (...)	23.36.76.88
2023-06-06 05:18:23 UTC	0 - 3 - 0	www.moondogs.cc/hjjm_6578.exe	121.40.42.117
2023-06-06 05:18:04 UTC	0 - 2 - 1	134.195.207.8/d/msdownload/update/software/de (...)	134.195.207.8
2023-06-06 05:17:39 UTC	0 - 3 - 0	www.moondogs.cc/moondogs_6578.exe	121.40.42.117
2023-06-06 05:16:39 UTC	0 - 2 - 0	cdn.kmplayer.com/KMP/Download/kmp.exe	163.171.140.79

Request	Response
GET /adaf/hm/download/v35.6/8705cae3fff101c2bb6c884f5c68bda983c0955d7fa477692424cd2c727cafea/GDHM_TASBOT_v35.6.zip HTTP/1.1 Host: adaf.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	0.0.0.0 HTTP/2 200 OK content-type: application/zip date: Fri, 26 May 2023 14:06:31 GMT content-length: 143812158 last-modified: Sat, 07 Jan 2023 13:12:30 GMT etag: "63b96fbe-892663e" cache-control: max-age=14400 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BkXtrilP0oXk15X8UfvbccCgx920OjFzlNkvWhK7UlKa0Sg8RMITYNzQaET%2FFWE5ErIidbEifXb%2BkmWodZHuLjV9gjX3x5DGaHJ3ifUpNq11zGwKKeoMH6uSVQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7cd694437c630b49-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Blocklists: - fortinet: Malware

Request

Response

                                        
                                            GET /adaf/hm/download/v35.6/8705cae3fff101c2bb6c884f5c68bda983c0955d7fa477692424cd2c727cafea/GDHM_TASBOT_v35.6.zip HTTP/1.1 

                                        
                                            
Host: adaf.xyz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             0.0.0.0

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: application/zip

                                            

                                            
                                                
date: Fri, 26 May 2023 14:06:31 GMT 

                                            
                                                
content-length: 143812158 

                                            
                                                
last-modified: Sat, 07 Jan 2023 13:12:30 GMT 

                                            
                                                
etag: "63b96fbe-892663e" 

                                            
                                                
cache-control: max-age=14400 

                                            
                                                
cf-cache-status: MISS 

                                            
                                                
accept-ranges: bytes 

                                            
                                                
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BkXtrilP0oXk15X8UfvbccCgx920OjFzlNkvWhK7UlKa0Sg8RMITYNzQaET%2FFWE5ErIidbEifXb%2BkmWodZHuLjV9gjX3x5DGaHJ3ifUpNq11zGwKKeoMH6uSVQ%3D%3D"}],"group":"cf-nel","max_age":604800} 

                                            
                                                
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} 

                                            
                                                
vary: Accept-Encoding 

                                            
                                                
server: cloudflare 

                                            
                                                
cf-ray: 7cd694437c630b49-OSL 

                                            
                                                
alt-svc: h3=":443"; ma=86400 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

URL	adaf.xyz/adaf/hm/download/v35.6/8705cae3fff101c2bb6c884f5c68bda983c0955d7fa477692424cd2c727cafea/GDHM_TASBOT_v35.6.zip
IP	172.67.221.209 (United States)
ASN	#13335 CLOUDFLARENET
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 14:06:56 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	1
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (1)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.221.209

Last 5 reports on ASN: CLOUDFLARENET

Last 5 reports on domain: adaf.xyz

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Overview

Domain Summary (1)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.221.209

Last 5 reports on ASN: CLOUDFLARENET

Last 5 reports on domain: adaf.xyz

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Network Intrusion Detection Systems