91.92.253.126/Downloads/Factura_SA161.pdf.lnk
91.92.253.126200 OK 2.0 kB URL User Request GET HTTP/1.1 91.92.253.126/Downloads/Factura_SA161.pdf.lnk
IP 91.92.253.126:80
File type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=13, Archive, ctime=Sat May 8 08:13:59 2021, mtime=Sat May 8 08:13:59 2021, atime=Sat May 8 08:13:59 2021, length=41472, window=hidenormalshowminimized
Hash 6b602c96ff01c4f55c7a625b2358a988
af42a6e2c1b97a958cf9e50a30cdf02221c07098
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc
Analyzer Verdict Alert Public InfoSec YARA rules malware Identifies PowerShell artefacts in shortcut (LNK) files.
Public InfoSec YARA rules malware Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules malware Identifies download artefacts in shortcut (LNK) files.
Quad9 DNS malicious Sinkholed
NIDS Severity Alert suricata low ET INFO LNK File Downloaded via HTTP
GET /Downloads/Factura_SA161.pdf.lnk HTTP/1.1
Host: 91.92.253.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 2003
Content-Type: application/octet-stream
Etag: "17c5314de2b35b437d3"
Last-Modified: Thu, 11 Apr 2024 09:57:23 GMT
Date: Thu, 18 Apr 2024 17:00:32 GMT
normandy.cdn.mozilla.net/api/v1/
35.201.103.21 598 B URL normandy.cdn.mozilla.net/api/v1/
IP 35.201.103.21:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash 3076f9a5cb273105528b893ff7111e41
b8990c145fe71b9a2410eea41a60a712b43b82bf
69c578fb0c03a28141a975833f660f4571e7991dc28ae7f9cead37672ee2c9b3
GET /api/v1/ HTTP/1.1
Host: normandy.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 598
allow: GET, HEAD, OPTIONS
content-security-policy: form-action 'self'; base-uri 'none'; default-src 'self' https://normandy.cdn.mozilla.net/; block-all-mixed-content; frame-src 'none'; object-src 'none'; worker-src 'none'; report-uri /__cspreport__
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
via: 1.1 google
date: Wed, 17 Apr 2024 23:22:33 GMT
cache-control: public, max-age=86400
content-type: application/json
vary: Accept, Origin
age: 63498
alt-svc: clear
X-Firefox-Spdy: h2
classify-client.services.mozilla.com/api/v1/classify_client/
34.98.75.36 64 B URL classify-client.services.mozilla.com/api/v1/classify_client/
IP 34.98.75.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash 28940765f4c657de09c9450cf8267ebf
7df77e55726ba25e3f9a9472967f8323dd535e96
a924e17663ceb6afb8b1af8667705b2edb16ac0b45615de2272bc302e949e321
GET /api/v1/classify_client/ HTTP/1.1
Host: classify-client.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 17:00:51 GMT
content-type: application/json
content-length: 64
cache-control: max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
35.244.181.201 444 B URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP 35.244.181.201:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type XML 1.0 document, ASCII text, with very long lines (332)
Hash 3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=0wQOd9tVopn0Jm3fHpY-9QQpbVT65_mXgFikeJP-ZVL94MjQzB0OtuRkxMg_kja12PYFke6qR69nDYN4JY2UQsvHR3QqmGjU7VsxpVHoto_oJNK-48DupnkCatr7fm9d
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Thu, 18 Apr 2024 16:59:26 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 85
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2