Report - 91.92.251.57/holo.png

Report Overview

Submitted URL
91.92.251.57/holo.png
IP
91.92.251.57
ASN
#394711 LIMENET
Submitted
2024-05-10 11:47:04
Access
public
Website Title
holo.png (PNG Image)
Final URL
91.92.251.57/holo.png
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
91.92.251.57	unknown	unknown	2023-12-01	2024-04-15	734 B	2.0 MB	91.92.251.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 11:46:38	medium	91.92.251.57	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 13
2024-05-10 11:46:38	medium	91.92.251.57	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 13
2024-05-10 11:46:38	medium	91.92.251.57	Client IP	ETPRO HUNTING Observed ZIP Inbound with Content-Type Mismatch (image/png)
2024-05-10 11:46:38	medium	91.92.251.57	Client IP	ETPRO HUNTING Observed ZIP Inbound with Content-Type Mismatch (image/png)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	91.92.251.57	Sinkholed
2024-05-10	medium	91.92.251.57	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
91.92.251.57/holo.png
IP
91.92.251.57
ASN
#394711 LIMENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (2006970 bytes)
Hash
0294ae3c17e58c956293b601c5756f49
c3654ee86e60d89f5a8466e30e877e88429800f7
70645a76de6e3edadd54823bf8d8f25659ed8b7c8731c052cb4deb1d83ca9c08

Archive (13)

Modified	Filename	Size	Md5	File type
2024-04-23 19:15	Auto.vbs	435 B	a5b25c095336368b68172d0eec88069e	Unicode text, UTF-8 text, with CRLF line terminators
2024-04-23 19:33	AutoHotkey	339 B	2312ab36e3363bfa8f217c14354aba68	ASCII text, with CRLF line terminators
2024-01-01 01:49	Execute.txt	7 B	40cd014b7b6251e3a22e6a45a73a64e1	ASCII text, with no line terminators
2024-01-01 01:57	getMethod.txt	9 B	db37f91f128a82062af0f39f649ea122	ASCII text, with no line terminators
2024-01-01 01:56	Gettype.txt	7 B	9221b7b54ed96de7281d31f8ae35be6a	ASCII text, with no line terminators
2024-05-05 21:56	holo.jpg	982 kB	d256509c3520d9cbc273fdae72830035	Zip archive data, at least v2.0 to extract, compression method=deflate
2024-01-10 02:52	Invoke.txt	6 B	5fb833d20ef9f93596f4117a81523536	ASCII text, with no line terminators
2024-01-01 01:56	load.txt	4 B	ec4d1eb36b22d19728e9d1d23ca84d1c	ASCII text, with no line terminators
2024-05-07 20:09	msg.txt	752 kB	028bf3579e249d565dfd9f04dc434ab6	ASCII text, with very long lines (65536), with no line terminators
2024-01-01 02:08	NewPE2.txt	9 B	8a56a0e23dbfe7a50c5ec927b73ec5f2	ASCII text, with no line terminators
2024-04-23 19:21	node.bat	687 B	52dc8ab7250ca32c7dea8867d6464e5b	DOS batch file, ASCII text, with very long lines (550), with CRLF line terminators
2024-04-23 16:10	run.js	1.3 kB	660c9112523248048eaf7d9f1ee30960	JavaScript source, ASCII text, with CRLF line terminators
2024-05-05 21:54	runpe.txt	3.3 MB	76a28c16707bb318ce3b3e128006b7af	ASCII text, with very long lines (65536), with no line terminators

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

91.92.251.57/holo.png

91.92.251.57

200 OK

2.0 MB

URL User Request GET HTTP/1.1
91.92.251.57/holo.png
IP
91.92.251.57:80
ASN
#394711 LIMENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (2006970 bytes)
Hash
0294ae3c17e58c956293b601c5756f49
c3654ee86e60d89f5a8466e30e877e88429800f7
70645a76de6e3edadd54823bf8d8f25659ed8b7c8731c052cb4deb1d83ca9c08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed ZIP Inbound with Content-Type Mismatch (image/png)
suricata	medium	ETPRO HUNTING Observed ZIP Inbound with Content-Type Mismatch (image/png)

HTTP Headers

GET /holo.png HTTP/1.1
Host: 91.92.251.57
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 11:46:38 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Tue, 07 May 2024 23:10:30 GMT
ETag: "1e9fba-617e54acaee56"
Accept-Ranges: bytes
Content-Length: 2006970
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

91.92.251.57/favicon.ico

91.92.251.57

404 Not Found

298 B

URL GET HTTP/1.1
91.92.251.57/favicon.ico
IP
91.92.251.57:80
ASN
#394711 LIMENET

Requested by
http://91.92.251.57/holo.png

File type
HTML document, ASCII text
Size
298 B (298 bytes)
Hash
47cfdb983fa51a4b8f13c4cda2ea5314
33355cf2e149606321c601b439d3611ec8651bab
f149e2282c29c270cdd143df167d63133ee3424834cce515790da349c6d0c535

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 91.92.251.57
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://91.92.251.57/holo.png
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 11:46:39 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Content-Length: 298
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers