Report - reddog.s35.xrea.com/software/tksqlite-0.5.11-osx10.5-ix86

Report Overview

Submitted URL
reddog.s35.xrea.com/software/tksqlite-0.5.11-osx10.5-ix86_64-bin.zip
IP
160.251.150.135
ASN
#58791 GMO Internet,Inc
Submitted
2024-05-05 06:36:55
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
reddog.s35.xrea.com	unknown	2001-07-24	2012-12-08	2022-08-24	983 B	6.5 MB	160.251.150.135
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-03	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
reddog.s35.xrea.com/software/tksqlite-0.5.11-osx10.5-ix86_64-bin.zip
IP
160.251.150.135
ASN
#58791 GMO Internet,Inc

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
6.5 MB (6463349 bytes)
Hash
337fc5228196a8d1942698d3fef2a560
28b1e93c59bfcfc4f5f5722177871ba281cfef2d
789910b10c006bb4edc59c8d629cde0d4139e0b13fb3b0fa4543df681e556052

Archive (2)

Filename

Md5

File type

Info.plist

dc5c4afc2e25d43a159a3a0af4f5415e

XML 1.0 document, ASCII text

tksqlite

89704bbb96eb224e6ae936a9d22f32a2

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (4)

	URL	IP	Response	Size
	reddog.s35.xrea.com/	160.251.150.135		240 B
URL reddog.s35.xrea.com/ IP 160.251.150.135:0 ASN #58791 GMO Internet,Inc File type HTML document, ASCII text Size 240 B (240 bytes) Hash 53b8fbdcf1b24e46f88cd92656e54f13 a174bd43eea32b16f5e7474c61670e78c6b98580 7b0a3d5d6e2929157975eaa7378e762e44bd59c58a1a8644845ccfaa79c6e8d7 HTTP Headers `GET / HTTP/1.1 Host: reddog.s35.xrea.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Date: Sun, 05 May 2024 06:36:32 GMT Server: Apache Location: http://reddog.s35.xrea.com/wiki/ Content-Length: 240 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1`

	reddog.s35.xrea.com/wiki/	160.251.150.135		2.4 kB
URL reddog.s35.xrea.com/wiki/ IP 160.251.150.135:0 ASN #58791 GMO Internet,Inc File type XML 1.0 document, Unicode text, UTF-8 text, with very long lines (461) Size 2.4 kB (2446 bytes) Hash 738d61a607a9a11297dad41b322bea26 81abf28cbb55e97acc61235b82559b4e4e5deb99 db6a4e3d040b19f1fb18735ef1cc8393cae68a9356ad1e571dd8dc7ede247551 HTTP Headers `GET /wiki/ HTTP/1.1 Host: reddog.s35.xrea.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Sun, 05 May 2024 06:36:33 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Link: <http://reddog.s35.xrea.com/wiki/>; rel="canonical" Cache-control: no-cache Pragma: no-cache Set-Cookie: PHPSESSID=9khv7ad09uk8rkrtvcvpvc8ln1; path=/ Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=8BVAD9VpyQfpHDnxr_g1TJ0ymyu8jt3mga3tLWdIVs6AO2hxKoAvL4azejVTeOKwEuerZ74armTpIRsLwmXXygPwYaKYVJz-WP0u4N4F2w0GcJhwcZ4rbtuzo4sr3eL3 strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: MISS content-encoding: gzip via: 1.1 google date: Sun, 05 May 2024 06:36:02 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 45 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

	reddog.s35.xrea.com/software/tksqlite-0.5.11-osx10.5-ix86_64-bin.zip	160.251.150.135	200 OK	6.5 MB
URL User Request GET HTTP/1.1 reddog.s35.xrea.com/software/tksqlite-0.5.11-osx10.5-ix86_64-bin.zip IP 160.251.150.135:80 ASN #58791 GMO Internet,Inc File type Zip archive data, at least v1.0 to extract, compression method=store Size 6.5 MB (6463349 bytes) Hash 337fc5228196a8d1942698d3fef2a560 28b1e93c59bfcfc4f5f5722177871ba281cfef2d 789910b10c006bb4edc59c8d629cde0d4139e0b13fb3b0fa4543df681e556052 HTTP Headers `GET /software/tksqlite-0.5.11-osx10.5-ix86_64-bin.zip HTTP/1.1 Host: reddog.s35.xrea.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Sun, 05 May 2024 06:36:32 GMT Server: Apache Last-Modified: Wed, 09 Apr 2014 13:08:05 GMT ETag: "629f75-4f69bca863740" Accept-Ranges: bytes Content-Length: 6463349 Vary: User-Agent Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: application/zip`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

Detections

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers