Report - 45.138.16.97:222/j.jpg

Report Overview

Submitted URL
45.138.16.97:222/j.jpg
IP
45.138.16.97
ASN
#210558 1337 Services GmbH
Submitted
2024-05-07 07:40:50
Access
public
Website Title
j.jpg (JPEG Image)
Final URL
45.138.16.97:222/j.jpg
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
45.138.16.97:222	unknown	unknown	No data	No data	740 B	1.3 MB	45.138.16.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	45.138.16.97	Sinkholed
2024-05-07	medium	45.138.16.97	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
45.138.16.97:222/j.jpg
IP
45.138.16.97
ASN
#210558 1337 Services GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.3 MB (1315050 bytes)
Hash
9a437ab53482728a4a8bb98e6e296f4e
5540d647c4f9908d4c7c1d70ea9b9fb81a3c2272
01602a9dfe555ba43a834dcd5141bc7269d58640880d59ce6c2ecb8184a02cfc

Archive (12)

Filename

Md5

File type

AutoHotkey

01435cd486e39061b034d6c9e360fb73

ASCII text, with very long lines (975), with CRLF line terminators

AutoHotkey.exe

e63e2669a293c1a6709c373f208a48cf

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Execute.txt

40cd014b7b6251e3a22e6a45a73a64e1

ASCII text, with no line terminators

getMethod.txt

db37f91f128a82062af0f39f649ea122

ASCII text, with no line terminators

Gettype.txt

9221b7b54ed96de7281d31f8ae35be6a

ASCII text, with no line terminators

Invoke.txt

5fb833d20ef9f93596f4117a81523536

ASCII text, with no line terminators

load.txt

ec4d1eb36b22d19728e9d1d23ca84d1c

ASCII text, with no line terminators

msg.txt

23413ef2f26b2c871ed3d0d89f3e2688

ASCII text, with very long lines (65536), with no line terminators

NewPE2.txt

8a56a0e23dbfe7a50c5ec927b73ec5f2

ASCII text, with no line terminators

node.bat

52dc8ab7250ca32c7dea8867d6464e5b

DOS batch file, ASCII text, with very long lines (550), with CRLF line terminators

runpe.txt

036668dd4080665d5acd0044a61dcb3c

ASCII text, with very long lines (65536), with no line terminators

Auto.vbs

1b86ac4c78166fdc657b6ac7c9519761

ASCII text, with CRLF line terminators

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

45.138.16.97:222/j.jpg

45.138.16.97

200 OK

1.3 MB

URL User Request GET HTTP/1.1
45.138.16.97:222/j.jpg
IP
45.138.16.97:222
ASN
#210558 1337 Services GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.3 MB (1315050 bytes)
Hash
9a437ab53482728a4a8bb98e6e296f4e
5540d647c4f9908d4c7c1d70ea9b9fb81a3c2272
01602a9dfe555ba43a834dcd5141bc7269d58640880d59ce6c2ecb8184a02cfc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /j.jpg HTTP/1.1
Host: 45.138.16.97:222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:40:23 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Mon, 06 May 2024 17:12:13 GMT
ETag: "1410ea-617cc2bac8d07"
Accept-Ranges: bytes
Content-Length: 1315050
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

45.138.16.97:222/favicon.ico

45.138.16.97

404 Not Found

299 B

URL GET HTTP/1.1
45.138.16.97:222/favicon.ico
IP
45.138.16.97:222
ASN
#210558 1337 Services GmbH

Requested by
http://45.138.16.97:222/j.jpg

File type
HTML document, ASCII text
Size
299 B (299 bytes)
Hash
0fa8dac6ce11f39e8a7854723299d2d9
410f4c2c6ec3bf477516bb1132c0226c07509c06
f28bb7cea69e000be420e45e16b7854414c51fa24d434923ec93c7c84fb6f67d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 45.138.16.97:222
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://45.138.16.97:222/j.jpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 07:40:23 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1