Report - h169617.srv22.test-hf.su/147.exe

Report Overview

Submitted URL
h169617.srv22.test-hf.su/147.exe
IP
91.227.16.6
ASN
#207027 LLC Eximius
Submitted
2024-04-17 16:30:57
Access
public
Website Title
Запрошенный сайт отсутствует на нашем хостинге
Final URL
h169617.srv22.test-hf.su/147.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
h169617.srv22.test-hf.su	unknown	2014-10-22	2023-07-02	2024-04-17	402 B	1.7 kB	91.227.16.6
www.host-food.ru	unknown	2008-08-18	2012-07-21	2024-04-16	1.7 kB	34 kB	91.227.16.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	test-hf.su	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	h169617.srv22.test-hf.su/147.exe	0 B	2023-03-07	2024-04-30
Pretty URL h169617.srv22.test-hf.su/147.exe IP 91.227.16.6 ASN #207027 LLC Eximius Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-30 19:14:33 Times Seen37223830 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9e2f0cbe85476fd2e8b9a3280d226147	442 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 18:30:58 Last Seen2024-04-17 18:30:58 Times Seen1 Hash 9e2f0cbe85476fd2e8b9a3280d226147 ba58a9f660839ccfb79ad459560636d1a9c15ccf 343f2cd44a3a44b80c52d234bca56cf700896e40d2915e19f320a2329578fd9f Loading...

HTTP Transactions (5)

URL IP Response Size

h169617.srv22.test-hf.su/147.exe

91.227.16.6

1.4 kB

URL
h169617.srv22.test-hf.su/147.exe
IP
91.227.16.6:0
ASN
#207027 LLC Eximius

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.4 kB (1420 bytes)
Hash
e92bde98ad97e15f6cc093416dc04931
d9df04c5726a41f3f0c3b81835408e880ff1edd3
0d394dbb4cb32d5c44246006d51666f55524f9c1e9bddfa22d38071e17d50880

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /147.exe HTTP/1.1
Host: h169617.srv22.test-hf.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.24.0
Date: Wed, 17 Apr 2024 16:30:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
Content-Encoding: gzip

www.host-food.ru/style.css

91.227.16.32

200 OK

20 kB

URL GET HTTP/1.1
www.host-food.ru/style.css
IP
91.227.16.32:443
ASN
#207027 LLC Eximius

Requested by
http://h169617.srv22.test-hf.su/147.exe
Certificate
IssuerLet's Encrypt
Subjecthost-food.ru
Fingerprint8E:B2:B3:18:CD:2C:90:45:1B:9B:84:9C:38:F2:7E:F5:1D:3C:7B:A2
ValiditySun, 31 Mar 2024 09:03:31 GMT - Sat, 29 Jun 2024 09:03:30 GMT

File type
Unicode text, UTF-8 text, with very long lines (3232), with CRLF line terminators
Size
20 kB (20222 bytes)
Hash
798176b59977158ba758bc0314e9b4f8
0cca93aa92b5daf6f5fe0227e19cb8e2851e00c2
90512b1e4bc4c4bb04fa97882875e2bca40716d09c355e548431ed954eb80a32

HTTP Headers

GET /style.css HTTP/1.1
Host: www.host-food.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://h169617.srv22.test-hf.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Wed, 17 Apr 2024 16:30:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
Last-Modified: Fri, 30 Sep 2022 16:18:42 GMT
ETag: W/"17596-5e9e758e9fc80"
Content-Encoding: gzip

www.host-food.ru/images/logo.png

91.227.16.32

403 Forbidden

1.6 kB

URL GET HTTP/1.1
www.host-food.ru/images/logo.png
IP
91.227.16.32:443
ASN
#207027 LLC Eximius

Requested by
http://h169617.srv22.test-hf.su/147.exe
Certificate
IssuerLet's Encrypt
Subjecthost-food.ru
Fingerprint8E:B2:B3:18:CD:2C:90:45:1B:9B:84:9C:38:F2:7E:F5:1D:3C:7B:A2
ValiditySun, 31 Mar 2024 09:03:31 GMT - Sat, 29 Jun 2024 09:03:30 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.6 kB (1626 bytes)
Hash
40b2a49c2af09ed4fd4972f4b5261b3f
1d705fd4724259c90e10c87fb1c0c40e43d462c1
6a51ec9e7cb6212e5371d057af7a84cd033edc39013daf5e4b4351eb4d42be20

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.host-food.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.host-food.ru/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.24.0
Date: Wed, 17 Apr 2024 16:30:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
Content-Encoding: gzip

www.host-food.ru/images/not_found.png

91.227.16.32

200 OK

11 kB

URL GET HTTP/1.1
www.host-food.ru/images/not_found.png
IP
91.227.16.32:443
ASN
#207027 LLC Eximius

Requested by
http://h169617.srv22.test-hf.su/147.exe
Certificate
IssuerLet's Encrypt
Subjecthost-food.ru
Fingerprint8E:B2:B3:18:CD:2C:90:45:1B:9B:84:9C:38:F2:7E:F5:1D:3C:7B:A2
ValiditySun, 31 Mar 2024 09:03:31 GMT - Sat, 29 Jun 2024 09:03:30 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, interlaced
Size
11 kB (10754 bytes)
Hash
3a097e68c80e297a477886ae1e7e2f8f
b456f41eb672376d8b4060e814d9c6d872e89660
c5d2f800dc4b76a8ac9936517738716337bc42b0221feb5b260604b60a7c791c

HTTP Headers

GET /images/not_found.png HTTP/1.1
Host: www.host-food.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.host-food.ru/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Wed, 17 Apr 2024 16:30:33 GMT
Content-Type: image/png
Content-Length: 10754
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 27 Jan 2011 15:47:30 GMT
ETag: "2a02-49ad5ddfe8880"
Accept-Ranges: bytes

www.host-food.ru/favicon.ico

91.227.16.32

143 B

URL GET
www.host-food.ru/favicon.ico
IP
91.227.16.32:0
ASN
#207027 LLC Eximius

Requested by
http://h169617.srv22.test-hf.su/147.exe
Certificate
IssuerLet's Encrypt
Subjecthost-food.ru
Fingerprint8E:B2:B3:18:CD:2C:90:45:1B:9B:84:9C:38:F2:7E:F5:1D:3C:7B:A2
ValiditySun, 31 Mar 2024 09:03:31 GMT - Sat, 29 Jun 2024 09:03:30 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Size
143 B (143 bytes)
Hash
887ad208c900e93eda2942936e2b9acf
1103909d6ee7793039cbd3c150f3c9fc60ebcdc5
94d23c39fec62e8801d5a8bda2ead6f174009ea5110681904db65c6022252444

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.host-food.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://h169617.srv22.test-hf.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Wed, 17 Apr 2024 16:30:33 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
Last-Modified: Tue, 23 Feb 2010 21:13:27 GMT
ETag: W/"37e-4804b0551ebc0"
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (5)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers