Report - 42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d

Report Overview

Submitted URL
42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt
IP
34.102.176.152
ASN
#15169 GOOGLE
Submitted
2023-05-28 22:19:36
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com	unknown	2013-05-26	2020-06-02	2023-05-19	1.1 kB	3.4 kB	34.102.176.152
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-05-28	660 B	1.9 kB	104.18.15.101

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-28	medium	42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
634821758833625857c13bb16934fc2e
67b4a01580e62f774e7bc237bcad7bcdf6ab86b5
f61c79e94b9a45eb9b36e184894fedea51861b7a57cfbeaea7c809e1c7dbd3a8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 May 2023 22:19:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 00:32:26 GMT
Expires: Sun, 04 Jun 2023 00:32:25 GMT
Etag: "67b4a01580e62f774e7bc237bcad7bcdf6ab86b5"
Cache-Control: max-age=526470,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce9e0e5a9e1b51b-OSL

42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt

34.102.176.152

200 OK

2.4 kB

URL User Request GET HTTP/2
42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt
IP
34.102.176.152:443
ASN
#15169 GOOGLE

Certificate
IssuerSectigo Limited
Subject*.usrfiles.com
FingerprintA4:13:5D:EA:AC:2A:0C:0F:5B:A1:EA:A5:61:47:45:B1:E4:B3:D3:78
ValiditySat, 25 Feb 2023 00:00:00 GMT - Thu, 24 Aug 2023 23:59:59 GMT

File type
XML 1.0 document text\012- XML document, Unicode text, UTF-8 text, with very long lines (2088), with CRLF line terminators
Size
2.4 kB (2423 bytes)
Hash
c90b31d5808920b18ea943da493719b6
26005d1b84393e0dbee69d28e4578a2bb3f1e0c9
c7dbbce74d7786826284ca764da87840797978cb8ebbd2846b957e1faa1bedaf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt HTTP/1.1
Host: 42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Sun, 28 May 2023 22:19:19 GMT
content-type: text/plain
content-length: 2423
expires: Sun, 28 May 2023 23:19:19 GMT
cache-control: public, max-age=15552000, immutable
last-modified: Fri, 09 Sep 2022 01:19:00 GMT
etag: "c90b31d5808920b18ea943da493719b6"
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
timing-allow-origin: *
x-seen-by: gcp.us-central-1.media-router-84588bb8-4s2xm
x-robots-tag: noindex, nofollow
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
634821758833625857c13bb16934fc2e
67b4a01580e62f774e7bc237bcad7bcdf6ab86b5
f61c79e94b9a45eb9b36e184894fedea51861b7a57cfbeaea7c809e1c7dbd3a8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 May 2023 22:19:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 00:32:26 GMT
Expires: Sun, 04 Jun 2023 00:32:25 GMT
Etag: "67b4a01580e62f774e7bc237bcad7bcdf6ab86b5"
Cache-Control: max-age=527154,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce9e0e7da68fab8-OSL

42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/favicon.ico

34.102.176.152

403 Forbidden

9 B

URL GET HTTP/3
42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/favicon.ico
IP
34.102.176.152:443
ASN
#15169 GOOGLE

Requested by
https://42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt
Certificate
IssuerSectigo Limited
Subject*.usrfiles.com
FingerprintA4:13:5D:EA:AC:2A:0C:0F:5B:A1:EA:A5:61:47:45:B1:E4:B3:D3:78
ValiditySat, 25 Feb 2023 00:00:00 GMT - Thu, 24 Aug 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
722969577a96ca3953e84e3d949dee81
3dab5f6012e3e149b5a939b9cebba4a0b84dc8f5
78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_1c92cfc584cd466fbe1f352e9566105a.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
server: openresty/1.21.4.1
date: Sun, 28 May 2023 22:19:19 GMT
content-type: text/plain
content-length: 9
access-control-allow-origin: *
cache-control: no-cache, private, must-revalidate, proxy-revalidate, no-store
timing-allow-origin: *
x-seen-by: gcp.us-central-1.media-router-84588bb8-vfll5
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers