Report - icvpartners.com/gkonf/rentfree.zip

Report Overview

Submitted URL
icvpartners.com/gkonf/rentfree.zip
IP
192.124.249.104
ASN
#30148 SUCURI-SEC
Submitted
2023-05-21 16:55:21
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.godaddy.com	698	1999-03-02	2012-05-20	2023-05-21	330 B	2.3 kB	192.124.249.41
icvpartners.com	unknown	2009-04-27	2012-08-27	2023-05-17	947 B	3.5 kB	192.124.249.104
www.icvpartners.com	unknown	2009-04-27	2014-11-06	2023-05-16	454 B	5.2 kB	172.67.192.147

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-21	medium	icvpartners.com/gkonf/rentfree.zip

mnemonic secure dns

Scan Date	Severity	Indicator
2023-05-21	medium	icvpartners.com
2023-05-21	medium	icvpartners.com
2023-05-21	medium	icvpartners.com

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-21	medium	icvpartners.com
2023-05-21	medium	icvpartners.com
2023-05-21	medium	icvpartners.com

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-05-02	medium	icvpartners.com/gkonf/rentfree.zip

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

ocsp.godaddy.com/

192.124.249.41

1.8 kB

URL
ocsp.godaddy.com/
IP
192.124.249.41:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
221f288156d8b66958f1dbde85fb6f4a
093bad3d5ba442d72a897cf4278da29ef5206bf5
5154618bf260d799668d08dc853e87fe43520020b50530da3fb102bff195250c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 21 May 2023 16:55:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 21 May 2023 02:18:11 GMT
Expires: Mon, 22 May 2023 02:18:11 GMT
ETag: "093bad3d5ba442d72a897cf4278da29ef5206bf5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

icvpartners.com/gkonf/rentfree.zip

192.124.249.104

200 OK

1 B

URL User Request GET HTTP/2
icvpartners.com/gkonf/rentfree.zip
IP
192.124.249.104:443
ASN
#30148 SUCURI-SEC

Certificate
IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Malware
threatfox	QakBot
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /gkonf/rentfree.zip HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 21 May 2023 16:55:05 GMT
content-type: text/html; charset=UTF-8
content-length: 1
x-sucuri-id: 19004
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2

icvpartners.com/favicon.ico

192.124.249.104

302 Found

1 B

URL GET HTTP/2
icvpartners.com/favicon.ico
IP
192.124.249.104:443
ASN
#30148 SUCURI-SEC

Requested by
https://icvpartners.com/gkonf/rentfree.zip
Certificate
IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/gkonf/rentfree.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sun, 21 May 2023 16:55:06 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
x-sucuri-id: 19004
link: <https://www.icvpartners.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2

www.icvpartners.com/wp-content/uploads/2017/10/favicon.png

172.67.192.147

200 OK

3.2 kB

URL GET HTTP/2
www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
IP
172.67.192.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://icvpartners.com/gkonf/rentfree.zip
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:C1:21:29:CF:3C:61:2D:1C:2C:73:6D:56:B5:99:88:4F:A2:0B:30
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3237 bytes)
Hash
7a13861c03da303dfd81b09b9b88c966
8bec9a78448b122c042bc2247e9ef4a4864af696
f026991a98dcd89c66d04eda096c44b9b4abad132cc21dd7aeacad96bb8920f7

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2017/10/favicon.png HTTP/1.1
Host: www.icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 21 May 2023 16:55:06 GMT
content-type: image/png
content-length: 3237
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
last-modified: Mon, 30 Oct 2017 20:58:00 GMT
etag: "8817e3-ca5-55cc9e4c74600"
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vhGrhmGxnZJzJoxboqetkbRVYvpVVR0vAv%2B7zi9YqG9EbAVCkBTv%2Fn3Jx2qd6BQNf7KHRGTfyUcxxZUmXANeJhgN7gNj4hqk7N2Gy6oyKWa8spQWbp5uRcqF%2B8eq71YZPTspKWEo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cae58555824b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers