Report - www.greatis.com/dbs.zip

Report Overview

Submitted URL
www.greatis.com/dbs.zip
IP
144.217.89.149
ASN
#16276 OVH SAS
Submitted
2024-04-23 01:11:44
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.greatis.com	unknown	2000-02-17	2012-05-24	2024-04-18	477 B	2.5 MB	144.217.89.149
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-21	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
www.greatis.com/dbs.zip
IP
144.217.89.149
ASN
#16276 OVH SAS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.5 MB (2492978 bytes)
Hash
058ddeac91696a4e5358c4f79db098a8
357c3d2ba9ac01b4152d1fb6b3e40efdd92e6ca2
85684f5b4eb60043d4faecba84f0813c0aea7c8bf298a35b4a6455d2fd3ded74

Archive (2)

Filename

Md5

File type

dbs.db

b5ce0b3bc5db37c10e096043ec9a9279

SQLite 3.x database, last written using SQLite version 3019003, page size 1024, file counter 22008, database pages 5332, cookie 0x49, schema 4, UTF-8, version-valid-for 21920

dbswww.ini

143843df2ee8482333710cc22e1e1061

Generic INItialization configuration [Chat]

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites
Public InfoSec YARA rules	malware	Identifies AutoIT script.

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	www.greatis.com/dbs.zip	144.217.89.149	200 OK	2.5 MB
URL User Request GET HTTP/1.1 www.greatis.com/dbs.zip IP 144.217.89.149:443 ASN #16276 OVH SAS Certificate IssuerLet's Encrypt Subjectgreatis.com Fingerprint80:C4:FA:94:69:6A:64:5C:AE:97:EE:F8:AD:91:07:CC:29:41:F1:51 ValidityMon, 25 Mar 2024 18:49:17 GMT - Sun, 23 Jun 2024 18:49:16 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 2.5 MB (2492978 bytes) Hash 058ddeac91696a4e5358c4f79db098a8 357c3d2ba9ac01b4152d1fb6b3e40efdd92e6ca2 85684f5b4eb60043d4faecba84f0813c0aea7c8bf298a35b4a6455d2fd3ded74 HTTP Headers `GET /dbs.zip HTTP/1.1 Host: www.greatis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 01:11:18 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Sun, 21 Apr 2024 18:44:50 GMT ETag: "260a32-6169fb73cba9f" Accept-Ranges: bytes Content-Length: 2492978 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=GkCre5x_PHqSq-Mywo-1AMuzvNcsFdboYHbjCsIcHJY6G4rWzFaMKoAed78b8kuJuVxdGpJsrjFY0mWCqxAk8BwusX3ez3xTKjNhTpFhYUbcWW113DFxCzC5LZHCCo0H strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Tue, 23 Apr 2024 01:11:03 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 34 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers