Report - 185.224.128.215/a.zip

Report Overview

Submitted URL
185.224.128.215/a.zip
IP
185.224.128.215
ASN
#62068 SpectraIP B.V.
Submitted
2023-04-27 13:12:52
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474		2015-08-24	2023-04-26	655 B	43 kB	162.159.129.233
185.224.128.215	unknown		No data	No data	385 B	590 kB	185.224.128.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-27 13:12:37	medium	185.224.128.215	Client IP	ET DROP Dshield Block Listed Source group 1
2023-04-27 13:12:37	medium	185.224.128.215	Client IP	ET COMPROMISED Known Compromised or Hostile Host Traffic group 8
2023-04-27 13:12:37	medium	Client IP	185.224.128.215	ET INFO Dotted Quad Host ZIP Request

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-27	medium	185.224.128.215/a.zip

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-04-27	medium	185.224.128.215

ThreatFox

No alerts detected

Files detected

URL
185.224.128.215/a.zip
IP
185.224.128.215
ASN
#62068 SpectraIP B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
590 kB (589497 bytes)
Hash
0f24142d3830e2e41777c33fc50e9b77
201b2d796e286eecc8830aa70578400a99d33e0a
71000e4009834fa023a70ea594fa126cbabbeac6182b8635c172ebf50d16f3b5

Detections

Analyzer	Verdict	Alert
VirusTotal	37/64	VirusTotal -

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

cdn.discordapp.com/attachments/1097075502436589590/1097623079590580368/Pack3.zip

162.159.129.233

42 kB

URL
cdn.discordapp.com/attachments/1097075502436589590/1097623079590580368/Pack3.zip
IP
162.159.129.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
42 kB (41772 bytes)
Hash
cdda778229c81ddb90395f7f52ba474c
3ba42354be86ae9ec04c3a7c6722144df6425dd6
ab6b2acf46260e2f9a4c17b0991d95b2ed865d6b3c97b5015470bd4c22f04625

HTTP Headers

GET /attachments/1097075502436589590/1097623079590580368/Pack3.zip HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __cf_bm=.wMaw9_IxRwlJNJeP4GWEWZFihAp4kmJIvfY2ZQiMWs-1682601136-0-AZERqElvfYisU9YVJW5e+GBPSfkisCWBHisRgeYMJf1++gPlD6EXuSrCJ79ej0tOpmaBz5O6/1y2C4grsMSIrHs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=160890880-
If-Match: "49b41e1ad1ea26a4c553832a7890ab43"
If-Unmodified-Since: Mon, 17 Apr 2023 20:42:15 GMT

HTTP/2 206 Partial Content
date: Thu, 27 Apr 2023 13:12:37 GMT
content-type: application/zip
content-length: 41772
cf-ray: 7be751723dee0b69-OSL
age: 106
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Pack3.zip"
content-range: bytes 160890880-160932651/160932652
etag: "49b41e1ad1ea26a4c553832a7890ab43"
expires: Fri, 26 Apr 2024 13:12:37 GMT
last-modified: Mon, 17 Apr 2023 20:42:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1681764135114140
x-goog-hash: crc32c=yFe+pw==, md5=SbQeGtHqJqTFU4MqeJCrQw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 160932652
x-guploader-uploadid: ADPycdudrXx_dMQ0QkAFkb8xQz5jaCo5BYwbakLq5Rd0uLDwlMCogRg1Ns0o5-SuOI5U57qu_j2r0kZoCuviaiLTCFmQZA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fh8SECVMgSfwIeWqMyfvnPBafpf1BEG6l94BBNQivx4wMFIU3PPMYphmMgSWNALEGXLoWAtLR8AYgwFFIuLWSr0KDeKLTlHzR8dYGcmrUfetYzLyVFfKKwmz61jiBI%2Fn%2Fme2Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

185.224.128.215/a.zip

185.224.128.215

200 OK

590 kB

URL User Request GET HTTP/1.1
185.224.128.215/a.zip
IP
185.224.128.215:80
ASN
#62068 SpectraIP B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
590 kB (589497 bytes)
Hash
0f24142d3830e2e41777c33fc50e9b77
201b2d796e286eecc8830aa70578400a99d33e0a
71000e4009834fa023a70ea594fa126cbabbeac6182b8635c172ebf50d16f3b5

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed
VirusTotal	37/64	VirusTotal -

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host ZIP Request

HTTP Headers

GET /a.zip HTTP/1.1
Host: 185.224.128.215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 27 Apr 2023 13:12:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Mon, 17 Apr 2023 02:09:16 GMT
ETag: "8feb9-5f97ead862b00"
Accept-Ranges: bytes
Content-Length: 589497
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers