Report - tmpfiles.org/5673073/hoplitepack.zip

Report Overview

Submitted URL
tmpfiles.org/5673073/hoplitepack.zip
IP
104.21.21.16
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 18:52:32
Access
public
Website Title
/tmp/files - hoplitepack.zip
Final URL
tmpfiles.org/5673073/hoplitepack.zip
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tmpfiles.org	unknown	2015-07-27	2015-07-28	2024-04-17	5.2 kB	35 kB	104.21.21.16
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-08	870 B	166 kB	142.250.74.136
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	446 B	5.6 kB	142.250.74.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	tmpfiles.org	Sinkholed
2024-05-08	medium	tmpfiles.org	Sinkholed
2024-05-08	medium	tmpfiles.org	Sinkholed
2024-05-08	medium	tmpfiles.org	Sinkholed
2024-05-08	medium	tmpfiles.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	tmpfiles.org/5673073/hoplitepack.zip	0 B	2023-03-07	2024-05-20
Pretty URL tmpfiles.org/5673073/hoplitepack.zip IP 104.21.21.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 01:07:33 Times Seen37848293 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=UA-66112161-2	208 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-66112161-2 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:52:32 Last Seen2024-05-08 20:52:32 Times Seen2 Hash a34e7103d699934ee4ae2b14ed771da0 05c0e65d20789b59cbc6fab6b3d90be4a83e4dc9 32be1a8d22c9e6548fb2afcd70c13f10f6ee9aa3210a5cbe003400d26151ce16 Loading...

	tmpfiles.org/5673073/sandbox%20eval%20code	147 B	2023-04-11	2024-05-20
Pretty URL tmpfiles.org/5673073/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 01:03:29 Times Seen350871 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-20
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 01:03:27 Times Seen350356 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-0H0LNCD6F9&l=dataLayer&cx=c	254 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-0H0LNCD6F9&l=dataLayer&cx=c IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:52:32 Last Seen2024-05-08 20:52:32 Times Seen2 Hash dcc75340e25a0336a8a2ac3bf1a1b6bb 821f479c24d9bbf234df5090cd7a874f3a4ada69 a9c0d25d4da1f2ddff76d73dd798600eeebac4e7405e8365506be998f2a06ee4 Loading...

HTTP Transactions (8)

URL IP Response Size

tmpfiles.org/css/style.css

104.21.21.16

200 OK

3.5 kB

URL GET HTTP/3
tmpfiles.org/css/style.css
IP
104.21.21.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerLet's Encrypt
Subjecttmpfiles.org
FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42
ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT

File type
ASCII text, with very long lines (3316)
Size
3.5 kB (3517 bytes)
Hash
bc9b314c6f410e9d7cf926497c38adc4
786293f4e1d176c4d677a44f64da927f4d88be58
2d992cfc4628036a0a2b2437988139c00e40b5f457d3d4f093374ef603117051

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/5673073/hoplitepack.zip
Cookie: XSRF-TOKEN=eyJpdiI6IktsdVh1NzYxOStOT25ZLzFPVU13WlE9PSIsInZhbHVlIjoiSHljY2pMdEhTS3BnS2lMNjhCSkdSNTBzc2JkdFl2TDBiR2hBWGVSV2toM1JmQmJPanVYWlpxeW5WNUZiWUxoaUhNMVp4TWFsZklwYzVtUDVRbWEzbXBtcWg4cTY5M3duV1lMenFVWkpGZXhDbFVkY3FvUTk1bjFHUUI3c3RPY3MiLCJtYWMiOiI5MGFmMmNjMDFjODczNjZjMjE4YzEwMTQ3OTJkZWE1ZDI2MjQ3NDE0Yzc1NTczNGM0ZmJjYTExMTYzMGJiOWRjIn0%3D; tmpfiles_session=eyJpdiI6Im1VYVdBL2UyZUR5TVM3MXRkaGdOMkE9PSIsInZhbHVlIjoiMHQ2MUNiaE14Tzd6TUJZZGdUWERaNmxVUXpGaUtHdWM2SERzWEFRYnM4TkhFTFJCMUxqblAwZTVTYkdrbUpINTJWLzJ6UXl0Mi9MRkxZR3NHUkowbjJWeUNPSFRmajZjdVk5MzdQVHpiVDE4RDg2UEsrZ2ZZTmVJVHRIK0JGUk8iLCJtYWMiOiIzMzFhNGNkMTMwNWUxNGMyOWM5Y2VhNDI4MzkzZWQxNTRhNjgwYjViMzU4OThiYWQxNzExMmNjYTg0ZTA1NTMxIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 18:52:07 GMT
content-type: text/css
last-modified: Fri, 12 Mar 2021 21:13:21 GMT
etag: W/"604bd971-cf5"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pnHml5WkZ4a2tnzLPs%2FZL3IxUrtdFqgKaQU0Z4Aol6Udhx9zphuSBCzNrZ9eldVkL%2FtKkufcyfPXsBz9Sbq8%2FwH71qARYlyCbAX2V7dZNZQ1iFAofg5jELvRXr4Uf7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba5215d25b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-66112161-2

142.250.74.136

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-66112161-2
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (74752 bytes)
Hash
a34e7103d699934ee4ae2b14ed771da0
05c0e65d20789b59cbc6fab6b3d90be4a83e4dc9
32be1a8d22c9e6548fb2afcd70c13f10f6ee9aa3210a5cbe003400d26151ce16

HTTP Headers

GET /gtag/js?id=UA-66112161-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 18:52:07 GMT
expires: Wed, 08 May 2024 18:52:07 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74752
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-0H0LNCD6F9&l=dataLayer&cx=c

142.250.74.136

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-0H0LNCD6F9&l=dataLayer&cx=c
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
90 kB (89929 bytes)
Hash
dcc75340e25a0336a8a2ac3bf1a1b6bb
821f479c24d9bbf234df5090cd7a874f3a4ada69
a9c0d25d4da1f2ddff76d73dd798600eeebac4e7405e8365506be998f2a06ee4

HTTP Headers

GET /gtag/js?id=G-0H0LNCD6F9&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 18:52:07 GMT
expires: Wed, 08 May 2024 18:52:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89929
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

tmpfiles.org/font/FiraSans-Light.ttf

104.21.21.16

404 Not Found

9.4 kB

URL GET HTTP/3
tmpfiles.org/font/FiraSans-Light.ttf
IP
104.21.21.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerLet's Encrypt
Subjecttmpfiles.org
FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42
ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT

File type
HTML document, ASCII text, with very long lines (5395)
Size
9.4 kB (9442 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/FiraSans-Light.ttf HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IktsdVh1NzYxOStOT25ZLzFPVU13WlE9PSIsInZhbHVlIjoiSHljY2pMdEhTS3BnS2lMNjhCSkdSNTBzc2JkdFl2TDBiR2hBWGVSV2toM1JmQmJPanVYWlpxeW5WNUZiWUxoaUhNMVp4TWFsZklwYzVtUDVRbWEzbXBtcWg4cTY5M3duV1lMenFVWkpGZXhDbFVkY3FvUTk1bjFHUUI3c3RPY3MiLCJtYWMiOiI5MGFmMmNjMDFjODczNjZjMjE4YzEwMTQ3OTJkZWE1ZDI2MjQ3NDE0Yzc1NTczNGM0ZmJjYTExMTYzMGJiOWRjIn0%3D; tmpfiles_session=eyJpdiI6Im1VYVdBL2UyZUR5TVM3MXRkaGdOMkE9PSIsInZhbHVlIjoiMHQ2MUNiaE14Tzd6TUJZZGdUWERaNmxVUXpGaUtHdWM2SERzWEFRYnM4TkhFTFJCMUxqblAwZTVTYkdrbUpINTJWLzJ6UXl0Mi9MRkxZR3NHUkowbjJWeUNPSFRmajZjdVk5MzdQVHpiVDE4RDg2UEsrZ2ZZTmVJVHRIK0JGUk8iLCJtYWMiOiIzMzFhNGNkMTMwNWUxNGMyOWM5Y2VhNDI4MzkzZWQxNTRhNjgwYjViMzU4OThiYWQxNzExMmNjYTg0ZTA1NTMxIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 08 May 2024 18:52:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6Ii9CYm5sbDBwcWhSYUVNbHlrMTQycVE9PSIsInZhbHVlIjoiSzZkMThLK1NQb3Yrb3J0MFNMR1pGbmRGL2VHRlZuVmFpT2ZQVDh2M3JUazV1TFlTaXBiem9xZGNVUzBrT2p4MDltTjh3ODhTdUdCMFdSZCtBQUdrOUY5OHNkMW16QnltTE9rb2tJNUtJOUQvdGFnOVpJajc0MFRXRlJobUl6VmwiLCJtYWMiOiIyM2QyMDhlNWVlMDAwMDE2MjJhNzAyZWFiYTBlYTAyNTg2ZDA3MzBmZDRiMjVkM2U3MjIwNGRkOWU5NTA1NDI5In0%3D; expires=Wed, 08-May-2024 20:52:07 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6IlpYNTNGaXh2OGpsaFRLcitkSVpJV0E9PSIsInZhbHVlIjoiR0h3SWlzTXZMOXlVQXZLNnc1R1Y1RFBZdFpURS84alRKekNyNEJhbGtNaEp1bXUvOWUzMWxKcDRmMFphQnA5d3hndXNqRm5jTzl5Y2lGUHh1a0pPNkFkaGtMdXAvdnNBZzdwVkgxUDB4QVRkRFdOV3ZlOWJoNU02aUh3d1c3NDkiLCJtYWMiOiIyZjE2ZWUxYzlhMTExYmQwZTM0YzMxM2M0ZDQwNmJhZWRjYmFmNDQ5ZWZhZTYxYTE0NjA0OTc0MGIxMGE4ZmE2In0%3D; expires=Wed, 08-May-2024 20:52:07 GMT; Max-Age=7200; path=/; httponly; samesite=lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snxmxD5JCwRoFyJDBQmT7QyAb9eRpJvMLlm6ttkPfNnztIgerviWQuw1LmDKFgpOThI7kk%2B6mHabhCpXZ%2FN2lY6QCfML2Ygty9Aq81tpu8%2FSwlI2B9fhQG4UhsTS34o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba522afcbb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tmpfiles.org/font/FiraSans-Regular.ttf

104.21.21.16

404 Not Found

13 kB

URL GET HTTP/3
tmpfiles.org/font/FiraSans-Regular.ttf
IP
104.21.21.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerLet's Encrypt
Subjecttmpfiles.org
FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42
ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT

File type
HTML document, ASCII text, with very long lines (5395)
Size
13 kB (12692 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/FiraSans-Regular.ttf HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IktsdVh1NzYxOStOT25ZLzFPVU13WlE9PSIsInZhbHVlIjoiSHljY2pMdEhTS3BnS2lMNjhCSkdSNTBzc2JkdFl2TDBiR2hBWGVSV2toM1JmQmJPanVYWlpxeW5WNUZiWUxoaUhNMVp4TWFsZklwYzVtUDVRbWEzbXBtcWg4cTY5M3duV1lMenFVWkpGZXhDbFVkY3FvUTk1bjFHUUI3c3RPY3MiLCJtYWMiOiI5MGFmMmNjMDFjODczNjZjMjE4YzEwMTQ3OTJkZWE1ZDI2MjQ3NDE0Yzc1NTczNGM0ZmJjYTExMTYzMGJiOWRjIn0%3D; tmpfiles_session=eyJpdiI6Im1VYVdBL2UyZUR5TVM3MXRkaGdOMkE9PSIsInZhbHVlIjoiMHQ2MUNiaE14Tzd6TUJZZGdUWERaNmxVUXpGaUtHdWM2SERzWEFRYnM4TkhFTFJCMUxqblAwZTVTYkdrbUpINTJWLzJ6UXl0Mi9MRkxZR3NHUkowbjJWeUNPSFRmajZjdVk5MzdQVHpiVDE4RDg2UEsrZ2ZZTmVJVHRIK0JGUk8iLCJtYWMiOiIzMzFhNGNkMTMwNWUxNGMyOWM5Y2VhNDI4MzkzZWQxNTRhNjgwYjViMzU4OThiYWQxNzExMmNjYTg0ZTA1NTMxIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 08 May 2024 18:52:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6IjFUVnBMeU04VU4xNEl0TGM3Y3Qvb1E9PSIsInZhbHVlIjoiVERBL0thclNiMS9HVVFoWGh4blVKdVpNQWhkbU1heVJucUVGaHkwTFljaENMakVSNzJ1ZVhRZ2YyYkJyWFZld1pPczdtUDBFWEcrYk1sQkZ5QWpJUXdabi9zbVdXdTJHSDdvTkxCNVpCdlRsK1FzZXpaeUp1dkpaWTFVVTdKRTEiLCJtYWMiOiJjODA5ZTNmOGI5ODlkMGM0YTU2MWExZTI0NDNlNjVlZTlmMjQwZTNhNzhlMTVmYzlhODI4NzZiZWYyZTgyOTU3In0%3D; expires=Wed, 08-May-2024 20:52:07 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6IllGejYvR1UyVnpSZmNMYkFTU0NTSGc9PSIsInZhbHVlIjoiaWZBYjZWUExFQ1ZPQWR4OXFEZExJR0NBVklESFN0M3lrMm92L2MwbHhydzFPcElBQmNXRGFVUzl6VmE4d0o2ZXljdGEySDZURmRoVHNBZ2wrOTUyOXFFZXRJZncrSEIzTDBiVnBuZCtibVBzaXpQb1RncTNwQXd3Q0hsKzZDTVMiLCJtYWMiOiIzNzFjN2VmMzE2NzZiNzdlOTc3MzM0YzY3ZGEyNDUzYjU1YjJlNGE2MDIzZTdiZjcwZWJlZGRkM2E4MTA0OGIyIn0%3D; expires=Wed, 08-May-2024 20:52:07 GMT; Max-Age=7200; path=/; httponly; samesite=lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bzk6ZbuRrjmLj02Awylsyb1HO8C0pGvA1Avn4fgk0tkw4OrvkqPJ4dmO0lHQDt5Zd7LKAIzKQnOo84BOW9wgyhg0RzLML5SwRLoJ1BR65qAGJnTli4IL28jpuXOhOyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba522afd1b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tmpfiles.org/5673073/hoplitepack.zip

104.21.21.16

200 OK

2.1 kB

URL User Request GET HTTP/2
tmpfiles.org/5673073/hoplitepack.zip
IP
104.21.21.16:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttmpfiles.org
FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42
ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT

File type
HTML document, ASCII text, with very long lines (2207), with no line terminators
Size
2.1 kB (2092 bytes)
Hash
183eb6a5c5e8f27cebce880affaf9f91
e4d4994b405a950e4d6e1ab8ffd0d2f166cba0a0
3cc2a9b6dfc271662fd37cfb57b36664cd0ad07a2d6bf0ea50ca3cdd5bc635ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5673073/hoplitepack.zip HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6IktsdVh1NzYxOStOT25ZLzFPVU13WlE9PSIsInZhbHVlIjoiSHljY2pMdEhTS3BnS2lMNjhCSkdSNTBzc2JkdFl2TDBiR2hBWGVSV2toM1JmQmJPanVYWlpxeW5WNUZiWUxoaUhNMVp4TWFsZklwYzVtUDVRbWEzbXBtcWg4cTY5M3duV1lMenFVWkpGZXhDbFVkY3FvUTk1bjFHUUI3c3RPY3MiLCJtYWMiOiI5MGFmMmNjMDFjODczNjZjMjE4YzEwMTQ3OTJkZWE1ZDI2MjQ3NDE0Yzc1NTczNGM0ZmJjYTExMTYzMGJiOWRjIn0%3D; expires=Wed, 08-May-2024 20:52:06 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6Im1VYVdBL2UyZUR5TVM3MXRkaGdOMkE9PSIsInZhbHVlIjoiMHQ2MUNiaE14Tzd6TUJZZGdUWERaNmxVUXpGaUtHdWM2SERzWEFRYnM4TkhFTFJCMUxqblAwZTVTYkdrbUpINTJWLzJ6UXl0Mi9MRkxZR3NHUkowbjJWeUNPSFRmajZjdVk5MzdQVHpiVDE4RDg2UEsrZ2ZZTmVJVHRIK0JGUk8iLCJtYWMiOiIzMzFhNGNkMTMwNWUxNGMyOWM5Y2VhNDI4MzkzZWQxNTRhNjgwYjViMzU4OThiYWQxNzExMmNjYTg0ZTA1NTMxIn0%3D; expires=Wed, 08-May-2024 20:52:06 GMT; Max-Age=7200; path=/; httponly; samesite=lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7HthLe%2FPDHHxwmaMLA8ybnnEOcPQk4yO30QiewwX2%2FtImFo02TvtoOiw5laedJjBzzT%2B7I75Q8sqrldAEcdtJO7r36wpJJuZuFt93L3u%2FEP61iiX86OMEqrJlAMMK6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba51d8fa156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tmpfiles.org/favicon.ico

104.21.21.16

200 OK

1.2 kB

URL GET HTTP/3
tmpfiles.org/favicon.ico
IP
104.21.21.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerLet's Encrypt
Subjecttmpfiles.org
FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42
ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
641276e2d4d0995c8262223f1fdda3d2
4f3f8f324f842e21d6921fffef2be2370cba9c49
5c039a5032f66daf0ad7ccaf04589686dfcc0b580113c1c6a9cff06ed4ce676d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/5673073/hoplitepack.zip
Cookie: XSRF-TOKEN=eyJpdiI6IktsdVh1NzYxOStOT25ZLzFPVU13WlE9PSIsInZhbHVlIjoiSHljY2pMdEhTS3BnS2lMNjhCSkdSNTBzc2JkdFl2TDBiR2hBWGVSV2toM1JmQmJPanVYWlpxeW5WNUZiWUxoaUhNMVp4TWFsZklwYzVtUDVRbWEzbXBtcWg4cTY5M3duV1lMenFVWkpGZXhDbFVkY3FvUTk1bjFHUUI3c3RPY3MiLCJtYWMiOiI5MGFmMmNjMDFjODczNjZjMjE4YzEwMTQ3OTJkZWE1ZDI2MjQ3NDE0Yzc1NTczNGM0ZmJjYTExMTYzMGJiOWRjIn0%3D; tmpfiles_session=eyJpdiI6Im1VYVdBL2UyZUR5TVM3MXRkaGdOMkE9PSIsInZhbHVlIjoiMHQ2MUNiaE14Tzd6TUJZZGdUWERaNmxVUXpGaUtHdWM2SERzWEFRYnM4TkhFTFJCMUxqblAwZTVTYkdrbUpINTJWLzJ6UXl0Mi9MRkxZR3NHUkowbjJWeUNPSFRmajZjdVk5MzdQVHpiVDE4RDg2UEsrZ2ZZTmVJVHRIK0JGUk8iLCJtYWMiOiIzMzFhNGNkMTMwNWUxNGMyOWM5Y2VhNDI4MzkzZWQxNTRhNjgwYjViMzU4OThiYWQxNzExMmNjYTg0ZTA1NTMxIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 18:52:07 GMT
content-type: image/x-icon
last-modified: Fri, 10 Feb 2017 21:01:32 GMT
etag: W/"589e2a2c-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LajHFKbyEaMLrJMwPqQ3YRUtbBeVKtqXA5AZnTmZCIAVtjQZg8cNT50Kcm0TNcSMix1L7PwajxrSlmiLkDZKuWboml9bWFDMo7uQ6msflGoX9txPeLmyqRrJ1LpVQG0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba524bbf2b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Open+Sans+Condensed:300,700

142.250.74.170

200 OK

5.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans+Condensed:300,700
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://tmpfiles.org/5673073/hoplitepack.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (5068), with no line terminators
Size
5.0 kB (4956 bytes)
Hash
ec4bca611842cd13cfd6feba64afaacf
064d0e71b5457d449fcf378faf17430329cf603f
dceeab8e3e31991c6ddb86d0a56d3b2e70862b7de5e576176f09035f9329415e

HTTP Headers

GET /css?family=Open+Sans+Condensed:300,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 18:52:07 GMT
date: Wed, 08 May 2024 18:52:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash