Report - forbescheck.top/1.ps1

Report Overview

Visited public
2025-03-04 02:25:04
Tags
Submit Tags
URL
forbescheck.top/1.ps1
Finishing URL
about:privatebrowsing
IP / ASN
172.67.189.223
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
forbescheck.top	unknown	2025-03-02	2025-03-04	2025-03-04	489 B	2.9 kB	172.67.189.223

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-03-04	medium	forbescheck.top/1.ps1	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET forbescheck.top/1.ps1

172.67.189.223

200 OK

2.0 kB

URL User Request GET
forbescheck.top/1.ps1
IP
172.67.189.223:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectforbescheck.top
Fingerprint82:C2:95:83:DF:7D:D2:22:FD:04:55:62:64:82:AD:02:9B:C9:D8:78
ValiditySun, 02 Mar 2025 17:52:01 GMT - Sat, 31 May 2025 18:50:33 GMT

File type
ASCII text
Size
2.0 kB (2037 bytes)
Hash
962ec0ee5238348fafab12a7bfff919b
592654e887f78fdaf0bba3c0dcb42419433d7044
d6e37583581379e47da8478dd2fde3afed55d34a8185c158a343a3f8dbbee803

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

HTTP Headers

GET /1.ps1 HTTP/1.1
Host: forbescheck.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 04 Mar 2025 02:24:45 GMT
content-type: application/octet-stream
content-length: 2037
last-modified: Sun, 02 Mar 2025 18:23:21 GMT
etag: "67c4a219-7f5"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2Bqh41NoEsw9alYCVJcobaqXTHC%2FWPUFNG%2F59dOpvMuaAyOKor%2BFKBWuXlgmJSAL7JS64fAbys%2Bs68Akja6xu6aTHwXll98%2F3U3wxDoXW2LNKOqhC9jSL1RtASRo%2BErr4sE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91adeb497b0a56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=581&min_rtt=505&rtt_var=212&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3286&recv_bytes=1257&delivery_rate=7040518&cwnd=253&unsent_bytes=0&cid=79956040d7b93c8a&ts=61&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers