Report - 91.213.50.74/new/mofers/Rm.txt

Report Overview

Submitted URL
91.213.50.74/new/mofers/Rm.txt
IP
91.213.50.74
ASN
#50340 OOO Network of data-centers Selectel
Submitted
2023-06-10 09:18:28
Access
public
Website Title
Final URL
Tags
urlquery detections
Suspicious - Base64 encoded file

Detections

urlquery
2
Network Intrusion Detection
3
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
91.213.50.74	unknown	unknown	No data	No data	756 B	338 kB	91.213.50.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-10 09:18:09	medium	91.213.50.74	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 7
2023-06-10 09:18:09	high	91.213.50.74	Client IP	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1
2023-06-10 09:18:09	high	91.213.50.74	Client IP	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-06-09	medium	91.213.50.74
2023-06-09	medium	91.213.50.74

ThreatFox

No alerts detected

Files detected

URL
91.213.50.74/new/mofers/Rm.txt
IP
91.213.50.74
ASN
#50340 OOO Network of data-centers Selectel

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
488 kB (488448 bytes)
Hash
137f21d1f8fdd5cfe86637368b526027
a8bf076482b60609b77ee379bade5490b47267c8
8b6a909110ca907eb279cfb8f6db432af5564263e49c6982001b83fcffe04c07

Detections

Analyzer	Verdict	Alert
VirusTotal	63/71	VirusTotal -

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

91.213.50.74/new/mofers/Rm.txt

91.213.50.74

200 OK

337 kB

URL User Request GET HTTP/1.1
91.213.50.74/new/mofers/Rm.txt
IP
91.213.50.74:80
ASN
#50340 OOO Network of data-centers Selectel

File type
ASCII text, with very long lines (65536), with no line terminators
Size
337 kB (337233 bytes)
Hash
8bc047f49b6c809be44855ef91e04727
0d57ea6935fb3ca6149dbc8ef10160a5de33b881
aca4b3dbb9a0b1906c0dce0611793cbb0185e1488d3be8dbbeb2675f9e1cdeaa

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Base64 encoded file
quad9	Sinkholed

NIDS	Severity	Alert
suricata	high	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1
suricata	high	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1

HTTP Headers

GET /new/mofers/Rm.txt HTTP/1.1
Host: 91.213.50.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 10 Jun 2023 09:18:10 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 11:24:03 GMT
ETag: "9f000-5fbcdcefb5ac0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

91.213.50.74/favicon.ico

91.213.50.74

404 Not Found

233 B

URL GET HTTP/1.1
91.213.50.74/favicon.ico
IP
91.213.50.74:80
ASN
#50340 OOO Network of data-centers Selectel

Requested by
http://91.213.50.74/new/mofers/Rm.txt

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
233 B (233 bytes)
Hash
b623cdc250c3c887580c4b235221c3bf
603eecf4c66a53af3c21b4f8faade47488a94bfe
139d93db6bf49549f4fcaffd6d2d55481a4c57269e58549072a2a6d104d18b38

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 91.213.50.74
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://91.213.50.74/new/mofers/Rm.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.20.2
Date: Sat, 10 Jun 2023 09:18:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers