Report - fxn6.sbs

Report Overview

Visited public
2023-11-29 03:35:45
Tags
URL
fxn6.sbs
Finishing URL
about:privatebrowsing
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com	unknown	2013-05-26	2023-10-12 18:13:03	2023-11-28 00:24:27	568 B	626 kB	54.230.111.92
fxn6.sbs	unknown	2023-04-24	2023-04-25 20:33:47	2023-08-09 16:31:58	477 B	626 kB	188.114.96.1
u.to	155534	unknown	2012-05-21 21:16:51	2023-11-29 00:38:06	477 B	693 B	195.216.243.155

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-29 03:35:31	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-11-29 03:35:31	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-11-29 03:35:31	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (u .to)
2023-11-29 03:35:31	low	Client IP	Internal IP	ET INFO URL Shortener Service Domain in DNS Lookup (u .to)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip
IP
54.230.111.92
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
625 kB (625381 bytes)
Hash
a51647307e94aa71ba9b4d860ab63ee1
cb93981e00abbfeace3c65b74951a0a3e9130efe
2ed59bb027b77d959153fcec36f4a65551391ab624c313f1ce90561c17bc1988

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 37/60

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

u.to/Ri8eIA

195.216.243.155

302 Found

290 B

URL User Request GET HTTP/1.1
u.to/Ri8eIA
IP
195.216.243.155:443
ASN
#57724 Ddos-guard Ltd

Certificate
IssuerGoGetSSL
Subjectu.to
Fingerprint5F:34:9B:CA:9B:9B:07:E0:65:E5:80:E3:F9:98:A2:66:0C:E3:59:A8
ValidityTue, 24 Oct 2023 00:00:00 GMT - Thu, 24 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
290 B (290 bytes)
Hash
5e736b5f89b8202fe70c2150f5afca60
41d4352d159c6e0baec70199bf8b598d3bcfacf9
6301ee7104588bec67030932fe123c28635c76f3b1f6d37a2d79a98b2aebebc7

HTTP Headers

GET /Ri8eIA HTTP/1.1
Host: u.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.8.0
Date: Wed, 29 Nov 2023 03:35:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: lng=en; path=/; expires=Thu, 28-Nov-2024 03:35:27 GMT; domain=.u.to;
Location: https://abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip

abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip

54.230.111.92

200 OK

625 kB

URL User Request GET HTTP/2
abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip
IP
54.230.111.92:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subject*.usrfiles.com
Fingerprint15:F4:65:90:B4:A0:48:C6:7D:B3:74:65:0C:F1:AF:70:66:E6:AD:40
ValidityWed, 26 Jul 2023 00:00:00 GMT - Mon, 22 Jan 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
625 kB (625381 bytes)
Hash
a51647307e94aa71ba9b4d860ab63ee1
cb93981e00abbfeace3c65b74951a0a3e9130efe
2ed59bb027b77d959153fcec36f4a65551391ab624c313f1ce90561c17bc1988

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 37/60

HTTP Headers

GET /archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip HTTP/1.1
Host: abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-zip-compressed
content-length: 625381
server: openresty/1.21.4.1
date: Sun, 19 Nov 2023 16:12:13 GMT
expires: Sun, 19 Nov 2023 17:12:13 GMT
cache-control: public, max-age=15552000, immutable
last-modified: Sun, 19 Nov 2023 16:12:06 GMT
etag: "a51647307e94aa71ba9b4d860ab63ee1"
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
timing-allow-origin: *
x-seen-by: gcp.us-central-1.media-router-f89dc7b48-lm8jn
x-robots-tag: noindex, nofollow
via: 1.1 google, 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: qjzu4inymf3hg1UE69UMiNNcf2azfH2AmgEdtCWhALdk8DJWazZEPA==
age: 818594
X-Firefox-Spdy: h2

fxn6.sbs/

188.114.96.1

301 Moved Permanently

625 kB

URL User Request GET HTTP/2
fxn6.sbs/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectfxn6.sbs
Fingerprint3C:33:78:8E:FD:EE:6F:1A:63:D5:25:27:84:7C:C5:51:AC:E0:A0:30
ValidityThu, 19 Oct 2023 03:59:10 GMT - Wed, 17 Jan 2024 03:59:09 GMT

File type

Size
625 kB (625381 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: fxn6.sbs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Wed, 29 Nov 2023 03:35:27 GMT
location: https://u.to/Ri8eIA
cache-control: max-age=3600
expires: Wed, 29 Nov 2023 04:35:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClwiTkKaVVLFT0EdSjst3gXKtCm9Ue4LNTWpjnyzJ3mDpc3bR1fj2GiTb%2F4ZD8ZAHErVjoux4XdPF%2BTZKi2kMVli9UOhxFcDcFzLDOe1o%2FhhNqEGrCIgfByMUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d7ccfccc7d5691-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers