Report - www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=ARD&P21DBN=ARD&Z21ID=&Image_file_name=DOC/2002/02aovvam.zip&IMAGE_FILE_DOWNLOAD=1

Report Overview

Visited public
2023-12-10 09:30:39
Tags
URL
www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=ARD&P21DBN=ARD&Z21ID=&Image_file_name=DOC/2002/02aovvam.zip&IMAGE_FILE_DOWNLOAD=1
Finishing URL
about:privatebrowsing
IP / ASN
194.44.11.130
#3255 State Enterprise Scientific and Telecommunication Centre Ukrainian Academic and Research Netw
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

5

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.irbis-nbuv.gov.ua	unknown	unknown	2012-12-11 16:17:49	2023-12-09 05:23:50	536 B	49 kB	194.44.11.130
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2023-12-09 05:09:35	523 B	6.5 kB	35.244.181.201
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2023-12-09 05:09:36	305 B	512 kB	62.115.252.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-10 09:30:13	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-12-10 09:30:13	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-12-10 09:30:13	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-12-10 09:30:13	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
2023-12-10 09:30:13	low	Client IP	Internal IP	ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=ARD&P21DBN=ARD&Z21ID=&Image_file_name=DOC/2002/02aovvam.zip&IMAGE_FILE_DOWNLOAD=1
IP
194.44.11.130
ASN
#3255 State Enterprise Scientific and Telecommunication Centre Ukrainian Academic and Research Netw

File type
Zip archive data, at least v2.0 to extract, compression method=deflate - data
Size
49 kB (49083 bytes)
Hash
0822a1418b81cc07c560114250e93665
9e595f9bfe4ac94def7f0d237a3e82f3624cca7b
9814b1dc3a13c3ac6a7b55ad01f14a39521a7983a6bfc429c3798e0247c2ae1b

Archive (1)

Modified	Filename	Size	Md5	File type
2003-09-02 10:36	02AOVVAM.RTF	365 kB	a1ca94cce091d5e7ba947222e77e795e	Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1033

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.115
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate - data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Archive (2)

Modified	Filename	Size	Md5	File type
2019-03-02 16:47	gmpopenh264.info	116 B	3d33cdc0b3d281e67dd52e14435dd04f	ASCII text
2019-03-02 16:47	libgmpopenh264.so	1.4 MB	b2c1253e8a09cfe03b3d7f37de12dff7	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=ARD&P21DBN=ARD&Z21ID=&Image_file_name=DOC/2002/02aovvam.zip&IMAGE_FILE_DOWNLOAD=1	194.44.11.130		49 kB
URL User Request GET www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=ARD&P21DBN=ARD&Z21ID=&Image_file_name=DOC/2002/02aovvam.zip&IMAGE_FILE_DOWNLOAD=1 IP 194.44.11.130:0 ASN #3255 State Enterprise Scientific and Telecommunication Centre Ukrainian Academic and Research Netw File type Zip archive data, at least v2.0 to extract, compression method=deflate - data Size 49 kB (49083 bytes) Hash 0822a1418b81cc07c560114250e93665 9e595f9bfe4ac94def7f0d237a3e82f3624cca7b 9814b1dc3a13c3ac6a7b55ad01f14a39521a7983a6bfc429c3798e0247c2ae1b HTTP Headers GET /cgi-bin/irbis_nbuv/cgiirbis_64.exe?C21COM=2&I21DBN=ARD&P21DBN=ARD&Z21ID=&Image_file_name=DOC/2002/02aovvam.zip&IMAGE_FILE_DOWNLOAD=1 HTTP/1.1 Host: www.irbis-nbuv.gov.ua User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Sun, 10 Dec 2023 09:29:27 GMT Server: Apache/2.4.35 (Win64) Content-Disposition: attachment; filename="02aovvam.zip" Content: Content-Length: 49083 Keep-Alive: timeout=5, max=50 Connection: Keep-Alive Content-Type: text/plain`

	aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		5.8 kB
URL aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #15169 GOOGLE File type gzip compressed data, max speed, from Unix - data Size 5.8 kB (5759 bytes) Hash 26f74a51f3a41ab81bb1600c4dff77f8 94f623e1202d4fe4243e01b574201944e21ac815 68c20496e6e0670329c0a07f07d26fa6c870903c3c5f0f5082d8f6a09373be62 HTTP Headers GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx date: Sun, 10 Dec 2023 09:30:33 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding cache-control: public, max-age=90 rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-01-19-16-42-22.chain; p384ecdsa=oTHHBPRyESEUdBmB1sO00St5zkfLx6oWvDj-1HRNVfEXHSJjTz2ps3CpeZOBovhgb5VLWvzgdq06gbidMEWQmXS0Dj2xsBVy2jXsu7NLsVsP7S0yDSmundtc29kFU0TW strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: MISS content-encoding: gzip via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2

	ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip	62.115.252.115		512 kB
URL ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip IP 62.115.252.115:0 ASN #1299 Telia Company AB File type Zip archive data, at least v2.0 to extract, compression method=deflate - data Size 512 kB (511815 bytes) Hash 152eda253e242e18443ef3282495bc7c ff0fa85565f21ec4931baad4573b4c0bd08c4019 8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48 HTTP Headers `GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1 Host: ciscobinary.openh264.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive` `HTTP/1.1 200 OK Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT ETag: 152eda253e242e18443ef3282495bc7c Content-Length: 511815 Accept-Ranges: bytes X-Timestamp: 1700120294.87662 Content-Type: application/zip X-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1 Cache-Control: public, max-age=178247 Expires: Tue, 12 Dec 2023 11:01:20 GMT Date: Sun, 10 Dec 2023 09:30:33 GMT Connection: keep-alive`