Report - icvpartners.com/gkonf/rentfree.zip

Report Overview

Submitted URL
icvpartners.com/gkonf/rentfree.zip
IP
192.124.249.104
ASN
#30148 SUCURI-SEC
Submitted
2023-05-23 05:07:23
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.godaddy.com	698	1999-03-02	2012-05-20	2023-05-22	330 B	2.3 kB	192.124.249.24
www.icvpartners.com	unknown	2009-04-27	2014-11-06	2023-05-17	454 B	5.3 kB	104.21.36.106
icvpartners.com	unknown	2009-04-27	2012-08-27	2023-05-21	947 B	3.5 kB	192.124.249.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-23	medium	icvpartners.com/gkonf/rentfree.zip

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-05-02	medium	icvpartners.com/gkonf/rentfree.zip

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

icvpartners.com/gkonf/rentfree.zip

192.124.249.104

200 OK

1 B

URL User Request GET HTTP/2
icvpartners.com/gkonf/rentfree.zip
IP
192.124.249.104:443
ASN
#30148 SUCURI-SEC

Certificate
IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Malware
threatfox	QakBot

HTTP Headers

GET /gkonf/rentfree.zip HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 May 2023 05:07:09 GMT
content-type: text/html; charset=UTF-8
content-length: 1
x-sucuri-id: 19004
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.24

1.8 kB

URL
ocsp.godaddy.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
062e98cf60ad1a4b9a8f699993c67f1a
fb1f975532cc5ba7073c5a68b622807a35a23d8b
9d81006d11f66e34d7af13c89b79d367f232007a6eb7381007d3abea942d01aa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 23 May 2023 05:07:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 23 May 2023 02:20:05 GMT
Expires: Wed, 24 May 2023 02:20:05 GMT
ETag: "fb1f975532cc5ba7073c5a68b622807a35a23d8b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

icvpartners.com/favicon.ico

192.124.249.104

302 Found

1 B

URL GET HTTP/2
icvpartners.com/favicon.ico
IP
192.124.249.104:443
ASN
#30148 SUCURI-SEC

Requested by
https://icvpartners.com/gkonf/rentfree.zip
Certificate
IssuerGoDaddy.com, Inc.
Subjecticvpartners.com
Fingerprint76:0D:41:FC:13:B7:A1:AC:66:31:42:83:83:18:FF:DB:05:A2:6B:10
ValidityWed, 22 Feb 2023 23:27:04 GMT - Thu, 22 Feb 2024 23:27:04 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/gkonf/rentfree.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Tue, 23 May 2023 05:07:10 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
x-sucuri-id: 19004
link: <https://www.icvpartners.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
x-xss-protection: 1; mode=block, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;, manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
vary: Accept-Encoding
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2

www.icvpartners.com/wp-content/uploads/2017/10/favicon.png

104.21.36.106

200 OK

3.2 kB

URL GET HTTP/2
www.icvpartners.com/wp-content/uploads/2017/10/favicon.png
IP
104.21.36.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://icvpartners.com/gkonf/rentfree.zip
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC3:C1:21:29:CF:3C:61:2D:1C:2C:73:6D:56:B5:99:88:4F:A2:0B:30
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3237 bytes)
Hash
7a13861c03da303dfd81b09b9b88c966
8bec9a78448b122c042bc2247e9ef4a4864af696
f026991a98dcd89c66d04eda096c44b9b4abad132cc21dd7aeacad96bb8920f7

HTTP Headers

GET /wp-content/uploads/2017/10/favicon.png HTTP/1.1
Host: www.icvpartners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://icvpartners.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 05:07:11 GMT
content-type: image/png
content-length: 3237
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: manifest-src 'self'; media-src 'self'; base-uri 'none'; object-src 'none'; require-trusted-types-for *.icvpartners.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://gc.kis.v2.scr.kaspersky-labs.com https://www.google.com https://cdnjs.cloudflare.com  https://ssl.google-analytics.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.gstatic.com https://ajax.cloudflare.com;
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
last-modified: Mon, 30 Oct 2017 20:58:00 GMT
etag: "8817e3-ca5-55cc9e4c74600"
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ola6hXtOv%2FhyR1bd2V6UL7Ei3r8Sor4fB%2BdB%2B%2BVp6T2OPcJO3Cqu9mTPv1goN04TsnTp%2Bv6xi1mL%2FZ2qlhKdBkoq8DN4RCedvgsG%2Fq6bGo4Or3%2FSCOqzRBBb5A0u%2Bgv45QNFKlcy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbac61a2b3cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers