Report - sonicitinfo.com/DownloadProduct/NGO.zip

Report Overview

Submitted URL
sonicitinfo.com/DownloadProduct/NGO.zip
IP
199.79.62.231
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2024-05-08 01:21:17
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sonicitinfo.com	unknown	2016-03-16	2018-12-23	2023-11-20	493 B	18 MB	199.79.62.231
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
sonicitinfo.com/DownloadProduct/NGO.zip
IP
199.79.62.231
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
18 MB (18334113 bytes)
Hash
5d229dee2f1c5f7840f456e1c1c93caa
adf4baade1fffa937a371200684d4ad468e87ddb
960a174522ad53b70d7ce02d21dec329cc63c70be7757ce63229e2236ca074cc

Archive (9)

Filename

Md5

File type

setup.exe

f2edd97d7ce360a615a970c60020ec6e

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Autorun.inf

3dd69980f8b5c8d3f56ed85cf69aecc4

Microsoft Windows Autorun file

DAO350.DLL

8888bdbd4e118d915d40a11748282bca

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

dao360.dll

54e10ad6ebbedcb221aded5d9f0c8f3f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

DhtmlEd.msi

cdf797b7d8fae7406fe2a4894f15c8d3

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Create Time/Date: Mon Jun 21 07:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {BC67DE49-667D-456D-B92B-A4B26CF71630}, Title: DHTML Editing Component, Author: Microsoft Corporation, Comments: DHTML Editing Component for Applications, Number of Words: 2, Last Saved Time/Date: Tue Sep 5 20:28:36 2006, Last Printed: Tue Sep 5 20:28:36 2006

DHTMLED.OCX

be597b397a5c62fd1e71ce1d2a626e8f

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

mcrepair.exe

161d866ce87f526d44406194e27946a6

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

mdac_typ2.71.exe

d6bec9ff4873c8375255e8e0f5501b6f

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

PreLanuch.exe

635a11b4482a5855d66cefd7317fb164

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	sonicitinfo.com/DownloadProduct/NGO.zip	199.79.62.231	200 OK	18 MB
URL User Request GET HTTP/2 sonicitinfo.com/DownloadProduct/NGO.zip IP 199.79.62.231:443 ASN #46606 UNIFIEDLAYER-AS-1 Certificate IssuerSectigo Limited Subjectsonicitinfo.com Fingerprint90:C2:4C:3C:9D:18:E3:04:57:7E:CE:9B:55:8E:BF:03:4C:46:0B:05 ValidityMon, 20 Nov 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 18 MB (18334113 bytes) Hash 5d229dee2f1c5f7840f456e1c1c93caa adf4baade1fffa937a371200684d4ad468e87ddb 960a174522ad53b70d7ce02d21dec329cc63c70be7757ce63229e2236ca074cc HTTP Headers `GET /DownloadProduct/NGO.zip HTTP/1.1 Host: sonicitinfo.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/x-zip-compressed last-modified: Thu, 13 Apr 2023 06:11:10 GMT accept-ranges: bytes etag: "976026bece6dd91:0" server: x-powered-by: ASP.NET x-powered-by-plesk: PleskWin date: Wed, 08 May 2024 01:21:28 GMT content-length: 18334113 X-Firefox-Spdy: h2`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=VjXWs21_CF-w0MrPQL-wUCRBxkpnFt06VRFVvF0TrdyOSE5g7bRO-xnWyrImxlffYoA9O4pGYnu4eBWGSEIMMaAMckmBVCN0pWc6buS32G2rcoKtLx17xUzNu49pEq-N strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: MISS content-encoding: gzip via: 1.1 google date: Wed, 08 May 2024 01:19:28 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 99 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (9)

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers