Report - sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip

Report Overview

Visited public
2025-02-04 12:52:58
Tags
URL
sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip
Finishing URL
about:privatebrowsing
IP / ASN
176.235.226.160
#34984 Superonline Iletisim Hizmetleri A.S.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sw.lifeboxtransfer.com	unknown	2020-10-19	2022-06-06	2025-01-31	798 B	261 kB	176.235.226.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-04 12:52:28	low	Client IP	176.235.226.160	ET INFO Observed Filesharing Domain (lifeboxtransfer .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip
IP
176.235.226.160
ASN
#34984 Superonline Iletisim Hizmetleri A.S.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
260 kB (260263 bytes)
Hash
c6e43187ab415f06e66e6d74ad39dae5
2a04f8defb35d71fc27cf964e0fac79f232be8a8
b2c276462a46225a41b7c900a9d6e8d677d9804ae1bec76b7487411f68f31926

Archive (2)

Filename

Md5

File type

DRAG ME IN THE INJECTOR.dll

c32e01ebaec0c994672b56bfa5410962

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

senex-valo-injector.exe

d3af367eb793ee15aa368db650f94d37

PE32+ executable (console) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Mofongo loader maps and executes a payload in a hollowed msedge process

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip	176.235.226.160	200 OK	260 kB
URL User Request GET HTTP/1.1 sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip IP 176.235.226.160:443 ASN #34984 Superonline Iletisim Hizmetleri A.S. Certificate IssuerGlobalSign nv-sa Subject.lifeboxtransfer.com Fingerprint10:BE:B9:04:AE:65:69:05:5E:C6:CA:C7:06:5F:68:CF:A2:A6:C6:4E ValidityWed, 11 Dec 2024 08:16:02 GMT - Mon, 12 Jan 2026 08:16:01 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 260 kB (260263 bytes) Hash c6e43187ab415f06e66e6d74ad39dae5 2a04f8defb35d71fc27cf964e0fac79f232be8a8 b2c276462a46225a41b7c900a9d6e8d677d9804ae1bec76b7487411f68f31926 HTTP Headers GET /v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip HTTP/1.1 Host: sw.lifeboxtransfer.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Content-Type: application/zip Etag: c6e43187ab415f06e66e6d74ad39dae5 Last-Modified: Fri, 31 Jan 2025 16:29:48 GMT X-Timestamp: 1738340987.99816 Accept-Ranges: bytes Content-Length: 260263 Content-Disposition: attachment; filename="lifebox transfer-f319a735.zip"; filename=UTF-8''lifebox%20transfer-f319a735.zip Expires: Mon, 12 Nov 57055 18:47:33 GMT X-Trans-Id: tx44bb95cde6404a14bdefd-0067a20d8c X-Openstack-Request-Id: tx44bb95cde6404a14bdefd-0067a20d8c Date: Tue, 04 Feb 2025 12:52:28 GMT Connection: keep-alive Strict-Transport-Security: max-age=16070400; includeSubDomains

sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip

176.235.226.160

200 OK

260 kB

URL User Request GET HTTP/1.1
sw.lifeboxtransfer.com/v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip
IP
176.235.226.160:443
ASN
#34984 Superonline Iletisim Hizmetleri A.S.

Certificate
IssuerGlobalSign nv-sa
Subject*.lifeboxtransfer.com
Fingerprint10:BE:B9:04:AE:65:69:05:5E:C6:CA:C7:06:5F:68:CF:A2:A6:C6:4E
ValidityWed, 11 Dec 2024 08:16:02 GMT - Mon, 12 Jan 2026 08:16:01 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
260 kB (260263 bytes)
Hash
c6e43187ab415f06e66e6d74ad39dae5
2a04f8defb35d71fc27cf964e0fac79f232be8a8
b2c276462a46225a41b7c900a9d6e8d677d9804ae1bec76b7487411f68f31926

HTTP Headers

GET /v1/AUTH_LT_fc856d57-7abc-4ad2-ac90-950f9e675133/LT_e15b2bb6-98ca-4b2e-81a8-265e1e9ff651/f319a735-151f-4b75-9d5c-61592047649c/f319a735-151f-4b75-9d5c-61592047649c?temp_url_sig=ff78e71c9769e9ca41ff3a2b4d5de0574f1ed2d3c3cba5d29b85c901cb5a76ab&temp_url_expires=1738341974853&filename=lifebox+transfer-f319a735.zip HTTP/1.1
Host: sw.lifeboxtransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/zip
Etag: c6e43187ab415f06e66e6d74ad39dae5
Last-Modified: Fri, 31 Jan 2025 16:29:48 GMT
X-Timestamp: 1738340987.99816
Accept-Ranges: bytes
Content-Length: 260263
Content-Disposition: attachment; filename="lifebox transfer-f319a735.zip"; filename*=UTF-8''lifebox%20transfer-f319a735.zip
Expires: Mon, 12 Nov 57055 18:47:33 GMT
X-Trans-Id: tx44bb95cde6404a14bdefd-0067a20d8c
X-Openstack-Request-Id: tx44bb95cde6404a14bdefd-0067a20d8c
Date: Tue, 04 Feb 2025 12:52:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=16070400; includeSubDomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers