Report - zsdsoftzfile.shop/?p=133&s=Download-sc32715+Alan+rar

Report Overview

Submitted URL
zsdsoftzfile.shop/?p=133&s=Download-sc32715+Alan+rar
IP
172.67.136.165
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 17:55:39
Access
public
Website Title
dpaste.org/ofxwP/raw
Final URL
dpaste.org/ofxwP/raw
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
letherepre.click	unknown	unknown	No data	No data	499 B	778 B	188.114.96.1
dpaste.org	unknown	2009-05-11	2012-11-15	2024-04-17	512 B	1.3 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 17:55:15	low	Client IP	192.0.78.26	ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	letherepre.click	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

letherepre.click/?x=133&t=ZL2WpvIzjxiS6N1hl

188.114.96.1

200 OK

151 B

URL User Request GET HTTP/2
letherepre.click/?x=133&t=ZL2WpvIzjxiS6N1hl
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectletherepre.click
FingerprintC0:43:F1:9A:91:E2:6E:5E:9D:D6:53:C0:00:B7:C5:55:F3:FD:69:5E
ValidityMon, 01 Apr 2024 13:38:28 GMT - Sun, 30 Jun 2024 13:38:27 GMT

File type
HTML document, ASCII text, with no line terminators
Size
151 B (151 bytes)
Hash
7ca46a3531d22ce0717ff0dd30452aeb
4b724b0f388abdba755662f5db494595564ed700
0f359d92895718c50c5d7ea66ac2093a12bb8f6062a576ba44374993da1c6439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?x=133&t=ZL2WpvIzjxiS6N1hl HTTP/1.1
Host: letherepre.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:55:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7t6XtS8oQbsg0Hy1%2F%2BbdYyY%2BMafvOsSjtLPCeeccKS6thZzQkx977O%2FGKAsGzVzaEZh1BiIl4JYeX3jUPjK0umGstF1ZgKVFsiv2TxmK%2BGwkNX0x5E0r9VVr%2BZ3%2FI486f8B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a033f90fd5712a-OSL
content-encoding: br
X-Firefox-Spdy: h2

dpaste.org/ofxwP/raw

188.114.96.1

200 OK

368 B

URL User Request GET HTTP/2
dpaste.org/ofxwP/raw
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdpaste.org
Fingerprint52:49:98:10:FF:26:18:DC:EF:02:53:A2:6B:97:9B:B8:88:62:07:8E
ValidityThu, 14 Mar 2024 22:18:03 GMT - Wed, 12 Jun 2024 22:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (390), with no line terminators
Size
368 B (368 bytes)
Hash
778b1edb454d9f8f829290f3e0c420d9
420674375f0d12fad14f69c3afab279d0c2e2aae
d1de921f24319b001aa70be55a0ebbd8a8ee5d1f4d59b898041c573263d46501

HTTP Headers

GET /ofxwP/raw HTTP/1.1
Host: dpaste.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://letherepre.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:55:16 GMT
content-type: text/plain;charset=UTF-8
x-content-type-options: nosniff
content-security-policy: img-src data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; default-src 'none'
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
x-frame-options: DENY
vary: Accept-Language, Cookie
content-language: en
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=po6BFiFsFe75NiMfcxe%2Fh9spPuHy0o1TXu1t3SUwNP%2F5%2B9Cupbf6kR%2B4FPrpWxIHP6EgWww9Fkm6HHwPqlLCxuQI3I6TkfuUZZpaEPatL%2F1%2FY31NOeEaIXNf1DND"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a033fa9f3a5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers