Report - qu.ax/zedd.zip

Report Overview

Submitted URL
qu.ax/zedd.zip
IP
176.96.138.90
ASN
#58212 dataforest GmbH
Submitted
2024-03-29 00:55:13
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qu.ax	unknown	2019-10-23	2019-12-22	2024-03-27	468 B	20 MB	176.96.138.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	qu.ax	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	qu.ax	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
qu.ax/zedd.zip
IP
176.96.138.90
ASN
#58212 dataforest GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
20 MB (19753681 bytes)
Hash
0d62ffff48a601fb886c96cd2e696875
28b2d56a3c3e01e2f465b247fc082766efedcce3
f424938d9497d173baeb9dbc302161588e2d73f4d2debf6dbafe9a2d68d55ea2

Archive (10)

Modified	Filename	Size	Md5	File type
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u1.sql	35 MB	ec8996280bb4c32cd240be24b68d8b41	Unicode text, UTF-8 text, with very long lines (622)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u2.sql	195 kB	d2ee51b3c34276386210bf66d2e8743b	Unicode text, UTF-8 text, with very long lines (622)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u3.sql	1.3 MB	57f63f64e237b32c01954920347dd423	Unicode text, UTF-8 text, with very long lines (622)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u4.sql	7.0 MB	de006557072c4a9fb7916bb625a91da6	Unicode text, UTF-8 text, with very long lines (697)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u5.sql	169 MB	18afb1ce6abb3b9043191fdf168d540e	Unicode text, UTF-8 text, with very long lines (699)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u6.sql	230 kB	bb9e0de76704fcadb63e93b18cafd206	Unicode text, UTF-8 text, with very long lines (622)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u7.sql	259 kB	55c75effbf59c5ab496d05475f9a6f2d	Unicode text, UTF-8 text, with very long lines (524)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u8.sql	212 kB	6aa6bd61d52ec8102d0ce485d9697df2	Unicode text, UTF-8 text, with very long lines (524)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u9.sql	245 kB	200fdf2799cec0af0c56973dc7cadc28	Unicode text, UTF-8 text, with very long lines (448)
2024-02-17 04:51	192_168_0_15-_database__cfmanage_2u10.sql	2.2 MB	4f699d7d97455dda627955adccd31552	Unicode text, UTF-8 text, with very long lines (622)

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

qu.ax/zedd.zip

176.96.138.90

200 OK

20 MB

URL User Request GET HTTP/2
qu.ax/zedd.zip
IP
176.96.138.90:443
ASN
#58212 dataforest GmbH

Certificate
IssuerLet's Encrypt
Subject*.qu.ax
Fingerprint82:9B:25:4F:F4:5A:4D:E3:20:F2:A0:49:24:38:BA:5B:66:4A:CB:6D
ValidityMon, 18 Mar 2024 05:21:34 GMT - Sun, 16 Jun 2024 05:21:33 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
20 MB (19753681 bytes)
Hash
0d62ffff48a601fb886c96cd2e696875
28b2d56a3c3e01e2f465b247fc082766efedcce3
f424938d9497d173baeb9dbc302161588e2d73f4d2debf6dbafe9a2d68d55ea2

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zedd.zip HTTP/1.1
Host: qu.ax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 00:54:19 GMT
content-type: application/zip
content-length: 19753681
last-modified: Thu, 29 Feb 2024 04:59:14 GMT
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=604800
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (10)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers