Report - us-east-1.tixte.net/uploads/cdn.backslashg.com/z.exe

Report Overview

Visitedpublic

2023-11-30 07:22:06

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
us-east-1.tixte.net	unknown	2021-07-30	2022-06-03 09:40:06	2023-11-28 05:17:54	827 B	1.2 kB	172.67.212.247

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-30 07:21:54	high	Client IP	172.67.212.247	ET MALWARE Single char EXE direct download likely trojan (multiple families)
2023-11-30 07:21:54	medium	Client IP	172.67.212.247	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET us-east-1.tixte.net/uploads/cdn.backslashg.com/z.exe

172.67.212.247

403 Forbidden

187 B

URL User Request GET HTTP

us-east-1.tixte.net/uploads/cdn.backslashg.com/z.exe

IP / ASN

172.67.212.247

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeXML 1.0 document text\012- XML document, ASCII text, with no line terminators

First Seen2023-11-30

Last Seen2023-11-30

Times Seen1

Size187 B (187 bytes)

MD523800d2c9c7d2c9586c234c4575ebbd3

SHA1e289db50424cbb1be1e7e73a6060bbf7e51b5625

SHA256f4f7bba5ad631fead0863fcaac8a376380c54cff968345c2a412ead0f1d11180

Detections

Analyzer	Verdict	Alert
suricata	high	ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata	medium	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

HTTP Headers

GET /uploads/cdn.backslashg.com/z.exe HTTP/1.1
Host: us-east-1.tixte.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 30 Nov 2023 07:21:49 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Vary: Accept-Encoding
x-networking: Tixte Networking
x-powered-by: tixte.com
x-tixte-service: cdn
Location: https://google.com
Server: cloudflare
CF-RAY: 82e155f50b4956a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET us-east-1.tixte.net/favicon.ico

172.67.212.247

403 Forbidden

186 B

URL GET HTTP

us-east-1.tixte.net/favicon.ico

IP / ASN

172.67.212.247

#13335 CLOUDFLARENET

Requested byhttp://us-east-1.tixte.net/uploads/cdn.backslashg.com/z.exe

Resource Info

File typeXML 1.0 document text\012- XML document, ASCII text, with no line terminators

First Seen2023-11-30

Last Seen2023-11-30

Times Seen1

Size186 B (186 bytes)

MD55ad29f20fbc238fe9f75724bc55d7a14

SHA14d37248263ea1d3c19f08669abdebde2647fab54

SHA256cf4be0f3b01fe321fe2d4bbf1df973f51de48457be510b14243d49135d5dc255

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: us-east-1.tixte.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://us-east-1.tixte.net/uploads/cdn.backslashg.com/z.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 30 Nov 2023 07:21:50 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Vary: Accept-Encoding
x-networking: Tixte Networking
x-powered-by: tixte.com
x-tixte-service: cdn
Location: https://google.com
Server: cloudflare
CF-RAY: 82e155f79d2156a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60