Report - dw35.malavida.com/dwn/59d439ebf0b5ca2c6dc2df54cd7ff6a582fea478ae6eb13db495459e0a924d46/OfficeES.zip

Report Overview

Visitedpublic

2024-05-23 02:44:08

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
dw35.malavida.com	unknown	2001-05-31	2022-06-03 22:31:47	2023-01-20 10:54:32	553 B	5.8 MB	5.145.168.48

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-23 02:43:37	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-23 02:43:38	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-23 02:43:41	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-23 02:43:56	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-23 02:44:01	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

dw35.malavida.com/dwn/59d439ebf0b5ca2c6dc2df54cd7ff6a582fea478ae6eb13db495459e0a924d46/OfficeES.zip

IP / ASN

5.145.168.48

#39020 Comvive Servidores S.L.

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size5.8 MB (5826695 bytes)

MD5683b9fc3362fac836516eaa5797472d2

SHA10e15b5ebc4daf03e8ff7c057790a484de892c376

SHA256bcba6a8775ae06476f3114082c237e6912fd05dd01bc27d6bd31d0c790ff7d0a

Archive (2)

Modified	Filename	Size	MD5	File type
2019-12-19 12:40	Setup.X64.es-ES_O365HomePremRetail_001a94d5-9257-4d7b-80a6-dce1a0d145d0_TX_DB_.exe	8.1 MB	bd309428787046b526fbcf562a241efb	PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
2019-12-19 12:40	Setup.X86.es-ES_O365HomePremRetail_001a94d5-9257-4d7b-80a6-dce1a0d145d0_TX_DB_.exe	5.6 MB	e68c93a25a90121de4f6a1bd62354660	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET dw35.malavida.com/dwn/59d439ebf0b5ca2c6dc2df54cd7ff6a582fea478ae6eb13db495459e0a924d46/OfficeES.zip

5.145.168.48

200 OK

5.8 MB

URL

dw35.malavida.com/dwn/59d439ebf0b5ca2c6dc2df54cd7ff6a582fea478ae6eb13db495459e0a924d46/OfficeES.zip

IP / ASN

5.145.168.48

#39020 Comvive Servidores S.L.

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2023-06-22

Last Seen2025-05-26

Times Seen74

Size5.8 MB (5826695 bytes)

MD5683b9fc3362fac836516eaa5797472d2

SHA10e15b5ebc4daf03e8ff7c057790a484de892c376

SHA256bcba6a8775ae06476f3114082c237e6912fd05dd01bc27d6bd31d0c790ff7d0a

Certificate Info

IssuerSectigo Limited

Subject*.malavida.com

FingerprintDD:AD:14:1C:69:D1:86:8F:20:49:51:28:42:E5:20:08:49:C8:28:B2

ValidityMon, 12 Jun 2023 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/67

HTTP Headers

GET /dwn/59d439ebf0b5ca2c6dc2df54cd7ff6a582fea478ae6eb13db495459e0a924d46/OfficeES.zip HTTP/1.1
Host: dw35.malavida.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 23 May 2024 02:43:39 GMT
server: Apache
accept-ranges: bytes
cache-control: public
x-robots-tag: noindex
last-modified: Thu, 19 Dec 2019 15:30:04 GMT
content-length: 5826695
content-type: application/zip
X-Firefox-Spdy: h2