Report - irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1

Report Overview

Visited public
2025-01-14 15:05:06
Tags
URL
irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1
Finishing URL
irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1
IP / ASN
108.157.229.122
#16509 AMAZON-02
Title
irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
irp.cdn-website.com	22331	2018-07-18	2021-03-30	2025-01-12	979 B	10 kB	143.204.55.23

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-14	medium	irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1	Detects suspicious PowerShell code that downloads from web sites

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1

143.204.55.23

200 OK

409 B

URL User Request GET HTTP/2
irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1
IP
143.204.55.23:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectmultiscreensite.com
FingerprintC5:3E:35:6B:AE:A5:5D:9E:6E:33:DC:82:EC:B6:6A:55:84:52:CE:6A
ValidityWed, 18 Dec 2024 11:43:50 GMT - Tue, 18 Mar 2025 11:43:49 GMT

File type
ASCII text
Size
409 B (409 bytes)
Hash
b7314b69ed077e329ace67905e0288d3
437cb06f5fdaa832eef32e8330977aa3d81e57c1
45683a9aaab0da08c281c10c969d747860281b1d79cb16007f364d0faa10f64c

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites

HTTP Headers

GET /e2ffc6f1/files/uploaded/26.ps1 HTTP/1.1
Host: irp.cdn-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain
content-length: 409
date: Tue, 14 Jan 2025 14:46:49 GMT
last-modified: Thu, 09 Jan 2025 19:42:14 GMT
etag: "b7314b69ed077e329ace67905e0288d3"
x-amz-server-side-encryption: AES256
x-amz-version-id: cgEBQ5cniuHYMFq9eD_B5mQ_Enep4XTe
accept-ranges: bytes
server: AmazonS3
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
age: 1073
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hh84mhZOR0eKeuWjSoqnCzENYkBL652mafzRSqr5Tj6BGXGDk7lMbA==
X-Firefox-Spdy: h2

irp.cdn-website.com/favicon.ico

143.204.55.23

403 Forbidden

8.6 kB

URL GET HTTP/3
irp.cdn-website.com/favicon.ico
IP
143.204.55.23:443
ASN
#16509 AMAZON-02

Requested by
https://irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1
Certificate
IssuerLet's Encrypt
Subjectmultiscreensite.com
FingerprintC5:3E:35:6B:AE:A5:5D:9E:6E:33:DC:82:EC:B6:6A:55:84:52:CE:6A
ValidityWed, 18 Dec 2024 11:43:50 GMT - Tue, 18 Mar 2025 11:43:49 GMT

File type
data
Size
8.6 kB (8647 bytes)
Hash
5247f142939b7dc5241724f9478ee6cb
a54a967b9ff96da378424cca6fe5194a01e38b77
db224d5ce342fa2bae5a689c2ba55badd1091c9e0fc84fa2ac4609a559f28e8b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: irp.cdn-website.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://irp.cdn-website.com/e2ffc6f1/files/uploaded/26.ps1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: application/xml
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
date: Tue, 14 Jan 2025 15:04:41 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eMDXPDPaU_blOr7MWGLS2UTgaEGnbYF6ryZ1PrsJSBzPWM99uSejxw==

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers