Report - intenseproxy.zip

Report Overview

Visited public
2025-02-08 23:21:34
Tags
URL
intenseproxy.zip
Finishing URL
intenseproxy.zip/
IP / ASN
172.67.68.37
#13335 CLOUDFLARENET
Title
intenseproxy.zip/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
intenseproxy.zip	unknown	2024-05-10	2024-12-31	2025-01-28	1.8 kB	4.4 kB	104.26.2.21
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2025-02-05	524 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-08 23:21:05	low	Client IP	104.26.2.21	ET INFO HTTP Request to a *.zip Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-08	medium	intenseproxy.zip	Sinkholed
2025-02-08	medium	intenseproxy.zip	Sinkholed
2025-02-08	medium	intenseproxy.zip	Sinkholed
2025-02-08	medium	intenseproxy.zip	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

intenseproxy.zip/

104.26.2.21

421 Misdirected Request

297 B

URL User Request GET HTTP/2
intenseproxy.zip/
IP
104.26.2.21:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectintenseproxy.zip
Fingerprint27:A7:12:C0:02:B1:9F:04:18:23:83:57:ED:CC:07:8C:FD:A0:88:DE
ValiditySun, 19 Jan 2025 16:48:11 GMT - Sat, 19 Apr 2025 17:47:45 GMT

File type
ASCII text, with CRLF line terminators
Size
297 B (297 bytes)
Hash
21a91cc1c7c1f3bf811f64ceb91e46cd
1bd98602c5b93d1cc7f0d6a285d4310d60a55c92
bcf2251caa66af4a9e1bdb1a0a280895a186e14ff01d7421d105d6419a7bf734

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: intenseproxy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 421 Misdirected Request
date: Sat, 08 Feb 2025 23:21:05 GMT
content-type: text/plain; charset=utf-8
content-length: 297
x-served-by: cache-bma1620
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rKilhTxSxy6%2BFLcOxUnVlM%2B8AAbGyw7JM%2BTWmLMqocINEluF6DUtzfV76T%2BFvb6NZvEj0LqUTemZ3N%2FrMEWhgXpMsXxfe6KGMXi1hIMeEYcemm1r81bKh1EQ%2BkaZry6cAXTj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ef5a9f2b4f712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=492&min_rtt=449&rtt_var=131&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3209&recv_bytes=1126&delivery_rate=7192052&cwnd=253&unsent_bytes=0&cid=ff94d3271d8f9c91&ts=50&x=0"
X-Firefox-Spdy: h2

intenseproxy.zip/

104.26.2.21

301 Moved Permanently

167 B

URL User Request GET HTTP/2
intenseproxy.zip/
IP
104.26.2.21:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectintenseproxy.zip
Fingerprint27:A7:12:C0:02:B1:9F:04:18:23:83:57:ED:CC:07:8C:FD:A0:88:DE
ValiditySun, 19 Jan 2025 16:48:11 GMT - Sat, 19 Apr 2025 17:47:45 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: intenseproxy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 08 Feb 2025 23:21:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 09 Feb 2025 00:21:05 GMT
Location: https://intenseproxy.zip/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vs%2Br%2FIuZk%2BeVdOZcvgvGvabQsKXss35nmZTp89r1Hv3cK7BjXT0O%2BDzEi%2FT0IJcdpZsANsJarMQyPlulw26v4Gox%2BhJ2AMa%2FYCjzADyH8wsqHdlIodfjKAl9MUb83YCcJsZW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 90ef5aa0bcb25699-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=458&min_rtt=458&rtt_var=229&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=401&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

intenseproxy.zip/

104.26.3.21

421 Misdirected Request

297 B

URL User Request GET HTTP/2
intenseproxy.zip/
IP
104.26.3.21:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectintenseproxy.zip
Fingerprint27:A7:12:C0:02:B1:9F:04:18:23:83:57:ED:CC:07:8C:FD:A0:88:DE
ValiditySun, 19 Jan 2025 16:48:11 GMT - Sat, 19 Apr 2025 17:47:45 GMT

File type
ASCII text, with CRLF line terminators
Size
297 B (297 bytes)
Hash
21a91cc1c7c1f3bf811f64ceb91e46cd
1bd98602c5b93d1cc7f0d6a285d4310d60a55c92
bcf2251caa66af4a9e1bdb1a0a280895a186e14ff01d7421d105d6419a7bf734

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: intenseproxy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 421 Misdirected Request
date: Sat, 08 Feb 2025 23:21:05 GMT
content-type: text/plain; charset=utf-8
content-length: 297
x-served-by: cache-bma1640
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mtxpxEWEWOvtQGTAfq2GvOyY0PFn2S4UdebaJecYDlFBjT2IKbpgcQoyHLUQTGT%2BHTjMOJxeA%2B%2FlfBTP0lRjsBSgkg3gQeCV0Lp4RsXMYyhsBi0av95vqLqc3Y1VgfhJJDU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ef5aa11a5056c0-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=500&min_rtt=469&rtt_var=122&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3285&recv_bytes=1255&delivery_rate=8211720&cwnd=253&unsent_bytes=0&cid=e1696b7ddcdb3057&ts=62&x=0"
X-Firefox-Spdy: h2

intenseproxy.zip/favicon.ico

104.26.3.21

421 Misdirected Request

297 B

URL GET HTTP/2
intenseproxy.zip/favicon.ico
IP
104.26.3.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://intenseproxy.zip/
Certificate
IssuerGoogle Trust Services
Subjectintenseproxy.zip
Fingerprint27:A7:12:C0:02:B1:9F:04:18:23:83:57:ED:CC:07:8C:FD:A0:88:DE
ValiditySun, 19 Jan 2025 16:48:11 GMT - Sat, 19 Apr 2025 17:47:45 GMT

File type
ASCII text, with CRLF line terminators
Size
297 B (297 bytes)
Hash
21a91cc1c7c1f3bf811f64ceb91e46cd
1bd98602c5b93d1cc7f0d6a285d4310d60a55c92
bcf2251caa66af4a9e1bdb1a0a280895a186e14ff01d7421d105d6419a7bf734

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: intenseproxy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intenseproxy.zip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 421 Misdirected Request
date: Sat, 08 Feb 2025 23:21:05 GMT
content-type: text/plain; charset=utf-8
content-length: 297
x-served-by: cache-bma1671
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhpyGl2J1HKIodCFl3l5hmS0mnISHvKHATI51MxbSsxb0AhW%2FC54t95EHy2AW8UlPa7YxrzEhJXG7M%2Ffw5ZgYXD7jj47JrfSdm2f7FvVBiN%2B50c0ldkny%2BZVordFnNyxJR%2FR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90ef5aa31c8eb4fa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=513&min_rtt=475&rtt_var=120&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3286&recv_bytes=1214&delivery_rate=7227953&cwnd=253&unsent_bytes=0&cid=48c9b7b53a581215&ts=51&x=0"
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/g/chains/202402/aus.content-signature.mozilla.org-2025-03-21-18-01-18.chain; p384ecdsa=1RZndNhazfHLC64d8R9PeVy2VhwUis2PkGPma8kfFDDr8N5lZ9MTrnISS7ZdEVQWULgLr4c6uoJjXVjmT4x8udV9YVerBunlrF9YxLBSef3oxk-T2qZxjfz6GY3-SHtb
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Sat, 08 Feb 2025 23:20:43 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 41
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers