Report - iranasnaf.xyz/saham-edalat.ir/app.apk

Report Overview

Visited public
2023-09-18 12:54:17
Tags
Submit Tags
URL
iranasnaf.xyz/saham-edalat.ir/app.apk
Finishing URL
about:privatebrowsing
IP / ASN
104.21.9.59
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
iranasnaf.xyz	unknown	2023-01-07	2023-01-09 03:30:29	2023-09-16 11:26:35	493 B	1.9 MB	172.67.159.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-09-18	medium	iranasnaf.xyz	Sinkholed

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET iranasnaf.xyz/saham-edalat.ir/app.apk

172.67.159.35

200 OK

1.9 MB

URL User Request GET HTTP/2
iranasnaf.xyz/saham-edalat.ir/app.apk
IP
172.67.159.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectiranasnaf.xyz
Fingerprint1E:65:E5:AE:CF:A3:FA:F0:C7:96:33:30:D9:5D:4C:97:01:12:A8:82
ValidityThu, 14 Sep 2023 09:16:51 GMT - Wed, 13 Dec 2023 09:16:50 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
1.9 MB (1858937 bytes)
Hash
b14464ef00e85713238f3481866dd4fb
7ca37ca8162cc99b714e2696b438791efe14b51f
93f1c9c088c8127a7fae16620a2d4944be9d3e992ef2db0fa44043562c3e6212

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 23/64

HTTP Headers

GET /saham-edalat.ir/app.apk HTTP/1.1
Host: iranasnaf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 18 Sep 2023 12:53:59 GMT
content-type: application/vnd.android.package-archive
content-length: 1858937
last-modified: Fri, 15 Sep 2023 11:21:31 GMT
cache-control: max-age=120
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i98Bmn2Zq6J3ZuD7NTNUPek1RFAzqbooCDwVBeRoZMmVg3IP2YJc%2B58RVWJnbAni1RXvRNVHfyaS0OfzbYowROqmE2LbfXcSXQOcWwB%2Fl3qRgb1YRYLka0sWfi%2FB4bAO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8089bc28dc375693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers