Report - bestfile.io/en/download/gx7XjHJ303OQU9z/LJlGnyAvZz15w/Adobe-GenP-3.4.2-CGP.zip

Report Overview

Visited public
2024-12-16 18:16:10
Tags
Submit Tags
URL
bestfile.io/en/download/gx7XjHJ303OQU9z/LJlGnyAvZz15w/Adobe-GenP-3.4.2-CGP.zip
Finishing URL
about:privatebrowsing
IP / ASN
66.29.138.109
#22612 NAMECHEAP-NET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bestfile.io	unknown	2022-01-08	2022-03-08	2024-12-13	532 B	4.0 kB	66.29.138.109
sdownload.s3.eu-central-003.backblazeb2.com	unknown	2016-07-13	2024-02-22	2024-12-13	950 B	742 kB	45.11.37.254

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
sdownload.s3.eu-central-003.backblazeb2.com/users/EBnkmWRDPGR0y/0fgbBiaTVPAcFU3_1734038540.zip?response-content-disposition=attachment%3B%20filename%3D%22Adobe-GenP-3.4.2-CGP.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0031c3f441a07cd0000000001%2F20241216%2Feu-central-003%2Fs3%2Faws4_request&X-Amz-Date=20241216T181546Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=b5cd388ca683ab2a188e2fdb74410a0d38fe5dc52b8056b3d7be860963bc0214
IP
45.11.37.254
ASN
#40401 BACKBLAZE

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
741 kB (740913 bytes)
Hash
08d5c8105b2c3c592dc9470615cc0174
66b3eb4da007023b36b2e47dc5a8b6d81147b438
799e746efefe5b536f532d1d7f93ca03ddc2bd571494e5c6bb34a54fe274f79c

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 16/64

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET bestfile.io/en/download/gx7XjHJ303OQU9z/LJlGnyAvZz15w/Adobe-GenP-3.4.2-CGP.zip

66.29.138.109

302 Found

2.4 kB

URL User Request GET HTTP/1.1
bestfile.io/en/download/gx7XjHJ303OQU9z/LJlGnyAvZz15w/Adobe-GenP-3.4.2-CGP.zip
IP
66.29.138.109:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectbestfile.io
FingerprintED:91:27:7B:3E:71:0E:77:96:DA:DA:F1:51:2D:92:75:74:73:50:8A
ValidityFri, 23 Feb 2024 00:00:00 GMT - Sat, 22 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1103)
Size
2.4 kB (2374 bytes)
Hash
3edb19eda6924e3f975757359d2d5882
30f2342167c7be60a97518b35dc59cbe9f1114bd
423009b5081815d6c1d1ada5074164945918dff99db8825e3bb40f0f31fb57d8

HTTP Headers

GET /en/download/gx7XjHJ303OQU9z/LJlGnyAvZz15w/Adobe-GenP-3.4.2-CGP.zip HTTP/1.1
Host: bestfile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 16 Dec 2024 18:15:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlJWRU50MlF1TU5EVU1pbW1nRWV6N1E9PSIsInZhbHVlIjoiSGxXNk1XdWloVmdUVWFqdnBZZzZxeUJwRk41SkJhZHIyOERyajYrMWdDaEI2KzF3WktHQVJiazVZUWRWMjlER2VXdm5FcE5IT2xkWVk0QnplSVArbWtxc01aWms3OFhGVWdaODgwcjg3WFIzS3FtZTJYeUJIcE5wemJhTmp6TWMiLCJtYWMiOiIwYjkyZjdjODBiNTUyMjU2ZjdkZWMwYmFlNjkxYzNlOTgxNjFmMGYxM2EzMjZlNDU0YzI2YjkxNDQ0NDc2Nzc4IiwidGFnIjoiIn0%3D; expires=Mon, 16 Dec 2024 20:15:46 GMT; Max-Age=7200; path=/; samesite=lax
filebob_user_session=eyJpdiI6InJFbWVobWVLL1JpNTh4WnFuY204c0E9PSIsInZhbHVlIjoieFJHN1NscGdnZFUzZllTTVRaTmxTZXNlSzUrTGtiRFFFaFhNdXpaTkRiN095dmJnSHk4MkJQU1Uvd0trNk16KzluN3BBOGROQnVVUTVZZTFGWWIzdXpnaEZmdkZTQkMyMUdrcHJjQWNtNlRmWGsydEJOYXhZZm05VzhrRUs1bDkiLCJtYWMiOiIxZjIyM2ZjNjQyMTM1YjNiMzM1Yzc5YjZhNDIyY2EyYjg3ZjBjMjMyOGNlNTcwMWQxMzM0NjBmMDJlNDNjYzkzIiwidGFnIjoiIn0%3D; expires=Mon, 16 Dec 2024 20:15:46 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Location: https://sdownload.s3.eu-central-003.backblazeb2.com/users/EBnkmWRDPGR0y/0fgbBiaTVPAcFU3_1734038540.zip?response-content-disposition=attachment%3B%20filename%3D%22Adobe-GenP-3.4.2-CGP.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0031c3f441a07cd0000000001%2F20241216%2Feu-central-003%2Fs3%2Faws4_request&X-Amz-Date=20241216T181546Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=b5cd388ca683ab2a188e2fdb74410a0d38fe5dc52b8056b3d7be860963bc0214
Vary: Accept-Encoding,User-Agent

GET sdownload.s3.eu-central-003.backblazeb2.com/users/EBnkmWRDPGR0y/0fgbBiaTVPAcFU3_1734038540.zip?response-content-disposition=attachment%3B%20filename%3D%22Adobe-GenP-3.4.2-CGP.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0031c3f441a07cd0000000001%2F20241216%2Feu-central-003%2Fs3%2Faws4_request&X-Amz-Date=20241216T181546Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=b5cd388ca683ab2a188e2fdb74410a0d38fe5dc52b8056b3d7be860963bc0214

45.11.37.254

200

741 kB

URL User Request GET HTTP/1.1
sdownload.s3.eu-central-003.backblazeb2.com/users/EBnkmWRDPGR0y/0fgbBiaTVPAcFU3_1734038540.zip?response-content-disposition=attachment%3B%20filename%3D%22Adobe-GenP-3.4.2-CGP.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0031c3f441a07cd0000000001%2F20241216%2Feu-central-003%2Fs3%2Faws4_request&X-Amz-Date=20241216T181546Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=b5cd388ca683ab2a188e2fdb74410a0d38fe5dc52b8056b3d7be860963bc0214
IP
45.11.37.254:443
ASN
#40401 BACKBLAZE

Certificate
IssuerLet's Encrypt
Subjectbackblazeb2.com
Fingerprint83:0E:92:83:1D:E2:A5:DD:C2:37:DF:5B:DA:CF:C0:ED:02:55:BA:F0
ValidityFri, 15 Nov 2024 18:39:05 GMT - Thu, 13 Feb 2025 18:39:04 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
741 kB (740913 bytes)
Hash
08d5c8105b2c3c592dc9470615cc0174
66b3eb4da007023b36b2e47dc5a8b6d81147b438
799e746efefe5b536f532d1d7f93ca03ddc2bd571494e5c6bb34a54fe274f79c

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 16/64

HTTP Headers

GET /users/EBnkmWRDPGR0y/0fgbBiaTVPAcFU3_1734038540.zip?response-content-disposition=attachment%3B%20filename%3D%22Adobe-GenP-3.4.2-CGP.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0031c3f441a07cd0000000001%2F20241216%2Feu-central-003%2Fs3%2Faws4_request&X-Amz-Date=20241216T181546Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=b5cd388ca683ab2a188e2fdb74410a0d38fe5dc52b8056b3d7be860963bc0214 HTTP/1.1
Host: sdownload.s3.eu-central-003.backblazeb2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Mon, 16 Dec 2024 18:15:46 GMT
Content-Type: application/zip
Content-Length: 740913
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Thu, 12 Dec 2024 21:22:20 GMT
ETag: "08d5c8105b2c3c592dc9470615cc0174"
Content-Disposition: attachment; filename="Adobe-GenP-3.4.2-CGP.zip"
x-amz-server-side-encryption: AES256
x-amz-request-id: e2e65a19d92e8151
x-amz-id-2: aMUZjwDNmZj80hDQTMUphIzADNyZjQ2Q8
x-amz-version-id: 4_z114ce34f54e4c12a70570c1d_f109b8beb0a08f296_d20241212_m212220_c003_v0312008_t0012_u01734038540912
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=63072000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers