Report - app.insightful.io/updates/win/service/latest/update.zip

Report Overview

Visitedpublic

2024-01-02 22:03:27

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
insightful-updates.io	unknown	2023-08-18	2023-08-18 12:32:33	2023-10-24 16:19:34	517 B	558 kB	188.114.97.1
app.insightful.io	unknown	2020-12-11	2022-05-30 17:19:02	2023-10-03 18:00:54	521 B	488 B	34.96.85.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

insightful-updates.io/win/service/latest/update.zip

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size557 kB (557187 bytes)

MD5b33e10d8208c336d046d7eb360406787

SHA16f881a7fe1a01b061c9553fda852d2f8c8fb3f01

SHA256597b25918fd1e9e1da5aa9a91a6d5776f2d68010bc6c4eef01cbde5b9d5ee77a

Archive (3)

Modified	Filename	Size	MD5	File type
2023-09-07 11:42	DotNetZip.dll	483 kB	4014dedb43c3168eb771f35420e597dd	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2021-03-17 21:03	Newtonsoft.Json.dll	576 kB	486015a44a273c6c554a27b3d498365c	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2023-09-07 11:42	Workpuls.exe	86 kB	6a4b3c2584262db51f8d4977bb349bd3	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	GET app.insightful.io/updates/win/service/latest/update.zip	34.96.85.57	301 Moved Permanently	162 B
URL User Request GET HTTPS app.insightful.io/updates/win/service/latest/update.zip IP / ASN 34.96.85.57 #15169 GOOGLE Requested byN/A Resource Info File typeHTML document, ASCII text, with CRLF line terminators First Seen2023-04-05 Last Seen2025-07-11 Times Seen131096 Size162 B (162 bytes) MD54f8e702cc244ec5d4de32740c0ecbd97 SHA13adb1f02d5b6054de0046e367c1d687b6cdf7aff SHA2569e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a Certificate Info IssuerGoogle Trust Services LLC Subjectapp.insightful.io FingerprintE6:53:3C:3D:5C:96:09:4E:96:DA:D0:06:3C:16:C4:2E:8D:4A:53:B2 ValiditySun, 05 Nov 2023 20:45:24 GMT - Sat, 03 Feb 2024 21:39:52 GMT HTTP Headers GET /updates/win/service/latest/update.zip HTTP/1.1 Host: app.insightful.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 301 Moved Permanently server: nginx date: Tue, 02 Jan 2024 22:03:01 GMT content-type: text/html content-length: 162 location: https://insightful-updates.io/win/service/latest/update.zip content-disposition: attachment via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	GET insightful-updates.io/win/service/latest/update.zip	188.114.97.1	200 OK	557 kB
URL User Request GET HTTPS insightful-updates.io/win/service/latest/update.zip IP / ASN 188.114.97.1 #13335 CLOUDFLARENET Requested byN/A Resource Info File typeZip archive data, at least v2.0 to extract, compression method=deflate First Seen2024-01-02 Last Seen2024-11-17 Times Seen5 Size557 kB (557187 bytes) MD5b33e10d8208c336d046d7eb360406787 SHA16f881a7fe1a01b061c9553fda852d2f8c8fb3f01 SHA256597b25918fd1e9e1da5aa9a91a6d5776f2d68010bc6c4eef01cbde5b9d5ee77a Certificate Info IssuerCloudflare, Inc. Subjectinsightful-updates.io Fingerprint72:2A:23:C2:B2:88:A6:FD:F2:F6:1E:0B:19:DC:6E:CC:2F:C9:60:D2 ValidityFri, 18 Aug 2023 00:00:00 GMT - Fri, 16 Aug 2024 23:59:59 GMT HTTP Headers GET /win/service/latest/update.zip HTTP/1.1 Host: insightful-updates.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Tue, 02 Jan 2024 22:03:01 GMT content-type: application/zip content-length: 557187 etag: "b33e10d8208c336d046d7eb360406787" last-modified: Thu, 14 Sep 2023 11:43:24 GMT vary: Accept-Encoding cache-control: max-age=14400 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMvyQk64GbC2%2F%2BD%2FRbZYwJAOLjER%2BRJEwV4IkVhiR8Bw13FT8UL5UxzWreIBNNrhtaEb3b2%2FAAoRZpw1geB%2FnE7%2Feelil3rEi5Y%2BiwKu3aj7T77u1eIQFXmI5%2FugAmaLIgNi1pIrchY%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 83f64a250f4156c4-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

File detected

Detections

JavaScript (0)

HTTP Transactions (2)

HTTP Headers

HTTP Headers