Report - 185.158.248.133/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0

Report Overview

Visitedpublic

2024-12-19 22:03:39

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
185.158.248.133	unknown	unknown	No data	No data	453 B	1.2 kB	185.158.248.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-19 22:03:14	medium	Client IP	185.158.248.133	ET INFO Dotted Quad Host ZIP Request
2024-12-19 22:03:24	low	185.158.248.133	Client IP	ET HUNTING SUSPICIOUS .LNK File Inside of Zip

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-12-19	medium	185.158.248.133/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0_19%2012%202024.zip	Detects suspicious tiny ZIP files with phishing attachment characteristics
2024-12-19	medium	185.158.248.133/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0_19%2012%202024.zip	Detects suspicius tiny ZIP files with malicious lnk files

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-19	medium	185.158.248.133	Sinkholed

ThreatFox

No alerts detected

File detected

URL

185.158.248.133/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0_19%2012%202024.zip

IP / ASN

185.158.248.133

#9009 M247 Europe SRL

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size916 B (916 bytes)

MD54715f0acc8048ca3424023b4149845ef

SHA161bea4e41f3d1457950213ae313debe53716bbe6

SHA25640ebf60bad346dedf495fd3969d4ffb1819bbc0b3e41faff5e5339719b965c6f

Archive (1)

Modified	Filename	Size	MD5	File type
2024-12-18 11:13	program_19_12_2024.lnk	1.4 kB	03bd5bd30d680541e8d91ad38021d7ff	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=11, Unicoded, MachineID vps-330874 KnownFolderID 1AC14E77-02E7-4E5D-B744-2EB1AE5198B7, Archive, ctime=Sat Sep 15 07:14:14 2018, atime=Sat Sep 15 07:14:14 2018, mtime=Sat Sep 15 07:14:14 2018, length=448000, window=showminnoactive, IDListSize 0x020d, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\", LocalBasePath "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies PowerShell artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies scripting artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies download artefacts in shortcut (LNK) files.
Public Nextron YARA rules	malware	Detects suspicious tiny ZIP files with phishing attachment characteristics
YARAhub by abuse.ch	malware	Detects suspicius tiny ZIP files with malicious lnk files

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET 185.158.248.133/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0_19%2012%202024.zip

185.158.248.133

200 OK

916 B

URL User Request GET HTTP

185.158.248.133/%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0_19%2012%202024.zip

IP / ASN

185.158.248.133

#9009 M247 Europe SRL

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-12-19

Last Seen2024-12-19

Times Seen4

Size916 B (916 bytes)

MD54715f0acc8048ca3424023b4149845ef

SHA161bea4e41f3d1457950213ae313debe53716bbe6

SHA25640ebf60bad346dedf495fd3969d4ffb1819bbc0b3e41faff5e5339719b965c6f

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious tiny ZIP files with phishing attachment characteristics
YARAhub by abuse.ch	malware	Detects suspicius tiny ZIP files with malicious lnk files
Quad9 DNS	malicious	Sinkholed
suricata	medium	ET INFO Dotted Quad Host ZIP Request
suricata	low	ET HUNTING SUSPICIOUS .LNK File Inside of Zip

HTTP Headers

GET /%D0%9F%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%B0_19%2012%202024.zip HTTP/1.1
Host: 185.158.248.133
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 916
Last-Modified: Wed, 18 Dec 2024 11:15:00 GMT
Content-Type: application/x-zip-compressed
Date: Thu, 19 Dec 2024 22:03:14 GMT
ETag: "1ef62e65530cffaa5437219e3f739713-1734520500-916"
Accept-Ranges: bytes
Server: WsgiDAV/4.3.3 Cheroot/10.0.1 Python/3.12.2