Report - invoice4c.yolasite.com/resources/INVOICE.zip

Report Overview

Submitted URL
invoice4c.yolasite.com/resources/INVOICE.zip
IP
172.64.144.105
ASN
#13335 CLOUDFLARENET
Submitted
2023-04-30 05:28:05
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
invoice4c.yolasite.com	unknown		2022-07-06	2023-04-29	408 B	97 kB	172.64.144.105
www.infinitytech.com.hk	unknown		2013-11-16	2023-04-12	456 B	22 MB	34.117.168.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-30 05:27:49	high	Client IP	172.64.144.105	ET MALWARE Possible Malicious Invoice EXE

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-30	medium	invoice4c.yolasite.com/resources/INVOICE.zip

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
invoice4c.yolasite.com/resources/INVOICE.zip
IP
172.64.144.105
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
97 kB (96679 bytes)
Hash
fc3f20c03bd60ee38705ee8f71306c80
d169880ea63921083b2a95fb70cef398ed5b4bcb
d02807e0d879fcca5a7c4e695fab9195cd2b1e3fe0beeba28146280cd072bd24

Detections

Analyzer	Verdict	Alert
VirusTotal	50/66	VirusTotal -

JavaScript (2)

	URL	Size	First Seen	Last Seen
	resource://activity-stream/data/content/activity-stream.bundle.js	515 kB	2023-04-05	2023-05-06
Pretty URL resource://activity-stream/data/content/activity-stream.bundle.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-05 09:01:43 Last Seen2023-05-06 01:12:05 Times Seen129 Hash 98fb1d2cafc4c7b72bc3fb9eb16de356 a1ebbf5dc5bd0a95c87a1d724027c0467e471f1e 2a2aabbc8f26fd8ff52ed2556b94befb0d4f22f08295acc47fe2d88b37e0f17f Loading...

	resource://activity-stream/data/content/newtab-render.js	424 B	2023-04-12	2023-05-05
Pretty URL resource://activity-stream/data/content/newtab-render.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-12 07:14:53 Last Seen2023-05-05 20:54:56 Times Seen116 Hash c14133fffff201b4a1e74ff4086a7290 21c0511c662d89193eefdd883719f16646b50a4b 733eeabce980690a5899ebea87f7f91087f25fdc69e1d5306099246eb1942578 Loading...

HTTP Transactions (2)

URL IP Response Size

invoice4c.yolasite.com/resources/INVOICE.zip

172.64.144.105

200 OK

97 kB

URL User Request GET HTTP/1.1
invoice4c.yolasite.com/resources/INVOICE.zip
IP
172.64.144.105:80
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
97 kB (96679 bytes)
Hash
fc3f20c03bd60ee38705ee8f71306c80
d169880ea63921083b2a95fb70cef398ed5b4bcb
d02807e0d879fcca5a7c4e695fab9195cd2b1e3fe0beeba28146280cd072bd24

Detections

Analyzer	Verdict	Alert
fortinet	Malware
VirusTotal	50/66	VirusTotal -

NIDS	Severity	Alert
suricata	high	ET MALWARE Possible Malicious Invoice EXE

HTTP Headers

GET /resources/INVOICE.zip HTTP/1.1
Host: invoice4c.yolasite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 30 Apr 2023 05:27:50 GMT
Content-Type: application/zip
Content-Length: 96679
Connection: keep-alive
ETag: "09a03c85b2ded9d88550eb77318a1f49"
Last-Modified: Tue, 05 Jul 2022 08:22:50 GMT
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Set-Cookie: __cf_bm=NNPdM_.WhyDaGa4cVdIQrHygI0BCrfaHlQ37TECaVFk-1682832470-0-AUjMzqsaWUrcVIDeD1LqCRivSfqqhmr73nah1lYhBJFIbDGRvJKMJT0pbC7VWnzWFf00wcRqDMsgNr2+e1LW+nf6x5Qlvp2jHFXkaqp8g+9Q; path=/; expires=Sun, 30-Apr-23 05:57:50 GMT; domain=.yolasite.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bfd60b87843b4f1-OSL
alt-svc: h2=":443"; ma=60

www.infinitytech.com.hk/_files/archives/2cfb98_6a36f0fc525042cbab2a3c41f954a486.zip?lang=en

34.117.168.233

22 MB

URL
www.infinitytech.com.hk/_files/archives/2cfb98_6a36f0fc525042cbab2a3c41f954a486.zip?lang=en
IP
34.117.168.233:0
ASN
#15169 GOOGLE

File type
data
Size
22 MB (21629346 bytes)
Hash
be79dd58a1b740c61b56940b19d8caa0
02fbcf6bb5832dc4529eae0045067c82b152ba71
823f5bb0bcf0f791653f67a70242311746c6d541e12df8e9dfe6fe81c229dcbb

HTTP Headers

GET /_files/archives/2cfb98_6a36f0fc525042cbab2a3c41f954a486.zip?lang=en HTTP/1.1
Host: www.infinitytech.com.hk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=34430976-
If-Unmodified-Since: Fri, 29 Oct 2021 02:28:00 GMT

HTTP/2 206 Partial Content
date: Sun, 30 Apr 2023 05:27:49 GMT
content-type: application/x-zip-compressed
content-length: 21629346
expires: Sun, 30 Apr 2023 06:27:49 GMT
cache-control: public, max-age=15552000, immutable
last-modified: Fri, 29 Oct 2021 02:28:00 GMT
accept-ranges: bytes
content-range: bytes 34430976-56060321/56060322
access-control-allow-origin: *
access-control-expose-headers: Content-Length
timing-allow-origin: *
x-robots-tag: noindex, nofollow
x-wix-request-id: 1682832469.341246593202016297
content-disposition: inline; filename="ChequeReadyUpgrade_nodb.zip"; filename*=UTF-8''ChequeReadyUpgrade_nodb.zip
strict-transport-security: max-age=3600
age: 0
x-seen-by: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMcelXbngm2n121fQs6sauqp,qquldgcFrj2n046g4RNSVBKUaXHrucSLmP/C0nqrtU9YgeUJqUXtid+86vZww+nL,2d58ifebGbosy5xc+FRalq6Z9rj82pHHOQzz6pL1XM6V9JyOEIaSINEppgheHPUX3QpI/ucnHvfrUjeESIoVeqHK5Gk8szI2fCw2/M6wCBY=,2UNV7KOq4oGjA5+PKsX47PeE4JkJeK48Oko5cEfOjJRYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDpwCp7vZ4yS0Zdx4PMfXLQz4=,xTu8fpDe3EKPsMR1jrheENLaV7RhVEBNmmUjhYH2lpI=,55qjwvOxGQ2IECG75U03eu1HID6bocmPeow1YmaqqqZbJo7CASNmU3P1IR8EkK52vGQ2Otd3B2C27oTTIAKJtQ==,gcp.us-central-1.media-router-77bc6f7769-4n6xm
x-content-type-options: nosniff
server: Pepyaka/1.19.10
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers