Report - files.catbox.moe/if7fle.zip

Report Overview

Visited public
2025-02-22 19:50:38
Tags
URL
files.catbox.moe/if7fle.zip
Finishing URL
about:privatebrowsing
IP / ASN
108.181.20.35
#40676 AS40676
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
files.catbox.moe	174913	2015-04-06	2015-06-29	2025-02-19	493 B	78 kB	108.181.20.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-22 19:50:08	medium	Client IP	108.181.20.35	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
2025-02-22 19:50:08	medium	Client IP	108.181.20.35	ETPRO INFO .moe Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-02-22	medium	files.catbox.moe/if7fle.zip	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
files.catbox.moe/if7fle.zip
IP
108.181.20.35
ASN
#40676 AS40676

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
77 kB (77032 bytes)
Hash
4a1f789fc3b2bf2f1b0c77923d24ea97
193cdb98fd35037731b553a138135dbb32fcf1d7
c85a0fc3fe0c72d8ff985e7bc804b1c6504ef2c0fadb5ad08b851570b5721f4a

Archive (25)

Filename

Md5

File type

Add-ContextMenu-OpenCurrentFolderInTerminalAsAdmin-Remove.reg

acbf56aee423c83d6e02d4259f1a2eb3

ASCII text

Lower-RAM-Usage.reg

b939ed69caf02ee880dceeedf918f0da

ASCII text

Remove-Default-Folders.reg

08f401b89ba96acab5d7afa1f4c37b93

Windows Registry little-endian text (Win2K or above)

Disable-Services-ToManual.ps1

dad647374413fc58f2da9d3abd47b364

ASCII text

Add-Telemetry-IPS-To-Firewall.ps1

f8c63c40fd09070dfcf640326373be02

ASCII text

Disable-Windows-Telemetry.ps1

75c6da7f173b00981bfc29e7ac7235e6

ASCII text

Disable-DotNetCLI-Telemetry.ps1

f798ecbac143876cf6371a30f04038bd

ASCII text, with no line terminators

Enable-Old-Photo-Viewer.reg

e6a5aa6b2fc55983a4a83989595d3850

ASCII text

Add-ContextMenu-OpenCurrentFolderInTerminalAsAdmin.reg

626bc4eece901db3cf5a7b0897f1cb5b

ASCII text

Add-ContextMenu-OpenPowershellFilesAsAdmin.reg

e7b3303b3ed19f1629f086d92604f2ee

Windows Registry little-endian text (Win2K or above)

Prevents-Apps-from-Reinstalling.ps1

7b7fac6bd831f06bd86ad88f516045b2

ASCII text

Disable-PowerShell-Telemetry.ps1

8494901ddb10d71a277eb0ecabc4932c

ASCII text, with no line terminators

Disable-Services.ps1

0e7d1ad9de4dfe1d9e5545c1698cf97b

ASCII text

Remove-Temp-Files.ps1

f53c0a996d178779c026ee7e58dd751e

ASCII text

Disable-OneDrive-Integration.ps1

0d401074aaa496916ac45df23ee02f02

ASCII text

.gitignore

2241916aad050c07b2199dd72bdf39be

ASCII text

Fix-Privacy-Settings.ps1

615da9bf6f55f75a3b7c1acfbf8cb9bb

ASCII text

Disable-Domains-Telemetry-via-Host.ps1

f1a7d4a7c3c85bf2ce5d3ad4dda126d0

ASCII text

Remove-Default-Apps.ps1

13a41b7e363c89e1964ed472e3321d10

ASCII text

.gitattributes

13f0aecd22cc1f06c8225ae5e692ff31

ASCII text

Disable-Scheduled-Tasks.ps1

ef8c7ce8163d43f8a77130faaeccdb1e

ASCII text

Remove-Edge.bat

34976c5af0c5883cd1c9756ce0140edd

DOS batch file, ASCII text

Improve-SSD-Life.ps1

56cd243e75f262b3a424cde855e063e1

ASCII text

Disable-Win11-Widgets.ps1

ea6b016496668d393fabb58d047f3882

ASCII text

Disable-Edge-Prelaunch.reg

b133ded4279812b50a369b22c77881d7

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

files.catbox.moe/if7fle.zip

108.181.20.35

200 OK

77 kB

URL User Request GET HTTP/2
files.catbox.moe/if7fle.zip
IP
108.181.20.35:443
ASN
#40676 AS40676

Certificate
IssuerLet's Encrypt
Subjectcatbox.moe
FingerprintB5:5A:B8:A7:91:E0:17:AA:A0:D6:DE:BB:16:73:C2:7B:A2:33:CA:C7
ValidityTue, 18 Feb 2025 04:56:41 GMT - Mon, 19 May 2025 04:56:40 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
77 kB (77032 bytes)
Hash
4a1f789fc3b2bf2f1b0c77923d24ea97
193cdb98fd35037731b553a138135dbb32fcf1d7
c85a0fc3fe0c72d8ff985e7bc804b1c6504ef2c0fadb5ad08b851570b5721f4a

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

HTTP Headers

GET /if7fle.zip HTTP/1.1
Host: files.catbox.moe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 22 Feb 2025 19:50:08 GMT
content-type: application/zip
content-length: 77032
last-modified: Fri, 07 Feb 2025 03:02:20 GMT
etag: "67a577bc-12ce8"
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers