Report - grntexpresscourier.com/File/payload.exe

Report Overview

Visited public
2023-08-30 07:08:48
Tags
URL
grntexpresscourier.com/File/payload.exe
Finishing URL
grntexpresscourier.com/File/payload.exe
IP / ASN
5.79.79.209
#60781 LeaseWeb Netherlands B.V.
Title
Loading...

Detections

urlquery

0

Network Intrusion Detection

2

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
grntexpresscourier.com	unknown	unknown	2021-06-05 15:09:22	2023-03-07 06:41:57	1.3 kB	1.3 kB	5.79.79.209

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-30 07:08:19	medium	5.79.79.209	Client IP	ET INFO TLS Handshake Failure
2023-08-30 07:08:20	medium	5.79.79.209	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	grntexpresscourier.com/File/payload.exe	5.79.79.209		499 B
URL User Request GET grntexpresscourier.com/File/payload.exe IP 5.79.79.209:0 ASN #60781 LeaseWeb Netherlands B.V. File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (499), with no line terminators Size 499 B (499 bytes) Hash 85aaa240f1cb23c72b5daeb2636744fb 9af20fa21c1e1d7ad35408b6c1754db8d7975a1b 6948f850927a149df4ec3d3913cf022f46aabb83ceb42b135c5704591a5086e1 HTTP Headers `GET /File/payload.exe HTTP/1.1 Host: grntexpresscourier.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile cache-control: max-age=0, private, must-revalidate connection: close content-length: 499 content-type: text/html; charset=utf-8 date: Wed, 30 Aug 2023 07:08:29 GMT server: nginx set-cookie: sid=05f1bfa4-4704-11ee-9751-9cfea648c002; path=/; domain=.grntexpresscourier.com; expires=Mon, 17 Sep 2091 10:22:37 GMT; max-age=2147483647; HttpOnly`

	grntexpresscourier.com/File/payload.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY5MzM4NjUxMCwiaWF0IjoxNjkzMzc5MzEwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydTAxZjBsa2ZlcDRxaGVkNXMyMXJqa2IiLCJuYmYiOjE2OTMzNzkzMTAsInRzIjoxNjkzMzc5MzEwMDMyNDAyfQ.JmkaDQS5pbcLiIYhcs9d5AKqqdespLUPMRpL_slHooI&sid=05f1bfa4-4704-11ee-9751-9cfea648c002	5.79.79.209	429 Too Many Requests	17 B
URL User Request GET HTTP/1.1 grntexpresscourier.com/File/payload.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY5MzM4NjUxMCwiaWF0IjoxNjkzMzc5MzEwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydTAxZjBsa2ZlcDRxaGVkNXMyMXJqa2IiLCJuYmYiOjE2OTMzNzkzMTAsInRzIjoxNjkzMzc5MzEwMDMyNDAyfQ.JmkaDQS5pbcLiIYhcs9d5AKqqdespLUPMRpL_slHooI&sid=05f1bfa4-4704-11ee-9751-9cfea648c002 IP 5.79.79.209:80 ASN #60781 LeaseWeb Netherlands B.V. File type ASCII text, with no line terminators Size 17 B (17 bytes) Hash eeb13468b73d93fa8bcbe3ebae6df720 1f55c90d5ce61c6447e923443d496b137be35c63 802600d124464157037a2519acb3cff90b97670fd04809ea902fbb95497a12ca HTTP Headers GET /File/payload.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY5MzM4NjUxMCwiaWF0IjoxNjkzMzc5MzEwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydTAxZjBsa2ZlcDRxaGVkNXMyMXJqa2IiLCJuYmYiOjE2OTMzNzkzMTAsInRzIjoxNjkzMzc5MzEwMDMyNDAyfQ.JmkaDQS5pbcLiIYhcs9d5AKqqdespLUPMRpL_slHooI&sid=05f1bfa4-4704-11ee-9751-9cfea648c002 HTTP/1.1 Host: grntexpresscourier.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://grntexpresscourier.com/File/payload.exe DNT: 1 Connection: keep-alive Cookie: sid=05f1bfa4-4704-11ee-9751-9cfea648c002 Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 429 Too Many Requests cache-control: max-age=0, private, must-revalidate connection: close content-length: 17 date: Wed, 30 Aug 2023 07:08:30 GMT server: nginx set-cookie: sid=05f1bfa4-4704-11ee-9751-9cfea648c002; path=/; domain=.grntexpresscourier.com; expires=Mon, 17 Sep 2091 10:22:37 GMT; max-age=2147483647; HttpOnly`