Report - 141.94.246.41/apt-repo/Esturgeon/V2.1/Dependecies/ICSharpCode.SharpZipLib.dll

Report Overview

Visited public
2025-02-08 12:28:54
Tags
URL
141.94.246.41/apt-repo/Esturgeon/V2.1/Dependecies/ICSharpCode.SharpZipLib.dll
Finishing URL
about:privatebrowsing
IP / ASN
141.94.246.41
#16276 OVH SAS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
141.94.246.41	unknown	unknown	No data	No data	735 B	191 kB	141.94.246.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-08 12:28:27	medium	Client IP	141.94.246.41	ET INFO Dotted Quad Host DLL Request
2025-02-08 12:28:27	high	141.94.246.41	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-08	medium	141.94.246.41	Sinkholed
2025-02-08	medium	141.94.246.41	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
141.94.246.41/apt-repo/Esturgeon/V2.1/Dependecies/ICSharpCode.SharpZipLib.dll
IP
141.94.246.41
ASN
#16276 OVH SAS

File type
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size
188 kB (188416 bytes)
Hash
70ecb43c490ed5b16dafaff662bf7653
7306f3b64daf3cb0c4b96df281f0189af81c73f8
b4cba17e1123333356bf7e80a20e3adffd8ec335c14da1a249d1b10f3d7cfd0b

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

141.94.246.41/

141.94.246.41

200 OK

2.1 kB

URL
141.94.246.41/
IP
141.94.246.41:0
ASN
#16276 OVH SAS

File type
HTML document, Unicode text, UTF-8 text
Size
2.1 kB (2054 bytes)
Hash
348c005af2f73e7d4bf12679120e48a1
e0d698b3bbb004587292abee72be27fe157c50d5
a404642533b17037986f830fbb9cde7bb91c807d2b3c0d73c5d807a780e31a90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 141.94.246.41
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Feb 2025 12:28:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline';
Last-Modified: Sun, 13 Oct 2024 00:13:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2054
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

141.94.246.41/apt-repo/Esturgeon/V2.1/Dependecies/ICSharpCode.SharpZipLib.dll

141.94.246.41

200 OK

188 kB

URL
141.94.246.41/apt-repo/Esturgeon/V2.1/Dependecies/ICSharpCode.SharpZipLib.dll
IP
141.94.246.41:0
ASN
#16276 OVH SAS

File type
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size
188 kB (188416 bytes)
Hash
70ecb43c490ed5b16dafaff662bf7653
7306f3b64daf3cb0c4b96df281f0189af81c73f8
b4cba17e1123333356bf7e80a20e3adffd8ec335c14da1a249d1b10f3d7cfd0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Dotted Quad Host DLL Request
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /apt-repo/Esturgeon/V2.1/Dependecies/ICSharpCode.SharpZipLib.dll HTTP/1.1
Host: 141.94.246.41
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Feb 2025 12:28:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline';
Last-Modified: Sat, 12 Oct 2024 23:54:38 GMT
Accept-Ranges: bytes
Content-Length: 188416
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers