Report - fluffyquack.com/tools/modmanager.zip

Report Overview

Submitted URL
fluffyquack.com/tools/modmanager.zip
IP
173.236.140.179
ASN
#26347 DREAMHOST-AS
Submitted
2024-04-20 15:58:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fluffyquack.com	unknown	2016-02-01	2019-02-20	2024-04-17	490 B	3.0 MB	173.236.140.179

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
fluffyquack.com/tools/modmanager.zip
IP
173.236.140.179
ASN
#26347 DREAMHOST-AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.0 MB (3022646 bytes)
Hash
cefe5be9ab297ec1eb740863a828ff86
dd7ba38e6bcdcea1f0118d68ded79a3d5471a88d
7df6c9189dcbdfc371236da79adc389cb2b120b461bb0c89cb28121af898c76a

Archive (13)

Filename

Md5

File type

change-log.txt

7ddd5906124a4e987bcc0cd29a5b3036

ASCII text, with very long lines (373), with CRLF line terminators

fmodex64.dll

cee3e9d37c493645aee0ce82a1d7c9ce

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

Modmanager.exe

153f831b986d29dfbd215ecdbc015ce5

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

readme.txt

9587509d40b82ab7530b0fb244c1760c

ASCII text, with very long lines (456), with CRLF line terminators

unrar.dll

09a5c3876b5171509888f27161338c5b

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

Updater.exe

889aba32b715f667b3e16cfff1183b94

PE32+ executable (console) x86-64, for MS Windows, 6 sections

Data.pkg

13ea2633cbfb4da2e49b089380a4f4bd

data

default.cfg

7d27f95f44a24d15ee6269e69609b200

ASCII text, with CRLF line terminators

modmanager.txt

25cae94ce252a718c60892bf32341ca4

ASCII text, with CRLF line terminators

curl.txt

f2faa0bf2144d22fe44ed56f9f0f1297

ASCII text, with very long lines (482), with CRLF line terminators

disclaimer.txt

676fedb938f8c42d68c46aa80f663c02

ASCII text, with CRLF line terminators

LICENSE

292e2564dd2edd7c3ee1eb1e50480e25

ASCII text, with CRLF line terminators

Apache License.txt

0cc1a9e33dd7a6eb0b79927742cf005c

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

fluffyquack.com/tools/modmanager.zip

173.236.140.179

200 OK

3.0 MB

URL User Request GET HTTP/2
fluffyquack.com/tools/modmanager.zip
IP
173.236.140.179:443
ASN
#26347 DREAMHOST-AS

Certificate
IssuerLet's Encrypt
Subjectwww.fluffyquack.com
FingerprintAC:22:AB:5C:41:BC:5A:FC:2E:1B:BF:9C:D0:6D:0C:0B:4E:A7:D0:68
ValidityFri, 08 Mar 2024 21:07:17 GMT - Thu, 06 Jun 2024 21:07:16 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.0 MB (3022646 bytes)
Hash
cefe5be9ab297ec1eb740863a828ff86
dd7ba38e6bcdcea1f0118d68ded79a3d5471a88d
7df6c9189dcbdfc371236da79adc389cb2b120b461bb0c89cb28121af898c76a

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/64

HTTP Headers

GET /tools/modmanager.zip HTTP/1.1
Host: fluffyquack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sat, 13 Apr 2024 00:59:40 GMT
etag: "2e1f36-615efe735dd62"
accept-ranges: bytes
content-length: 3022646
cache-control: max-age=172800
expires: Mon, 22 Apr 2024 15:58:04 GMT
vary: User-Agent
content-type: application/zip
date: Sat, 20 Apr 2024 15:58:04 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers