Report - 5.42.65.64/files/msgbox2.file

Report Overview

Submitted URL
5.42.65.64/files/msgbox2.file
IP
5.42.65.64
ASN
#210352 Partner LLC
Submitted
2024-04-20 11:01:28
Access
public
Website Title
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
5.42.65.64	unknown	unknown	2023-12-07	2024-04-14	399 B	74 kB	5.42.65.64

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 11:00:50	low	5.42.65.64	Client IP	ET INFO Packed Executable Download
2024-04-20 11:00:50	high	5.42.65.64	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2024-04-20 11:00:50	medium	5.42.65.64	Client IP	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
2024-04-20 11:00:50	low	5.42.65.64	Client IP	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	5.42.65.64/files/msgbox2.file	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	5.42.65.64	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
5.42.65.64/files/msgbox2.file
IP
5.42.65.64
ASN
#210352 Partner LLC

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
Size
74 kB (74240 bytes)
Hash
65ea5410c5869dd9aa8511bdbeaab5bd
cdd0d5e4bfae2d9d5e8f9b300c1e7bf6050196da
d87d9fc0475f77301abc81d105c1603e74e6f03210694418fc20c7c8c6f1b393

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 47/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

5.42.65.64/files/msgbox2.file

5.42.65.64

74 kB

URL
5.42.65.64/files/msgbox2.file
IP
5.42.65.64:0
ASN
#210352 Partner LLC

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
Size
74 kB (74240 bytes)
Hash
65ea5410c5869dd9aa8511bdbeaab5bd
cdd0d5e4bfae2d9d5e8f9b300c1e7bf6050196da
d87d9fc0475f77301abc81d105c1603e74e6f03210694418fc20c7c8c6f1b393

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 47/72

NIDS	Severity	Alert
suricata	low	ET INFO Packed Executable Download
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	medium	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
suricata	low	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

HTTP Headers

GET /files/msgbox2.file HTTP/1.1
Host: 5.42.65.64
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 20 Apr 2024 11:00:50 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Mon, 15 Jan 2024 20:41:43 GMT
ETag: "12200-60f020ab0f1ce"
Accept-Ranges: bytes
Content-Length: 74240
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers