Report - www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview

Report Overview

Submitted URL
www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
IP
146.247.62.219
ASN
#24851 Netcetera Ltd.
Submitted
2024-03-29 15:31:28
Access
public
Website Title
foobar2000: Downloading
Final URL
www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.foobar2000.org	unknown	2003-05-12	2017-01-30	2024-03-28	2.5 kB	6.8 MB	146.247.62.219
www.dbpoweramp.com	unknown	2000-10-06	2012-06-23	2024-03-22	1.3 kB	25 kB	146.247.62.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.foobar2000.org/files/foobar2000-x64_v2.2_preview_2024-03-28.exe
IP
146.247.62.219
ASN
#24851 Netcetera Ltd.

File type
PE32+ executable (GUI) x86-64, for MS Windows, Nullsoft Installer self-extracting archive, 6 sections
Size
6.8 MB (6823665 bytes)
Hash
e575bf4055ba0b71ad2bbae1a94bc75f
754408cdffa25521fa0435e757aebe895a542999
2c5a2972a99beab25f33c47eb8802d57555c156234dbf6709ecaca54fdb95b32

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/72

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe

146.247.62.219

200 OK

4.9 kB

URL User Request GET HTTP/1.1
www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
IP
146.247.62.219:443
ASN
#24851 Netcetera Ltd.

Certificate
IssuerLet's Encrypt
Subjectfoobar2000.org
Fingerprint62:BC:D3:8F:24:F9:6F:D3:EC:B6:03:3B:A1:86:11:A4:27:4D:D1:A1
ValiditySun, 25 Feb 2024 11:06:02 GMT - Sat, 25 May 2024 11:06:01 GMT

File type
HTML document, ASCII text, with very long lines (553), with CRLF, LF line terminators
Size
4.9 kB (4853 bytes)
Hash
b3a6a156917733242992704138d3b54a
251c50963b096f99263f2c8080cbbab0364b3a07
d7f9542cafd738bdb0c72dc7269d42c5f5809dedb77854efa718545701e5f29f

HTTP Headers

GET /getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe HTTP/1.1
Host: www.foobar2000.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 15:31:02 GMT
Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
X-Powered-By: PHP/7.2.24
Cache-Control: no-cache, must-revalidate
refresh: 0;URL=https://www.foobar2000.org/files/foobar2000-x64_v2.2_preview_2024-03-28.exe
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.foobar2000.org/foo.css

146.247.62.219

200 OK

11 kB

URL GET HTTP/1.1
www.foobar2000.org/foo.css
IP
146.247.62.219:443
ASN
#24851 Netcetera Ltd.

Requested by
https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Certificate
IssuerLet's Encrypt
Subjectfoobar2000.org
Fingerprint62:BC:D3:8F:24:F9:6F:D3:EC:B6:03:3B:A1:86:11:A4:27:4D:D1:A1
ValiditySun, 25 Feb 2024 11:06:02 GMT - Sat, 25 May 2024 11:06:01 GMT

File type
ASCII text, with CRLF line terminators
Size
11 kB (10658 bytes)
Hash
3fa59845ef149e03eb02d72bfbc360e9
ccba7e56dba6e624656f02d7eb050048b8ca6af9
b3b35938140bb5b4da00e4464bc41808eca0fd7e5a81377eb8d876145f83c75b

HTTP Headers

GET /foo.css HTTP/1.1
Host: www.foobar2000.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 15:31:02 GMT
Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
Last-Modified: Mon, 25 Mar 2024 14:09:17 GMT
ETag: "29a2-6147cb81bb3f5"
Accept-Ranges: bytes
Content-Length: 10658
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.foobar2000.org/foobarlogo.png

146.247.62.219

200 OK

2.0 kB

URL GET HTTP/1.1
www.foobar2000.org/foobarlogo.png
IP
146.247.62.219:443
ASN
#24851 Netcetera Ltd.

Requested by
https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Certificate
IssuerLet's Encrypt
Subjectfoobar2000.org
Fingerprint62:BC:D3:8F:24:F9:6F:D3:EC:B6:03:3B:A1:86:11:A4:27:4D:D1:A1
ValiditySun, 25 Feb 2024 11:06:02 GMT - Sat, 25 May 2024 11:06:01 GMT

File type
PNG image data, 325 x 48, 8-bit grayscale, non-interlaced
Size
2.0 kB (1965 bytes)
Hash
649faad465256523c4b8a71b246fd701
8d4b7242af31fa8f593b458193692990d26ab404
e8994afefe90a159680f2c2ba834e1a26d15fe0bc21c5cf143cc92b2202b2ced

HTTP Headers

GET /foobarlogo.png HTTP/1.1
Host: www.foobar2000.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 15:31:02 GMT
Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
Last-Modified: Mon, 15 Mar 2021 14:24:30 GMT
ETag: "7ad-5bd94020e146c"
Accept-Ranges: bytes
Content-Length: 1965
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

www.dbpoweramp.com/images/cd-ripper-secure.png

146.247.62.217

200 OK

12 kB

URL GET HTTP/2
www.dbpoweramp.com/images/cd-ripper-secure.png
IP
146.247.62.217:443
ASN
#24851 Netcetera Ltd.

Requested by
https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Certificate
IssuerLet's Encrypt
Subjectdbpoweramp.com
Fingerprint8A:B9:6E:9E:23:F5:A8:25:22:29:58:E9:A3:DE:5A:63:63:C8:49:24
ValidityWed, 14 Feb 2024 19:43:42 GMT - Tue, 14 May 2024 19:43:41 GMT

File type
PNG image data, 80 x 122, 8-bit/color RGB, non-interlaced
Size
12 kB (12261 bytes)
Hash
09d06cbba1a098ffdf60ec97282206cd
8026de01dcf17a82c866f74774a8b5fe6e4f71e1
76262697f670426d701e47bf4abe2576a84a9f666e482c7bd5c2ee8469d99871

HTTP Headers

GET /images/cd-ripper-secure.png HTTP/1.1
Host: www.dbpoweramp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.foobar2000.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 17 Jun 2016 11:36:09 GMT
accept-ranges: bytes
etag: "a09b7f718cc8d11:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Fri, 29 Mar 2024 15:26:13 GMT
content-length: 12261
X-Firefox-Spdy: h2

www.dbpoweramp.com/images/dmc/dmc.png

146.247.62.217

200 OK

5.0 kB

URL GET HTTP/2
www.dbpoweramp.com/images/dmc/dmc.png
IP
146.247.62.217:443
ASN
#24851 Netcetera Ltd.

Requested by
https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Certificate
IssuerLet's Encrypt
Subjectdbpoweramp.com
Fingerprint8A:B9:6E:9E:23:F5:A8:25:22:29:58:E9:A3:DE:5A:63:63:C8:49:24
ValidityWed, 14 Feb 2024 19:43:42 GMT - Tue, 14 May 2024 19:43:41 GMT

File type
PNG image data, 160 x 122, 8-bit colormap, non-interlaced
Size
5.0 kB (4951 bytes)
Hash
c7ac8a693bb4b4d4fb79c33b65ea8f2e
af13c7ae6895891122030d940623fa62c886313c
0dc42c8306f0db5b0393531edf3602af04a5e72dcfbeec013f93e957f70b471a

HTTP Headers

GET /images/dmc/dmc.png HTTP/1.1
Host: www.dbpoweramp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.foobar2000.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 17 Jun 2016 11:36:42 GMT
accept-ranges: bytes
etag: "4a7740858cc8d11:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Fri, 29 Mar 2024 15:26:13 GMT
content-length: 4951
X-Firefox-Spdy: h2

www.dbpoweramp.com/images/pt-art-main.png

146.247.62.217

200 OK

7.3 kB

URL GET HTTP/2
www.dbpoweramp.com/images/pt-art-main.png
IP
146.247.62.217:443
ASN
#24851 Netcetera Ltd.

Requested by
https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Certificate
IssuerLet's Encrypt
Subjectdbpoweramp.com
Fingerprint8A:B9:6E:9E:23:F5:A8:25:22:29:58:E9:A3:DE:5A:63:63:C8:49:24
ValidityWed, 14 Feb 2024 19:43:42 GMT - Tue, 14 May 2024 19:43:41 GMT

File type
PNG image data, 106 x 106, 8-bit/color RGB, non-interlaced
Size
7.3 kB (7317 bytes)
Hash
2a393852574af6bea1f37ca78ca3b93c
5d0629a57481adbb2c960df0a7971d7302ce18c2
707114f37343ca7a0fbcf2cee770d2e34b2ff4ef6b29afbe2b16b2410d1f9f05

HTTP Headers

GET /images/pt-art-main.png HTTP/1.1
Host: www.dbpoweramp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.foobar2000.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 17 Jun 2016 11:36:23 GMT
accept-ranges: bytes
etag: "f289aa798cc8d11:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Fri, 29 Mar 2024 15:26:13 GMT
content-length: 7317
X-Firefox-Spdy: h2

www.foobar2000.org/files/foobar2000-x64_v2.2_preview_2024-03-28.exe

146.247.62.219

200 OK

6.8 MB

URL User Request GET HTTP/1.1
www.foobar2000.org/files/foobar2000-x64_v2.2_preview_2024-03-28.exe
IP
146.247.62.219:443
ASN
#24851 Netcetera Ltd.

Certificate
IssuerLet's Encrypt
Subjectfoobar2000.org
Fingerprint62:BC:D3:8F:24:F9:6F:D3:EC:B6:03:3B:A1:86:11:A4:27:4D:D1:A1
ValiditySun, 25 Feb 2024 11:06:02 GMT - Sat, 25 May 2024 11:06:01 GMT

File type
PE32+ executable (GUI) x86-64, for MS Windows, Nullsoft Installer self-extracting archive, 6 sections
Size
6.8 MB (6823665 bytes)
Hash
e575bf4055ba0b71ad2bbae1a94bc75f
754408cdffa25521fa0435e757aebe895a542999
2c5a2972a99beab25f33c47eb8802d57555c156234dbf6709ecaca54fdb95b32

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/72

HTTP Headers

GET /files/foobar2000-x64_v2.2_preview_2024-03-28.exe HTTP/1.1
Host: www.foobar2000.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 15:31:03 GMT
Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
Last-Modified: Thu, 28 Mar 2024 14:17:09 GMT
ETag: "681ef1-614b92dc669fe"
Accept-Ranges: bytes
Content-Length: 6823665
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream

www.foobar2000.org/favicon.ico

0.0.0.0

0 B

URL GET
www.foobar2000.org/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Certificate
IssuerLet's Encrypt
Subjectfoobar2000.org
Fingerprint62:BC:D3:8F:24:F9:6F:D3:EC:B6:03:3B:A1:86:11:A4:27:4D:D1:A1
ValiditySun, 25 Feb 2024 11:06:02 GMT - Sat, 25 May 2024 11:06:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.foobar2000.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.foobar2000.org/getfile/foobar2000-x64_v2.2_preview_2024-03-28.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2