Report - www.exacq.com/reseller/evCmdLineShim.zip

Report Overview

Submitted URL
www.exacq.com/reseller/evCmdLineShim.zip
IP
45.60.155.58
ASN
#19551 INCAPSULA
Submitted
2024-04-24 07:08:58
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnprivate.exacq.com	unknown	2002-10-30	2022-03-31	2024-04-16	1.2 kB	143 kB	143.204.55.64
www.exacq.com	247017	2002-10-30	2012-12-19	2024-01-27	494 B	1.3 kB	45.60.155.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdnprivate.exacq.com/evCmdLineShim.zip?response-content-disposition=attachment%3Bfilename%3D%22evCmdLineShim.zip%22&Expires=1713960589&Signature=Rt5nfZtx9sMSlEyYRPEajauplry4xPRWUD6vserW0v2xFISWQFiodOh0Iq4xYLRdZX40OOhcNfgrsth9j2vacOugqqZwd7ZatE0Ais6U~T560YaXtpUAgLkbB6nnFk-25YBcCIy7uRVJp7xIdCbumsMgBGKGveSAJJ57U-RA9rn2d-mIQVIW~IAIS0Yvr5i1us~O8QWGu4a48re8~fgRG94TJaMfpPF0~KR4xKTScUgkznmSD9iFOh4A1RFa0HQShrApQMI~AT5H4DMZoLH~VnGNivnqKHj21M5mIhfz2vSX24jL4Z5pYDm-xMtBKJK08GrhhUvSdWdWZJCZkdpnyQ__&Key-Pair-Id=APKAJZSQDEUYL3NYM3SA
IP
143.204.55.64
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
142 kB (142408 bytes)
Hash
5d699825d03aa04924fd374631901a1d
fa5e7732447a68830970c52e905b323f3b8a64a3
6c9c669790ceb374cf9bbe540535e57024e8f5d42a508f606df7aed45411faa2

Archive (19)

Filename

Md5

File type

evCmdLineShim.cpp

c02d186fea8142520c5eb5e3c3526c25

C source, ASCII text, with CRLF line terminators

evCmdLineShim.h

37e3b510bb3d7d2ccacb36d3b4c4e682

C++ source, ASCII text, with CRLF, LF line terminators

evCmdLineShim.sln

ea8a90ca25520b55b697e3af5a73b149

ASCII text, with CRLF line terminators

Resource.h

4cd9b23d2db40b994b6a66f3c0630369

C source, ASCII text, with CRLF line terminators

small.ico

a1ed0c69ab3bdf217a91e7aa6d06df79

MS Windows icon resource - 8 icons, 32x32, 16 colors, 16x16, 16 colors

stdafx.cpp

c458cef53967edd84d00e77c42fd0be1

C source, ASCII text, with CRLF line terminators

stdafx.h

932f0421bc2690f25a13231aa9754f56

C source, ASCII text, with CRLF line terminators

strptime.c

c7bd0790096fa03a70dd335147deeff9

C source, ASCII text

termToInput.xml

d82ba4a0ab907d3a1237b9249dc1c629

XML 1.0 document, ASCII text, with CRLF line terminators

tinystr.cpp

63d6e7055afbcaad2008fb48138fd0ed

C source, ISO-8859 text, with CRLF line terminators

tinystr.h

c170b22d07deda5a3b30256c5e8dfa9c

C++ source, ASCII text, with CRLF line terminators

tinyxml.cpp

553d576cfaee0d362a4104491f665bdd

C source, ASCII text, with CRLF line terminators

tinyxml.h

3e1d9122200270bbc811c37627e2c88b

C++ source, ASCII text, with CRLF line terminators

tinyxmlerror.cpp

899d050f34fb3addd79b553013af8b82

C source, ASCII text, with CRLF line terminators

tinyxmlparser.cpp

412ddf02f78e44f24000823e032abe94

C++ source, ASCII text, with CRLF line terminators

evCmdLineShim.exe

992634daf2a9e63d23eddd29b714c1d5

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

evCmdLineShim.rc

243290b74d24ba4741aa94123c0f2942

C source, ASCII text, with CRLF line terminators

evCmdLineShim.vcproj

e9442b1fb7eaec5a7dcff0f932644d64

XML 1.0 document, ASCII text, with CRLF line terminators

evCmdLineShim.ico

a1ed0c69ab3bdf217a91e7aa6d06df79

MS Windows icon resource - 8 icons, 32x32, 16 colors, 16x16, 16 colors

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

www.exacq.com/reseller/evCmdLineShim.zip

45.60.155.58

302 Found

0 B

URL User Request GET HTTP/2
www.exacq.com/reseller/evCmdLineShim.zip
IP
45.60.155.58:443
ASN
#19551 INCAPSULA

Certificate
IssuerGlobalSign nv-sa
Subjectimperva.com
FingerprintC5:84:04:6E:80:C1:43:47:5A:56:1F:54:55:48:76:58:42:88:9F:5C
ValidityTue, 23 Apr 2024 18:33:58 GMT - Sun, 20 Oct 2024 18:33:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /reseller/evCmdLineShim.zip HTTP/1.1
Host: www.exacq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 24 Apr 2024 07:09:49 GMT
server: Apache
strict-transport-security: max-age=0; includeSubDomains
location: https://cdnprivate.exacq.com/evCmdLineShim.zip?response-content-disposition=attachment%3Bfilename%3D%22evCmdLineShim.zip%22&Expires=1713960589&Signature=Rt5nfZtx9sMSlEyYRPEajauplry4xPRWUD6vserW0v2xFISWQFiodOh0Iq4xYLRdZX40OOhcNfgrsth9j2vacOugqqZwd7ZatE0Ais6U~T560YaXtpUAgLkbB6nnFk-25YBcCIy7uRVJp7xIdCbumsMgBGKGveSAJJ57U-RA9rn2d-mIQVIW~IAIS0Yvr5i1us~O8QWGu4a48re8~fgRG94TJaMfpPF0~KR4xKTScUgkznmSD9iFOh4A1RFa0HQShrApQMI~AT5H4DMZoLH~VnGNivnqKHj21M5mIhfz2vSX24jL4Z5pYDm-xMtBKJK08GrhhUvSdWdWZJCZkdpnyQ__&Key-Pair-Id=APKAJZSQDEUYL3NYM3SA
access-control-allow-origin: *
content-length: 0
content-type: text/html; charset=UTF-8
set-cookie: visid_incap_2116476=vW0C+NauRzGloO95l++2OfCvKGYAAAAAQUIPAAAAAAD1sZx9u7uTOuewDsyvFzyk; expires=Wed, 23 Apr 2025 22:23:48 GMT; HttpOnly; path=/; Domain=.exacq.com
nlbi_2116476=K59kCpuCiHa2Q9iloJrtRQAAAAB6xNBTXDRtDPROFytU9pk3; path=/; Domain=.exacq.com
incap_ses_723_2116476=aKKdVn83cDOArRIIsJwICvCvKGYAAAAA1Bb36MI42mELOYnJleOgRA==; path=/; Domain=.exacq.com
x-incap-sess-cookie-hdr: 2W74EOWBb1KArRIIsJwICvCvKGYAAAAATJNklACv9kPlw7ofeRqJBA==
x-cdn: Imperva
x-iinfo: 0-9588074-9588076 NNNN CT(35 38 0) RT(1713942512586 37) q(0 0 0 1) r(1 1) U11
X-Firefox-Spdy: h2

cdnprivate.exacq.com/evCmdLineShim.zip?response-content-disposition=attachment%3Bfilename%3D%22evCmdLineShim.zip%22&Expires=1713960589&Signature=Rt5nfZtx9sMSlEyYRPEajauplry4xPRWUD6vserW0v2xFISWQFiodOh0Iq4xYLRdZX40OOhcNfgrsth9j2vacOugqqZwd7ZatE0Ais6U~T560YaXtpUAgLkbB6nnFk-25YBcCIy7uRVJp7xIdCbumsMgBGKGveSAJJ57U-RA9rn2d-mIQVIW~IAIS0Yvr5i1us~O8QWGu4a48re8~fgRG94TJaMfpPF0~KR4xKTScUgkznmSD9iFOh4A1RFa0HQShrApQMI~AT5H4DMZoLH~VnGNivnqKHj21M5mIhfz2vSX24jL4Z5pYDm-xMtBKJK08GrhhUvSdWdWZJCZkdpnyQ__&Key-Pair-Id=APKAJZSQDEUYL3NYM3SA

143.204.55.64

200 OK

142 kB

URL User Request GET HTTP/1.1
cdnprivate.exacq.com/evCmdLineShim.zip?response-content-disposition=attachment%3Bfilename%3D%22evCmdLineShim.zip%22&Expires=1713960589&Signature=Rt5nfZtx9sMSlEyYRPEajauplry4xPRWUD6vserW0v2xFISWQFiodOh0Iq4xYLRdZX40OOhcNfgrsth9j2vacOugqqZwd7ZatE0Ais6U~T560YaXtpUAgLkbB6nnFk-25YBcCIy7uRVJp7xIdCbumsMgBGKGveSAJJ57U-RA9rn2d-mIQVIW~IAIS0Yvr5i1us~O8QWGu4a48re8~fgRG94TJaMfpPF0~KR4xKTScUgkznmSD9iFOh4A1RFa0HQShrApQMI~AT5H4DMZoLH~VnGNivnqKHj21M5mIhfz2vSX24jL4Z5pYDm-xMtBKJK08GrhhUvSdWdWZJCZkdpnyQ__&Key-Pair-Id=APKAJZSQDEUYL3NYM3SA
IP
143.204.55.64:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subject*.exacq.com
Fingerprint0B:6F:E7:2F:EF:A5:5F:F4:83:E4:E3:0E:77:2B:C8:7D:5D:79:CF:EB
ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 19 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
142 kB (142408 bytes)
Hash
5d699825d03aa04924fd374631901a1d
fa5e7732447a68830970c52e905b323f3b8a64a3
6c9c669790ceb374cf9bbe540535e57024e8f5d42a508f606df7aed45411faa2

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

HTTP Headers

GET /evCmdLineShim.zip?response-content-disposition=attachment%3Bfilename%3D%22evCmdLineShim.zip%22&Expires=1713960589&Signature=Rt5nfZtx9sMSlEyYRPEajauplry4xPRWUD6vserW0v2xFISWQFiodOh0Iq4xYLRdZX40OOhcNfgrsth9j2vacOugqqZwd7ZatE0Ais6U~T560YaXtpUAgLkbB6nnFk-25YBcCIy7uRVJp7xIdCbumsMgBGKGveSAJJ57U-RA9rn2d-mIQVIW~IAIS0Yvr5i1us~O8QWGu4a48re8~fgRG94TJaMfpPF0~KR4xKTScUgkznmSD9iFOh4A1RFa0HQShrApQMI~AT5H4DMZoLH~VnGNivnqKHj21M5mIhfz2vSX24jL4Z5pYDm-xMtBKJK08GrhhUvSdWdWZJCZkdpnyQ__&Key-Pair-Id=APKAJZSQDEUYL3NYM3SA HTTP/1.1
Host: cdnprivate.exacq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: visid_incap_2116476=vW0C+NauRzGloO95l++2OfCvKGYAAAAAQUIPAAAAAAD1sZx9u7uTOuewDsyvFzyk; nlbi_2116476=K59kCpuCiHa2Q9iloJrtRQAAAAB6xNBTXDRtDPROFytU9pk3; incap_ses_723_2116476=aKKdVn83cDOArRIIsJwICvCvKGYAAAAA1Bb36MI42mELOYnJleOgRA==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 142408
Connection: keep-alive
Date: Wed, 24 Apr 2024 07:08:34 GMT
Last-Modified: Thu, 18 Sep 2014 17:29:24 GMT
ETag: "5d699825d03aa04924fd374631901a1d"
x-amz-meta-mode: 33204
x-amz-meta-gid: 1003
x-amz-meta-uid: 33
x-amz-meta-mtime: 1280802463
x-amz-version-id: null
Content-Disposition: attachment;filename="evCmdLineShim.zip"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3G4IRbiW_-xlhFEDwmnqiNJlH_oqDHJ_DM91t8Rg6W3fDcCB-WkKxQ==

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers