Report - sandberg.cz/cs/download/995/driver/133-96

Report Overview

Submitted URL
sandberg.cz/cs/download/995/driver/133-96_Win7Driver.zip
IP
104.21.81.109
ASN
#13335 CLOUDFLARENET
Submitted
2024-03-29 09:48:24
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sandberg.cz	unknown	2020-01-27	2016-08-17	2024-03-27	510 B	5.1 MB	172.67.159.87
cdn.sandberg.world	unknown	2020-01-23	2020-08-11	2024-03-15	511 B	5.1 MB	194.242.11.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
sandberg.cz/cs/download/995/driver/133-96_Win7Driver.zip
IP
172.67.159.87
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.1 MB (5060936 bytes)
Hash
cdff67a3e4aa265086883deccced5e54
6fad875be9025ca5a886bab91296d54188146457
6f1b856cd565eb24cd0c4d75f053d1c09a1cb8f5b8a835bf87f562227fffd9c0

Archive (8)

Filename

Md5

File type

AUTORUN.INF

e1bf0754a41070d22fd45e24d491dfb9

Microsoft Windows Autorun file

Cam1210_110.msi

71018ccc5d1637de5c37ab219220f7fd

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Code page: 950, Title: USB Video Camera Driver v1.10, Create Time/Date: Mon Jun 21 07:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Template: Intel;1033,2052, Last Saved By: Intel;1028, Revision Number: {926B578B-505F-4820-A62D-088E1124FED4}1.1.00;{926B578B-505F-4820-A62D-088E1124FED4}1.1.00;{1227631F-4901-4A62-9577-8947CA4E2F42}, Number of Pages: 200, Number of Characters: 32

InstMsiA.Exe

cd91a545478263b4e6902e7d5932077d

PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

InstMsiW.Exe

d0ef61e0a6eb919ba51229d14c3ef5d5

PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive, 3 sections

RunSetup.dll

5a5a5252f076ace135342bed1f225c8a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Setup.Exe

73f0db11f10e7d007d721bb498254bdd

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Setup.Ini

a29dbdf82e9a006d9b66a67dea6f1d76

ASCII text, with CRLF line terminators

TS.ico

23fb5e2a141c70ee15155bda0709cd4e

MS Windows icon resource - 6 icons, 32x32, 16 colors, 16x16, 16 colors

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	detect_Redline_Stealer
YARAhub by abuse.ch	malware	detect_Redline_Stealer
VirusTotal	suspicious	VirusTotal - Scan result 1/65

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

sandberg.cz/cs/download/995/driver/133-96_Win7Driver.zip

172.67.159.87

302 Found

5.1 MB

URL User Request GET HTTP/2
sandberg.cz/cs/download/995/driver/133-96_Win7Driver.zip
IP
172.67.159.87:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsandberg.cz
Fingerprint9C:E4:C4:9B:B5:7E:47:6D:32:06:24:1A:0E:03:D8:9A:FF:BE:89:E8
ValidityThu, 08 Feb 2024 03:40:25 GMT - Wed, 08 May 2024 03:40:24 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.1 MB (5060936 bytes)
Hash
cdff67a3e4aa265086883deccced5e54
6fad875be9025ca5a886bab91296d54188146457
6f1b856cd565eb24cd0c4d75f053d1c09a1cb8f5b8a835bf87f562227fffd9c0

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/65

HTTP Headers

GET /cs/download/995/driver/133-96_Win7Driver.zip HTTP/1.1
Host: sandberg.cz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 29 Mar 2024 09:47:59 GMT
content-type: text/html; charset=UTF-8
location: https://cdn.sandberg.world/support/driver/133-96_Win7Driver.zip
strict-transport-security: max-age=31536000
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-security-policy: default-src 'none'; img-src * data:; media-src *; font-src * data:; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://sandberg.com.ua https://sandberg.hu https://sandberg.gr https://sandberg.sk https://sandberg.com.mx https://sandberg.hr https://sandberg.lv https://sandberg.ro https://sandberg.it https://stats.sandberg.world https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://maps.google.com https://maps.googleapis.com https://player.vimeo.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://www.gstatic.com https://www.google.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://sandberg.com.ua https://sandberg.hu https://sandberg.gr https://sandberg.sk https://sandberg.com.mx https://sandberg.hr https://sandberg.lv https://sandberg.ro https://sandberg.it https://fonts.googleapis.com; connect-src 'self' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://sandberg.com.ua https://sandberg.hu https://sandberg.gr https://sandberg.sk https://sandberg.com.mx https://sandberg.hr https://sandberg.lv https://sandberg.ro https://sandberg.it https://stats.sandberg.world https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vimeo.com https://stats.g.doubleclick.net https://www.facebook.com https://zeroheight.com https://maps.google.com https://maps.googleapis.com https://analytics.tiktok.com https://*.analytics.google.com https://*.analytics.pangle-ads.com https://*.googlesyndication.com https://*.pangle-ads.com
x-frame-options: SAMEORIGIN
cf-cache-status: BYPASS
set-cookie: PHPSESSID=vaqcfkhivb859di3d425p19sk6; path=/; HttpOnly
language=cs; path=/; Max-Age=31536000; SameSite=None; Secure
country=CZ; path=/; Max-Age=31536000; SameSite=None; Secure
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FS4mp8zG%2FRpiWaL6uMkSkshxHENhJFraXL4z%2BocBThw10gV5pLnN%2BRD1ucuoW6FKFtRgcuj4V7EsA2Uy9eB9RS6OlrKH6FICE94FyluvCAoUGEmC%2Frp7a9miiF7mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bef10acbb0b4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.sandberg.world/support/driver/133-96_Win7Driver.zip

194.242.11.186

200 OK

5.1 MB

URL User Request GET HTTP/2
cdn.sandberg.world/support/driver/133-96_Win7Driver.zip
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Certificate
IssuerLet's Encrypt
Subjectcdn.sandberg.world
Fingerprint29:55:F7:E4:E5:9C:33:DB:E2:CD:13:47:AD:1D:F5:7B:BB:8C:29:FF
ValiditySat, 24 Feb 2024 00:12:26 GMT - Fri, 24 May 2024 00:12:25 GMT

File type

Size
5.1 MB (5060936 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /support/driver/133-96_Win7Driver.zip HTTP/1.1
Host: cdn.sandberg.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 09:47:59 GMT
content-type: application/zip
content-length: 5060936
server: BunnyCDN-NO1-830
cdn-pullzone: 139726
cdn-uid: a53af30e-8e30-450d-a2f5-d430de48f8a9
cdn-requestcountrycode: NO
alt-svc: h3=":443"
cache-control: public, max-age=180
etag: "4d3948-5a7b995595000"
last-modified: Wed, 10 Jun 2020 12:00:00 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EHqpmN%2F6LEZWJm56PuqhGrTAqwf8JHqQpt1Y9AJcP2CN3BXzN0zBtPuMriZFCNHbNnHlrCVoQNHjBcYMl32rUA6E927uDuuO45tIyglcWXmCfN7cH3mh9c7wnXqCcy7h75Lfd8c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 86bef10f3f0f56b9-OSL
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/29/2024 09:47:59
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: bc7434b1cc4f59a2aadb303a40b6d21a
cdn-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers