Report - www.vssweb.net/ivsweb.exe

Report Overview

Visitedpublic

2025-01-01 10:43:35

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
www.vssweb.net	unknown	2012-05-29	2013-05-20	2024-12-25	395 B	2.5 MB	143.204.42.116

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-01 10:43:10	high	143.204.42.116	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2025-01-01 10:43:10	high	143.204.42.116	Client IP	ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-01	medium	www.vssweb.net/ivsweb.exe	Scans presence of the found strings using the in-house brute force method

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.vssweb.net/ivsweb.exe

IP / ASN

143.204.42.116

#16509 AMAZON-02

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

Size2.5 MB (2484168 bytes)

MD562424b81a9fd50ce888f49c81adfc2ab

SHA13ef9fbcdcc662698c48d363930fe0982d2129cc9

SHA256d1e377b8360d6f1c1d4626b1bac0330ff5088863f94ddcef1c471bd6c5585360

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
VirusTotal	suspicious	VirusTotal - Scan result 1/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET www.vssweb.net/ivsweb.exe

143.204.42.116

200 OK

2.5 MB

URL

www.vssweb.net/ivsweb.exe

IP / ASN

143.204.42.116

#16509 AMAZON-02

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

First Seen2023-06-01

Last Seen2025-05-23

Times Seen146

Size2.5 MB (2484168 bytes)

MD562424b81a9fd50ce888f49c81adfc2ab

SHA13ef9fbcdcc662698c48d363930fe0982d2129cc9

SHA256d1e377b8360d6f1c1d4626b1bac0330ff5088863f94ddcef1c471bd6c5585360

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method
VirusTotal	suspicious	VirusTotal - Scan result 1/72
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	high	ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

HTTP Headers

GET /ivsweb.exe HTTP/1.1
Host: www.vssweb.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 01 Jan 2025 10:43:09 GMT
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=87B0E572013EBFDD3869D99A3BD18F81; Path=/; HttpOnly
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 871PKtFu5FcawASC_EHFBwKMn2shqlXYHRzLidO6-avshXGohcD-rg==