Report - www.abacom-online.de/demos/lochmaster40(demo).exe

Report Overview

Visited public
2024-02-09 12:41:22
Tags
URL
www.abacom-online.de/demos/lochmaster40(demo).exe
Finishing URL
about:privatebrowsing
IP / ASN
159.255.168.37
#8881 1&1 Versatel Deutschland GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.abacom-online.de	unknown	unknown	2017-01-30 13:21:10	2024-02-03 06:03:14	1.5 kB	9.1 MB	159.255.168.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.abacom-online.de/DEMOS/LochMaster40(Demo).exe
IP
159.255.168.37
ASN
#8881 1&1 Versatel Deutschland GmbH

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
Size
9.1 MB (9120552 bytes)
Hash
75780514fe4789c439a0fe62e4160ba2
e2dc76b6a92cddf011f8f098f3ad386855e96be6
bc3bcd7796c55c3c4df5eb40ec8cf139ad44b052a05e0812e767c44fa6178cf0

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/69

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

www.abacom-online.de/demos/lochmaster40(demo).exe

159.255.168.37

301 Moved Permanently

265 B

URL User Request GET HTTP/2
www.abacom-online.de/demos/lochmaster40(demo).exe
IP
159.255.168.37:443
ASN
#8881 1&1 Versatel Deutschland GmbH

Certificate
IssuerDigiCert Inc
Subjectabacom-online.de
Fingerprint45:53:AF:A1:A8:44:0E:55:FD:FE:C7:70:73:B0:9B:4B:B4:FC:51:6D
ValidityTue, 05 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
265 B (265 bytes)
Hash
93a80fbd700da16d250cd08f532f8103
1f5d8e52291af4342e7468399c77474af73af74d
1b30f42ef74d7f384e65739d502186287c1e20bda88131e0ab10d7840fdaecea

HTTP Headers

GET /demos/lochmaster40(demo).exe HTTP/1.1
Host: www.abacom-online.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
strict-transport-security: max-age=63072000
location: https://www.abacom-online.de/DEMOS/lochmaster40(demo).exe
content-length: 265
content-type: text/html; charset=iso-8859-1
date: Fri, 09 Feb 2024 12:40:56 GMT
server: Apache/2.4.52
X-Firefox-Spdy: h2

www.abacom-online.de/DEMOS/lochmaster40(demo).exe

159.255.168.37

301 Moved Permanently

265 B

URL User Request GET HTTP/2
www.abacom-online.de/DEMOS/lochmaster40(demo).exe
IP
159.255.168.37:443
ASN
#8881 1&1 Versatel Deutschland GmbH

Certificate
IssuerDigiCert Inc
Subjectabacom-online.de
Fingerprint45:53:AF:A1:A8:44:0E:55:FD:FE:C7:70:73:B0:9B:4B:B4:FC:51:6D
ValidityTue, 05 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
265 B (265 bytes)
Hash
81124e6f052a249bfb5dde5e0feb7989
24d2bab07854dc2ba173968495001cb633e4719d
623745337685b9b9b13b3707e646ecb85206dad8d2c239f10bfe65018de820d0

HTTP Headers

GET /DEMOS/lochmaster40(demo).exe HTTP/1.1
Host: www.abacom-online.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
strict-transport-security: max-age=63072000
location: https://www.abacom-online.de/DEMOS/LochMaster40(Demo).exe
content-length: 265
content-type: text/html; charset=iso-8859-1
date: Fri, 09 Feb 2024 12:40:56 GMT
server: Apache/2.4.52
X-Firefox-Spdy: h2

www.abacom-online.de/DEMOS/LochMaster40(Demo).exe

159.255.168.37

200 OK

9.1 MB

URL User Request GET HTTP/2
www.abacom-online.de/DEMOS/LochMaster40(Demo).exe
IP
159.255.168.37:443
ASN
#8881 1&1 Versatel Deutschland GmbH

Certificate
IssuerDigiCert Inc
Subjectabacom-online.de
Fingerprint45:53:AF:A1:A8:44:0E:55:FD:FE:C7:70:73:B0:9B:4B:B4:FC:51:6D
ValidityTue, 05 Sep 2023 00:00:00 GMT - Sat, 05 Oct 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
Size
9.1 MB (9120552 bytes)
Hash
75780514fe4789c439a0fe62e4160ba2
e2dc76b6a92cddf011f8f098f3ad386855e96be6
bc3bcd7796c55c3c4df5eb40ec8cf139ad44b052a05e0812e767c44fa6178cf0

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/69

HTTP Headers

GET /DEMOS/LochMaster40(Demo).exe HTTP/1.1
Host: www.abacom-online.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=63072000
last-modified: Tue, 14 Feb 2023 10:55:08 GMT
etag: "8b2b28-5f4a6cc0afc58"
accept-ranges: bytes
content-length: 9120552
content-type: application/x-msdos-program
date: Fri, 09 Feb 2024 12:40:56 GMT
server: Apache/2.4.52
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers