Report - d1.amobbs.com/new2012/forum/201811/26/123714vh1k8kyp9g2c5h29.zip

Report Overview

Visitedpublic

2025-01-27 08:49:21

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
d1.amobbs.com	unknown	2012-03-13	2013-08-25	2025-01-07	518 B	135 kB	14.152.95.147

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-27 08:48:57	low	14.152.95.147	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-01-27 08:48:57	low	14.152.95.147	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

d1.amobbs.com/new2012/forum/201811/26/123714vh1k8kyp9g2c5h29.zip

IP / ASN

14.152.95.147

#4134 Chinanet

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size135 kB (134864 bytes)

MD51aea887b8ed1de9c65e154045e3220d2

SHA17ec90fc66ad84aee790b64122b45e2121a1900b7

SHA256379f80c05e33d6e8dc8bf06084afb5be66d99773cad107f0cb24e9a70622112c

Archive (1)

Modified	Filename	Size	MD5	File type
2018-10-23 12:17	MicroKMS_v18.10.06.exe	235 kB	01bfe259962659d03bfae57d1736d2ee	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects ConfuserEx packed file
VirusTotal	malicious	VirusTotal - Scan result 32/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET d1.amobbs.com/new2012/forum/201811/26/123714vh1k8kyp9g2c5h29.zip

14.152.95.147

200 OK

135 kB

URL

d1.amobbs.com/new2012/forum/201811/26/123714vh1k8kyp9g2c5h29.zip

IP / ASN

14.152.95.147

#4134 Chinanet

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size135 kB (134864 bytes)

MD51aea887b8ed1de9c65e154045e3220d2

SHA17ec90fc66ad84aee790b64122b45e2121a1900b7

SHA256379f80c05e33d6e8dc8bf06084afb5be66d99773cad107f0cb24e9a70622112c

Certificate Info

IssuerZeroSSL

Subject*.amobbs.com

FingerprintF8:64:0D:35:56:43:83:A7:97:7F:A9:02:8B:7A:48:E8:EA:F6:95:57

ValidityWed, 18 Dec 2024 00:00:00 GMT - Tue, 18 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 32/65

HTTP Headers

GET /new2012/forum/201811/26/123714vh1k8kyp9g2c5h29.zip HTTP/1.1
Host: d1.amobbs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Jan 2025 08:48:57 GMT
content-type: application/zip
content-length: 134864
last-modified: Mon, 26 Nov 2018 04:37:14 GMT
etag: "5bfb787a-20ed0"
accept-ranges: bytes
X-Firefox-Spdy: h2