Report - ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe

Report Overview

Visited public
2025-05-10 08:09:01
Tags
URL
ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe
Finishing URL
ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe
IP / ASN
108.61.0.122
#20473 AS-VULTR
Title
ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe

Detections

urlquery

0

Network Intrusion Detection

1

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ewr1.vultrobjects.com	364990	2019-02-15	2019-10-22	2025-05-09	1.6 kB	1.6 kB	108.61.0.122

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-10 08:08:29	low	Client IP	108.61.0.122	ET INFO Observed Suspicious Domain (vultrobjects .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe	108.61.0.122	403 Forbidden	230 B
URL User Request GET ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe IP 108.61.0.122:443 ASN #20473 AS-VULTR Certificate IssuerLet's Encrypt Subjectewr1.vultrobjects.com Fingerprint79:2F:40:69:9B:07:33:6B:BE:A7:39:49:01:9B:68:E1:AC:1D:1D:1D ValidityFri, 02 May 2025 05:31:36 GMT - Thu, 31 Jul 2025 05:31:35 GMT File type XML 1.0 document, ASCII text, with no line terminators Size 230 B (230 bytes) Hash 55a4801218e72f0d5a5d82d79f5d83dd 2dacfbf9a85e607422f46eae88d131f3928ac108 788e2adcde28ede6f11489a083e3fa5dad4a4374031c9ce4ccfe3efdcb06e2a8 HTTP Headers GET /down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe HTTP/1.1 Host: ewr1.vultrobjects.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 403 Forbidden content-length: 230 bucket: down x-amz-request-id: tx00000f0f519c8130e951b-00681f097e-6ee736f2-ewr1 accept-ranges: bytes content-type: application/xml date: Sat, 10 May 2025 08:08:30 GMT strict-transport-security: max-age=31536000; includeSubDomains X-Firefox-Spdy: h2`

	ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe	108.61.0.122	403 Forbidden	230 B
URL User Request GET ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe IP 108.61.0.122:443 ASN #20473 AS-VULTR Certificate IssuerLet's Encrypt Subjectewr1.vultrobjects.com Fingerprint79:2F:40:69:9B:07:33:6B:BE:A7:39:49:01:9B:68:E1:AC:1D:1D:1D ValidityFri, 02 May 2025 05:31:36 GMT - Thu, 31 Jul 2025 05:31:35 GMT File type XML 1.0 document, ASCII text, with no line terminators Size 230 B (230 bytes) Hash baa5f7e64fb28832616ce696e7748fc8 5511fd6588795578a5a852e320773bebc743479c b9dbfd03b356756fc45a7891d1294942b6eec171a1d18e2049e537f8b20ddbb9 HTTP Headers GET /down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe HTTP/1.1 Host: ewr1.vultrobjects.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 403 Forbidden content-length: 230 bucket: down x-amz-request-id: tx00000787d86a1102f115f-00681f097e-6ee7365c-ewr1 accept-ranges: bytes content-type: application/xml date: Sat, 10 May 2025 08:08:30 GMT strict-transport-security: max-age=31536000; includeSubDomains X-Firefox-Spdy: h2`

	ewr1.vultrobjects.com/favicon.ico	108.61.0.122	404 Not Found	237 B
URL GET ewr1.vultrobjects.com/favicon.ico IP 108.61.0.122:443 ASN #20473 AS-VULTR Requested by https://ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe Certificate IssuerLet's Encrypt Subjectewr1.vultrobjects.com Fingerprint79:2F:40:69:9B:07:33:6B:BE:A7:39:49:01:9B:68:E1:AC:1D:1D:1D ValidityFri, 02 May 2025 05:31:36 GMT - Thu, 31 Jul 2025 05:31:35 GMT File type XML 1.0 document, ASCII text, with no line terminators Size 237 B (237 bytes) Hash f8075906aa851dfbabf756b2cd76304a e5395bab4b8785a264ddcba848201fffc0b3cf02 4d0eb4297c0fb598f78c103ffb038e4f3d0eaec93f36631f12143680eaa01b3f HTTP Headers `GET /favicon.ico HTTP/1.1 Host: ewr1.vultrobjects.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://ewr1.vultrobjects.com/down/new-bucket-60f273fc/windowsproxy_2.1.6.2.exe Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 404 Not Found content-length: 237 bucket: favicon.ico x-amz-request-id: tx0000004d89cefbeec3259-00681f097e-6ee736f2-ewr1 accept-ranges: bytes content-type: application/xml date: Sat, 10 May 2025 08:08:30 GMT strict-transport-security: max-age=31536000; includeSubDomains X-Firefox-Spdy: h2`