Report - www.climahom.eu/software/SW_2/AK/AnClim_full

Report Overview

Visited public
2024-06-25 00:10:00
Tags
URL
www.climahom.eu/software/SW_2/AK/AnClim_full_upDate.exe
Finishing URL
about:privatebrowsing
IP / ASN
77.240.188.210
#24641 FASTER CZ spol. s r.o.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-23 18:17:21	1.6 kB	4.4 kB	23.36.77.32
www.climahom.eu	unknown	unknown	2014-11-28 18:34:42	2023-10-26 07:20:40	425 B	953 kB	77.240.188.210

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-06-25 00:09:35	high	77.240.188.210	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.climahom.eu/software/SW_2/AK/AnClim_full_upDate.exe
IP
77.240.188.210
ASN
#24641 FASTER CZ spol. s r.o.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 4 sections
Size
952 kB (952292 bytes)
Hash
a3f14d9f8f1486db3d72e5d141ef724a
5894055929ab36872336fb9343861649219bb111
401f84996019b02aaecc1028f354ef904fc88d51af760f78c27382d16be483ec

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/72

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
31c219b3ac9b4615f1a78cd882995e6c
1bb1aedb59500ceabd4f44ae9b7317c544084afd
6e8de7454df9b981f3c2bd8746558f3eb5c48599c66fc0f5301169c0ed42c8fe

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6E8DE7454DF9B981F3C2BD8746558F3EB5C48599C66FC0F5301169C0ED42C8FE"
Last-Modified: Sat, 22 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9773
Expires: Tue, 25 Jun 2024 02:52:27 GMT
Date: Tue, 25 Jun 2024 00:09:34 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
dde85d8b98d987e689b49d48b4e9c101
dc216668cb1aecc24c39cb73e97b67eb59e1b6f0
0ac50fc7a95e3ddb87878aefb9db1ec28b7b85dbe40ffa43a498c641d6355618

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0AC50FC7A95E3DDB87878AEFB9DB1EC28B7B85DBE40FFA43A498C641D6355618"
Last-Modified: Mon, 24 Jun 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9221
Expires: Tue, 25 Jun 2024 02:43:15 GMT
Date: Tue, 25 Jun 2024 00:09:34 GMT
Connection: keep-alive

www.climahom.eu/software/SW_2/AK/AnClim_full_upDate.exe

77.240.188.210

200 OK

952 kB

URL User Request GET HTTP/1.1
www.climahom.eu/software/SW_2/AK/AnClim_full_upDate.exe
IP
77.240.188.210:80
ASN
#24641 FASTER CZ spol. s r.o.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 4 sections
Size
952 kB (952292 bytes)
Hash
a3f14d9f8f1486db3d72e5d141ef724a
5894055929ab36872336fb9343861649219bb111
401f84996019b02aaecc1028f354ef904fc88d51af760f78c27382d16be483ec

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/72

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /software/SW_2/AK/AnClim_full_upDate.exe HTTP/1.1
Host: www.climahom.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 25 Jun 2024 00:09:34 GMT
Content-Type: application/octet-stream
Content-Length: 952292
Connection: keep-alive
Last-Modified: Fri, 16 Apr 2021 16:06:17 GMT
ETag: "e87e4-5c01928f326df"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fe36e270c1ecfa3891cc7b505e7894b6
ce43401e7146eb139a1e3caf7db957e6b9531dc3
bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802"
Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18160
Expires: Tue, 25 Jun 2024 05:12:16 GMT
Date: Tue, 25 Jun 2024 00:09:36 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fe36e270c1ecfa3891cc7b505e7894b6
ce43401e7146eb139a1e3caf7db957e6b9531dc3
bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802"
Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18160
Expires: Tue, 25 Jun 2024 05:12:16 GMT
Date: Tue, 25 Jun 2024 00:09:36 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fe36e270c1ecfa3891cc7b505e7894b6
ce43401e7146eb139a1e3caf7db957e6b9531dc3
bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802"
Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18160
Expires: Tue, 25 Jun 2024 05:12:16 GMT
Date: Tue, 25 Jun 2024 00:09:36 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers