Report - www.phoner.de/PhonerLite64.zip

Report Overview

Visited public
2025-05-14 15:32:27
Tags
URL
www.phoner.de/PhonerLite64.zip
Finishing URL
about:privatebrowsing
IP / ASN
217.160.0.28
#8560 IONOS SE
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.phoner.de	unknown	unknown	2012-05-30	2025-05-08	498 B	6.4 MB	217.160.0.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.phoner.de/PhonerLite64.zip
IP
217.160.0.28
ASN
#8560 IONOS SE

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.4 MB (6384842 bytes)
Hash
b4637b2e41d01550526ebdf98c1555c0
a7032b361559ea14c1a31f7fd83705c5014bedf0
42657232542d181a58ebb6254bd60d07603034abf2755158e93674b4fa2d0dfa

Archive (13)

Filename

Md5

File type

CallWaiting.wav

c88bbbf018c2327562742a5f9604858d

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 Hz

licencia.txt

48ca9c60ea9fb6f0d913f4887caf0d57

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

license.txt

1bc6bd32405c6683695b994267503ebc

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

licença.txt

77bada53a83f916082763ed85ca13a99

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

lizenz.txt

08226c96cf1a4e3e69be55ccef67e7a3

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

PhonerLite.exe

3950153ab266122305db2dbda3c2e341

PE32+ executable (GUI) x86-64, for MS Windows, 12 sections

provider.ini

a6ed3ceba55a0a429a965f30eb8dfa8f

Generic INItialization configuration [sipgate DE]

RingIn.wav

1f0a66b2c2c625535bf487e0a8268ddb

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 Hz

RingInInternal.wav

63def6439c8f078d295213cb6c3df646

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 Hz

sipper64.dll

3f8ae3d0eee28419c38ac13b4078853d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

WebView2Loader.dll

bceebc73cb9e3f239b99575c0d38951c

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

Ліцензія.txt

a1d44bd0a63ac600e64c951ec5938e27

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Лицензия.txt

0be85d921c31ccb1ec725bdd207d1429

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.phoner.de/PhonerLite64.zip	217.160.0.28	200 OK	6.4 MB
URL User Request GET www.phoner.de/PhonerLite64.zip IP 217.160.0.28:443 ASN #8560 IONOS SE Certificate IssuerDigiCert Inc Subject.phoner.de Fingerprint8D:F8:3B:CE:69:A7:8F:8D:D4:E0:2E:15:40:DB:5C:E7:57:B1:8A:C9 ValidityTue, 03 Sep 2024 00:00:00 GMT - Thu, 18 Sep 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 6.4 MB (6384842 bytes) Hash b4637b2e41d01550526ebdf98c1555c0 a7032b361559ea14c1a31f7fd83705c5014bedf0 42657232542d181a58ebb6254bd60d07603034abf2755158e93674b4fa2d0dfa HTTP Headers `GET /PhonerLite64.zip HTTP/1.1 Host: www.phoner.de User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/zip content-length: 6384842 x-ws-ratelimit-limit: 1000 x-ws-ratelimit-remaining: 999 date: Wed, 14 May 2025 15:31:52 GMT server: Apache last-modified: Tue, 22 Apr 2025 09:52:02 GMT etag: "616cca-6335aefc2c3f8" accept-ranges: bytes X-Firefox-Spdy: h2`

www.phoner.de/PhonerLite64.zip

217.160.0.28

200 OK

6.4 MB

URL User Request GET
www.phoner.de/PhonerLite64.zip
IP
217.160.0.28:443
ASN
#8560 IONOS SE

Certificate
IssuerDigiCert Inc
Subject*.phoner.de
Fingerprint8D:F8:3B:CE:69:A7:8F:8D:D4:E0:2E:15:40:DB:5C:E7:57:B1:8A:C9
ValidityTue, 03 Sep 2024 00:00:00 GMT - Thu, 18 Sep 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.4 MB (6384842 bytes)
Hash
b4637b2e41d01550526ebdf98c1555c0
a7032b361559ea14c1a31f7fd83705c5014bedf0
42657232542d181a58ebb6254bd60d07603034abf2755158e93674b4fa2d0dfa

HTTP Headers

GET /PhonerLite64.zip HTTP/1.1
Host: www.phoner.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
content-length: 6384842
x-ws-ratelimit-limit: 1000
x-ws-ratelimit-remaining: 999
date: Wed, 14 May 2025 15:31:52 GMT
server: Apache
last-modified: Tue, 22 Apr 2025 09:52:02 GMT
etag: "616cca-6335aefc2c3f8"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers