Report - cn.bitcomet.com/bitcomet/bitcomet

Report Overview

Visited public
2025-02-06 16:55:33
Tags
URL
cn.bitcomet.com/bitcomet/bitcomet_setup.exe
Finishing URL
about:privatebrowsing
IP / ASN
65.108.248.80
#24940 Hetzner Online GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cn.bitcomet.com	unknown	2003-11-06	2012-08-07	2025-02-04	425 B	504 B	65.108.248.80
d2sygg5bhr8vd2.cloudfront.net	unknown	2008-04-25	2024-11-19	2025-02-05	530 B	2.6 MB	54.230.241.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
d2sygg5bhr8vd2.cloudfront.net/installer/998370/17093943558841346
IP
54.230.241.184
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
Size
2.6 MB (2576472 bytes)
Hash
ade27bbb11fc74cc87b3a015dba51bd2
f466d5f6fb49f0acf11954e1b9a4256ecb5c46e4
2c29492054acf6ce7ed255f137dce5d6806bd7e90dbaac82f1a838f90a6fa143

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 21/72

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

cn.bitcomet.com/bitcomet/bitcomet_setup.exe

65.108.248.80

302 Found

3 B

URL User Request GET HTTP/1.1
cn.bitcomet.com/bitcomet/bitcomet_setup.exe
IP
65.108.248.80:80
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with no line terminators
Size
3 B (3 bytes)
Hash
ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

HTTP Headers

GET /bitcomet/bitcomet_setup.exe HTTP/1.1
Host: cn.bitcomet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 06 Feb 2025 16:55:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://d2sygg5bhr8vd2.cloudfront.net/installer/998370/17093943558841346
X-Geo: NO
X-Geo3: NOR
Strict-Transport-Security: max-age=15768000; preload;
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

d2sygg5bhr8vd2.cloudfront.net/installer/998370/17093943558841346

54.230.241.184

200 OK

2.6 MB

URL User Request GET HTTP/2
d2sygg5bhr8vd2.cloudfront.net/installer/998370/17093943558841346
IP
54.230.241.184:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
Size
2.6 MB (2576472 bytes)
Hash
ade27bbb11fc74cc87b3a015dba51bd2
f466d5f6fb49f0acf11954e1b9a4256ecb5c46e4
2c29492054acf6ce7ed255f137dce5d6806bd7e90dbaac82f1a838f90a6fa143

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 21/72

HTTP Headers

GET /installer/998370/17093943558841346 HTTP/1.1
Host: d2sygg5bhr8vd2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 2576472
access-control-allow-origin: *
cache-control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
content-disposition: attachment; filename="bitcomet_setup.exe"; filename*=UTF-8''bitcomet_setup.exe
content-transfer-encoding: binary
date: Thu, 06 Feb 2025 16:55:03 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: public
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: W97mkyronYHjCNw6F1HU1m_pNmou0R05V9sAMl--DkJfsz7RDLgt4w==
age: 0
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers