Report - b.catgirlsare.sexy/scY8Et5hMdq9.exe

Report Overview

Visited public
2024-09-09 22:26:40
Tags
URL
b.catgirlsare.sexy/scY8Et5hMdq9.exe
Finishing URL
about:privatebrowsing
IP / ASN
104.21.35.228
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-08 18:13:16	1.3 kB	3.6 kB	23.33.119.27
b.catgirlsare.sexy	unknown	2023-04-30	2016-06-22 09:14:41	2024-04-15 20:34:36	489 B	641 kB	104.21.35.228
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-08 18:18:24	327 B	887 B	23.33.119.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-09-09	medium	b.catgirlsare.sexy/scY8Et5hMdq9.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
b.catgirlsare.sexy/scY8Et5hMdq9.exe
IP
104.21.35.228
ASN
#13335 CLOUDFLARENET

File type
PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
Size
640 kB (640000 bytes)
Hash
b1c63c12de6131dabd104707485758f3
5d4ab043a67eeb7120872b5998e3452d6ecac7bf
bc9250f57748acce502a30d2488bb0efad7f0eee1d10d2d839d4f56d8b86beab

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/72

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
85b35ef8e54cfd751670f6a6d56541bd
162e94ccf2a785ea99c41f45c3a76815a2f8ae5f
3f59c24a6538550f52a4c9b39d9f57b023c9d44d50a846e742b763f74dfc179d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3F59C24A6538550F52A4C9B39D9F57B023C9D44D50A846E742B763F74DFC179D"
Last-Modified: Sun, 08 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5313
Expires: Mon, 09 Sep 2024 23:54:47 GMT
Date: Mon, 09 Sep 2024 22:26:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80f3aada09a34a0d6e43e77f160ac485
8feee259be181420c2c17ccb3d81ce9bc980b577
cccc9314ca2d07fb6a2a5d91a8d7b37f16fd78a5d14b0e6a27de0df82e47f1f3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CCCC9314CA2D07FB6A2A5D91A8D7B37F16FD78A5D14B0E6A27DE0DF82E47F1F3"
Last-Modified: Sat, 07 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19880
Expires: Tue, 10 Sep 2024 03:57:34 GMT
Date: Mon, 09 Sep 2024 22:26:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
68947424372edfcda7c1609aafc81154
ccc0889b1f048816a1e87783c576457408413ea7
a05cdbbe566f996d3a5c23fae87b41cf39b35004089da526a83a07180308f6f6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A05CDBBE566F996D3A5C23FAE87B41CF39B35004089DA526A83A07180308F6F6"
Last-Modified: Sat, 07 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4799
Expires: Mon, 09 Sep 2024 23:46:14 GMT
Date: Mon, 09 Sep 2024 22:26:15 GMT
Connection: keep-alive

b.catgirlsare.sexy/scY8Et5hMdq9.exe

104.21.35.228

200 OK

640 kB

URL User Request GET HTTP/2
b.catgirlsare.sexy/scY8Et5hMdq9.exe
IP
104.21.35.228:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcatgirlsare.sexy
Fingerprint13:D6:C8:56:24:EA:83:5F:D1:4B:34:84:DA:20:8B:DA:A4:6C:E0:7E
ValidityWed, 14 Aug 2024 17:51:13 GMT - Tue, 12 Nov 2024 17:51:12 GMT

File type
PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
Size
640 kB (640000 bytes)
Hash
b1c63c12de6131dabd104707485758f3
5d4ab043a67eeb7120872b5998e3452d6ecac7bf
bc9250f57748acce502a30d2488bb0efad7f0eee1d10d2d839d4f56d8b86beab

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/72

HTTP Headers

GET /scY8Et5hMdq9.exe HTTP/1.1
Host: b.catgirlsare.sexy
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 09 Sep 2024 22:26:15 GMT
content-type: application/vnd.microsoft.portable-executable
content-length: 640000
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-disposition: attachment; filename="Injector64.exe"
etag: scY8Et5hMdq9EEcHSFdY8w==
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VXk6LR0Ak%2B5OdszleKAFIx%2FSEOHzuz%2BStbJ2NdJDZfnFfXirOi1T2PMM19UzvTALAxouJSrPu1oOpPpEpVmXdZ0QgfK1wQdjNiJM6l66vipJ6IEhFiClH6K5lafbazxESK%2Fo8fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c0a994db8a07127-OSL
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f2ca0b1356d3a4726b2584b305c67002
de39fbd751a2e933ca34fc5f03ce213747bd2188
ab157104ff1a8239aa7f2285995c9f30cc84bcf9e87e3f6d5bf0d5197c720922

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AB157104FF1A8239AA7F2285995C9F30CC84BCF9E87E3F6D5BF0D5197C720922"
Last-Modified: Sat, 07 Sep 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13848
Expires: Tue, 10 Sep 2024 02:17:03 GMT
Date: Mon, 09 Sep 2024 22:26:15 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5c3fba1109521084ef7ba1930038c708
da167832736b19cff2200b7ee2c62f0e2cd4ceeb
170cddf1a28716b552d327083819d646261191483dec007a25da4d86ffa36bc9

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "170CDDF1A28716B552D327083819D646261191483DEC007A25DA4D86FFA36BC9"
Last-Modified: Sat, 07 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5800
Expires: Tue, 10 Sep 2024 00:02:57 GMT
Date: Mon, 09 Sep 2024 22:26:17 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers