Report - ksptools.ca/Public/Utilities/Revo%20Uninstaller/RevoUn.exe

Report Overview

Visited public
2025-01-21 14:01:55
Tags
Submit Tags
URL
ksptools.ca/Public/Utilities/Revo%20Uninstaller/RevoUn.exe
Finishing URL
about:privatebrowsing
IP / ASN
204.11.51.228
#30176 AS-PRIORITYCOLO
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ksptools.ca	unknown	2016-06-22	2017-07-04	2025-01-16	690 B	15 MB	204.11.51.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-21 14:01:33	high	204.11.51.228	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ksptools.ca/Public/Utilities/Revo%20Uninstaller/RevoUn.exe
IP
204.11.51.228
ASN
#30176 AS-PRIORITYCOLO

File type
PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
Size
15 MB (15128832 bytes)
Hash
dcf9c35c8dcfb6e4d90bfe97ac1a2b92
1b15760c97b292dcc891fcb0624819dfa7a66135
affb9421aa7bc562616fe0793cdb454925640ccff027ca8350e6a06b3f24c4b9

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ksptools.ca/

204.11.51.228

200 OK

746 B

URL
ksptools.ca/
IP
204.11.51.228:0
ASN
#30176 AS-PRIORITYCOLO

File type
HTML document, ASCII text, with very long lines (659), with CRLF line terminators
Size
746 B (746 bytes)
Hash
ac6324a784b3ed72d3ad4cd9fb3ef1c1
feaf003763d20b53b1b9432d0444ae0720476820
300e8de244d0d92cba931e47ae061298ac8b534ced6100ef7833415114b8dd9e

HTTP Headers

GET / HTTP/1.1
Host: ksptools.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 21 Jan 2025 14:01:32 GMT
Content-Length: 746

GET ksptools.ca/Public/Utilities/Revo%20Uninstaller/RevoUn.exe

204.11.51.228

200 OK

15 MB

URL User Request GET HTTP/1.1
ksptools.ca/Public/Utilities/Revo%20Uninstaller/RevoUn.exe
IP
204.11.51.228:80
ASN
#30176 AS-PRIORITYCOLO

File type
PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
Size
15 MB (15128832 bytes)
Hash
dcf9c35c8dcfb6e4d90bfe97ac1a2b92
1b15760c97b292dcc891fcb0624819dfa7a66135
affb9421aa7bc562616fe0793cdb454925640ccff027ca8350e6a06b3f24c4b9

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /Public/Utilities/Revo%20Uninstaller/RevoUn.exe HTTP/1.1
Host: ksptools.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Tue, 06 Jun 2023 15:33:48 GMT
Accept-Ranges: bytes
ETag: "0567e498c98d91:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 21 Jan 2025 14:01:32 GMT
Content-Length: 15128832

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers