Report - dl.kardelenyazilim.com/CEF3/56.0.2924.76

Report Overview

Visited public
2024-01-07 23:59:30
Tags
URL
dl.kardelenyazilim.com/CEF3/56.0.2924.76_x86.rar
Finishing URL
about:privatebrowsing
IP / ASN
193.3.35.117
#58059 Wifiber Haberlesme Teknolojileri Ve Iletisim Hizmetleri San Ve Tic Ltd Sti
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dl.kardelenyazilim.com	unknown	2003-11-14	2016-02-25 13:12:51	2024-01-05 01:00:15	514 B	39 MB	193.3.35.117
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2024-01-07 05:09:20	523 B	6.5 kB	35.244.181.201
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2024-01-07 05:11:05	305 B	512 kB	62.115.252.113

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dl.kardelenyazilim.com/CEF3/56.0.2924.76_x86.rar
IP
193.3.35.117
ASN
#58059 Wifiber Haberlesme Teknolojileri Ve Iletisim Hizmetleri San Ve Tic Ltd Sti

File type
RAR archive data, v5
Size
39 MB (38672331 bytes)
Hash
925279caafc787fd2b57849a824e4a94
50831b730bc5d74470c53d6b9d4448b470df381a
16a9280e039d0225472304677a6835d3c19bec2973de6f98052f88c218a73bd6

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 21/60

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.113
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Archive (2)

Modified	Filename	Size	Md5	File type
2019-03-02 16:47	gmpopenh264.info	116 B	3d33cdc0b3d281e67dd52e14435dd04f	ASCII text
2019-03-02 16:47	libgmpopenh264.so	1.4 MB	b2c1253e8a09cfe03b3d7f37de12dff7	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

dl.kardelenyazilim.com/CEF3/56.0.2924.76_x86.rar

193.3.35.117

200 OK

39 MB

URL User Request GET HTTP/1.1
dl.kardelenyazilim.com/CEF3/56.0.2924.76_x86.rar
IP
193.3.35.117:443
ASN
#58059 Wifiber Haberlesme Teknolojileri Ve Iletisim Hizmetleri San Ve Tic Ltd Sti

Certificate
IssuerIsimtescil Bilisim A.S.
Subject*.kardelenyazilim.com
FingerprintD6:62:F2:0C:F5:A4:61:BD:1C:8D:8C:C0:10:1A:EE:49:3C:E9:B4:D0
ValidityFri, 08 Sep 2023 08:34:10 GMT - Sat, 07 Sep 2024 08:34:10 GMT

File type
RAR archive data, v5
Size
39 MB (38672331 bytes)
Hash
925279caafc787fd2b57849a824e4a94
50831b730bc5d74470c53d6b9d4448b470df381a
16a9280e039d0225472304677a6835d3c19bec2973de6f98052f88c218a73bd6

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 21/60

HTTP Headers

GET /CEF3/56.0.2924.76_x86.rar HTTP/1.1
Host: dl.kardelenyazilim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/octet-stream
Last-Modified: Mon, 20 Mar 2017 06:14:43 GMT
Accept-Ranges: bytes
ETag: "7f1d5d4441a1d21:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
X-Powered-By-Plesk: PleskWin
Date: Sun, 07 Jan 2024 23:59:04 GMT
Content-Length: 38672331

aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
f3d07ad945c8c3b93c223e5931b73af4
82383fa91917741b5bc5be542438e30ade7289b2
e5fdb21341b3cacfdddacd06e03606991a439ce0eba926a8b5eb267579a88429

HTTP Headers

GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 07 Jan 2024 23:59:24 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=90
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-02-08-20-06-05.chain; p384ecdsa=X093DarbI_FDyxcRqrJ7KywSmRVKr4D-SCSQQljRBwilv4GxK-nFJdZkfSZJUj_IC_plomqZSjeVV7A-JJ7rowKPbm9HlIv5oBELk-152WXicAX6xX93L5STLTWTbley
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

62.115.252.113

512 kB

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.113:0
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

HTTP Headers

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1700120294.87662
Content-Type: application/zip
X-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1
Cache-Control: public, max-age=39712
Expires: Mon, 08 Jan 2024 11:01:16 GMT
Date: Sun, 07 Jan 2024 23:59:24 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

URL

IP

ASN

File type

Size

Hash

Archive (2)

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers