Report - ooddoo.top/abc/14.exe

Report Overview

Visitedpublic

2024-12-29 14:57:29

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
ooddoo.top	unknown	2024-12-28	2024-12-29	2024-12-29	1.1 kB	2.9 MB	104.21.81.224

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-29 14:57:07	medium	Client IP	104.21.81.224	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ooddoo.top/abc/14.exe

IP / ASN

172.67.165.100

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 9 sections

Size2.9 MB (2850624 bytes)

MD5b101df899b0999ed03cadb668dfb0490

SHA15888ddea84f158f39842028b1b91f3ba3dc3ed3c

SHA256b966a402b793fa37bcba323dcc3755075cbd6267eeabbc4ae8a1eab629b471c0

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ooddoo.top/

104.21.81.224

301 Moved Permanently

167 B

URL HTTPS

ooddoo.top/

IP / ASN

104.21.81.224

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-03-02

Times Seen190492

Size167 B (167 bytes)

MD50104c301c5e02bd6148b8703d19b3a73

SHA17436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: ooddoo.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 29 Dec 2024 14:57:07 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 29 Dec 2024 15:57:07 GMT
Location: https://ooddoo.top/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idQLwvYZSvT%2BT2hoO8KHruey%2B153xhDPCwf8vnSDwwP2FTnegegJMpgtMVbl%2BUk1PBisJhDKOJ81I32nZ6o1HP1O8jvRerIZ3FWlrTtri32c4%2BZ58ZTzPwmknbHs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8f9aa403d8c95684-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=529&min_rtt=529&rtt_var=264&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=263&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

ooddoo.top/

104.21.81.224

403 Forbidden

7.5 kB

URL HTTPS

ooddoo.top/

IP / ASN

104.21.81.224

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ISO-8859 text, with very long lines (945), with CRLF line terminators

First Seen2024-12-29

Last Seen2024-12-29

Times Seen1

Size7.5 kB (7483 bytes)

MD5bff13767a717802d3f6e77099b582548

SHA1190b4f86c21972152a11d0921626c694a607fbc4

SHA2568cd590c911307267c889e0d3242f1f00c4802ea2569233379fa55d664f7458d4

Detections

Analyzer	Verdict	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: ooddoo.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 29 Dec 2024 14:57:15 GMT
content-type: text/html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ISxgMkrNBH9%2FWVbOOnwy7XYIoKwfrw4MwkkXfQxUZzzi2CVRXtq3akoGxSAv2d7kAybDtKfZG9gjIY6BWtIZacdNVI5QzJETbgLZOdS7Uuk05ReNLTokMerR4K41"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f9aa40409335688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=645&min_rtt=447&rtt_var=220&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3248&recv_bytes=1143&delivery_rate=7325463&cwnd=253&unsent_bytes=0&cid=20f81cf0f7108797&ts=8194&x=0"
X-Firefox-Spdy: h2

GET ooddoo.top/abc/14.exe

172.67.165.100

200 OK

2.9 MB

URL User Request GET HTTPS

ooddoo.top/abc/14.exe

IP / ASN

172.67.165.100

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 9 sections

First Seen2024-12-29

Last Seen2024-12-29

Times Seen1

Size2.9 MB (2850624 bytes)

MD5b101df899b0999ed03cadb668dfb0490

SHA15888ddea84f158f39842028b1b91f3ba3dc3ed3c

SHA256b966a402b793fa37bcba323dcc3755075cbd6267eeabbc4ae8a1eab629b471c0

Certificate Info

IssuerGoogle Trust Services

Subjectooddoo.top

FingerprintF9:F7:C5:22:BB:6A:FD:E6:D9:FA:30:11:0C:88:D6:0B:EF:A5:E2:D4

ValiditySat, 28 Dec 2024 12:37:36 GMT - Fri, 28 Mar 2025 13:26:56 GMT

HTTP Headers

GET /abc/14.exe HTTP/1.1
Host: ooddoo.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 29 Dec 2024 14:57:20 GMT
content-type: application/octet-stream
content-length: 2850624
last-modified: Sun, 29 Dec 2024 14:22:35 GMT
etag: "19a8f1bfd59db1:0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ho4PEP00DWIoeJIFoskRvxZIUqJ21oWpDRAGrHI%2Brq27XcjhnCfYHl4a76%2BcZMly09V1XeMFwFF5gmD%2FA7k8JfmhNG1nVXVWEyWCCWow60K1raTmUhq2XYyMGDUc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f9aa3f16d64b4f9-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="MISS", cfL4;desc="?proto=TCP&rtt=6410&min_rtt=484&rtt_var=11843&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1243&delivery_rate=6571860&cwnd=254&unsent_bytes=0&cid=35bc76254829b0d2&ts=16500&x=0"
X-Firefox-Spdy: h2