Report - www.123dl.org/dl/setup-export-notes.exe

Report Overview

Visitedpublic

2024-12-02 01:38:28

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
dsys.b-cdn.net	unknown	2016-04-25	2024-03-11	2024-11-29	485 B	15 MB	194.242.11.186
www.123dl.org	unknown	2012-02-25	2012-07-26	2024-11-29	495 B	15 MB	172.67.188.159

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-12-02	medium	dsys.b-cdn.net/export-notes.exe	Scans presence of the found strings using the in-house brute force method

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

dsys.b-cdn.net/export-notes.exe

IP / ASN

194.242.11.186

#34989 ServeTheWorld AS

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

Size15 MB (15143072 bytes)

MD54d1e321cb52c4ec5f42eb9953dd89f50

SHA1dad628735d2f561094d478f5399e760d9ba77a73

SHA256af9a060b07739484d28b48fee69db2ed0c76f05b77ce4332d434393014fc1c57

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET dsys.b-cdn.net/export-notes.exe

194.242.11.186

200 OK

15 MB

URL

dsys.b-cdn.net/export-notes.exe

IP / ASN

194.242.11.186

#34989 ServeTheWorld AS

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

First Seen2024-12-02

Last Seen2024-12-02

Times Seen1

Size15 MB (15143072 bytes)

MD54d1e321cb52c4ec5f42eb9953dd89f50

SHA1dad628735d2f561094d478f5399e760d9ba77a73

SHA256af9a060b07739484d28b48fee69db2ed0c76f05b77ce4332d434393014fc1c57

Certificate Info

IssuerSectigo Limited

Subject*.b-cdn.net

FingerprintBD:3C:C1:59:4F:6B:71:11:98:74:F8:91:CF:28:05:2B:25:3D:C1:21

ValidityTue, 05 Nov 2024 00:00:00 GMT - Tue, 11 Nov 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method

HTTP Headers

GET /export-notes.exe HTTP/1.1
Host: dsys.b-cdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 02 Dec 2024 01:38:01 GMT
content-type: application/octet-stream
content-length: 15143072
server: BunnyCDN-NO1-830
cdn-pullzone: 2063190
cdn-uid: 69041f54-3b6e-45b9-8b6a-01c5ee462261
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Mon, 11 Mar 2024 12:28:47 GMT
cdn-storageserver: DE-637
cdn-fileserver: 587
cdn-proxyver: 1.06
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 12/02/2024 01:38:01
cdn-edgestorageid: 830
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 6f57bd6075b869b7de1a0baaee3f2bb2
cdn-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.123dl.org/dl/setup-export-notes.exe

172.67.188.159

301 Moved Permanently

15 MB

URL

www.123dl.org/dl/setup-export-notes.exe

IP / ASN

172.67.188.159

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606054

Size15 MB (15143072 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject123dl.org

FingerprintF8:0F:93:0A:79:CB:F2:27:90:2B:74:07:EA:99:F3:A1:36:C7:CD:61

ValidityMon, 07 Oct 2024 23:56:48 GMT - Sun, 05 Jan 2025 23:56:47 GMT

HTTP Headers

GET /dl/setup-export-notes.exe HTTP/1.1
Host: www.123dl.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 02 Dec 2024 01:38:01 GMT
content-type: text/html; charset=iso-8859-1
location: https://dsys.b-cdn.net/export-notes.exe
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWht3YR4r0ikmb9IDj9F22%2BwOXoxRGjyVfeoMZwOwomXf2KKaVS6c666WeAJARQU5ADSVoJbZ0ZGQf8kTaA%2FVdo%2FDkyqiQOjoBSmGFcpfNGSmDHT25LlL8DTvg42RESE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8eb798554cb5b50f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=17685&min_rtt=16451&rtt_var=5046&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3191&recv_bytes=1134&delivery_rate=262160&cwnd=254&unsent_bytes=0&cid=64e774e924ddc2db&ts=569&x=0"
X-Firefox-Spdy: h2