Report - www.t-gottfried.de/download/welle201.zip

Report Overview

Visited public
2025-05-03 23:06:50
Tags
URL
www.t-gottfried.de/download/welle201.zip
Finishing URL
about:privatebrowsing
IP / ASN
78.46.2.75
#24940 Hetzner Online GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.t-gottfried.de	unknown	unknown	2025-05-03	2025-05-03	508 B	187 kB	78.46.2.75

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.t-gottfried.de/download/welle201.zip
IP
78.46.2.75
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
187 kB (186724 bytes)
Hash
ee2ae16df662e1bf8bfe12f2911a663f
25b60ac3c2a8d2165326a6dab08d022f2ac169a4
c8502559428ebf60bc7b6cf05d2d06066301b33a905cd136b1c3e869c7e41523

Archive (24)

Filename

Md5

File type

WELLE.TBD

b78ff27d5375267e0962ee27a7d3284b

data

Welle.pif

2c0cee78d567056ff07d731cac5709fe

Windows Program Information File for C:\TP\QUELL\WEL\DOWNLOAD\WELLE.EXE, directory=C:\TP\QUELL\WEL\DOWNLOAD, icon=C:\TP\QUELL\WEL\DOWNLOAD\WELLE.ICO, TrueTypeFont=Courier New

WELLE.KFG

a525c1844611041d39cf6ea331f56242

data

WELLE.ICO

a4b5bc437f0a7f4ae06c9ff8362502d1

MS Windows icon resource - 1 icon, 32x32, 16 colors

WELLE.EXE

600d327e0ad454b7671bcc0e214c6de6

MS-DOS executable, MZ for MS-DOS

PZS.DAT

d98a3b4ff32396a79516c9a8d78422ea

data

DOKU.TXT

161021b242dbd02b33eb9af450eab7c5

Non-ISO extended-ASCII text, with CRLF line terminators

DEMO_15.WEL

9b988e43c37b14694f3bb38dd0d6356b

data

DEMO_14.WEL

a2ce8ec5a48c47effa325000fe391211

data

DEMO_13.WEL

90ca980f4ecc844267a81c1fae32fa05

data

DEMO_12.WEL

2e61485dfcffde7539417ded671e7ebf

data

DEMO_11.WEL

c5eb4e1f30287f45d3cbdb8cf2cc375a

data

DEMO_10.WEL

46b3199c8180bf5d92787076ad6693b8

data

DEMO_09.WEL

e6e4b6856bd27f96b49d0d7c1fde10b0

data

DEMO_08.WEL

fd0873b7ed54e376815db7b3e9b1f259

data

DEMO_07.WEL

55e331803d0b274a8f606b467dd337bf

data

DEMO_06.WEL

de5e301336c55946a01f9ac80cb341e7

data

DEMO_05.WEL

4fb2b4e7264e7ecceab644eaf6f1242e

data

DEMO_04.WEL

d3ffd2aba61da35a25af779bc09f2e6e

data

DEMO_03.WEL

18821db9a4e0c0f4df3d7a0e8a3df14f

data

DEMO_02.WEL

81f8b5bb96f37bc97876fdc88d635c74

data

DEMO_01.WEL

1487a4e8cc044c3943899cc4a8083154

data

INTERN.DAT

7a9a2841bcb10c41062b977ba826b659

data

Doku.doc

cb16dc166b4c50f45b4246bf9ac71da5

CDFV2 Microsoft Word

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects Pickle files with dangerous c_builtins or non standard module imports. These are indicators of possible malicious intent

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.t-gottfried.de/download/welle201.zip	78.46.2.75	200 OK	187 kB
URL User Request GET www.t-gottfried.de/download/welle201.zip IP 78.46.2.75:443 ASN #24940 Hetzner Online GmbH Certificate IssuerDigiCert Inc Subjectt-gottfried.de FingerprintE3:05:96:D1:4B:28:AB:1F:62:28:16:2A:97:B3:09:17:98:D7:AF:4C ValidityFri, 18 Apr 2025 00:00:00 GMT - Fri, 17 Apr 2026 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 187 kB (186724 bytes) Hash ee2ae16df662e1bf8bfe12f2911a663f 25b60ac3c2a8d2165326a6dab08d022f2ac169a4 c8502559428ebf60bc7b6cf05d2d06066301b33a905cd136b1c3e869c7e41523 HTTP Headers `GET /download/welle201.zip HTTP/1.1 Host: www.t-gottfried.de User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK last-modified: Mon, 13 Mar 2023 10:38:42 GMT etag: "2d964-5f6c5b6ff44bb" accept-ranges: bytes content-length: 186724 content-type: application/zip date: Sat, 03 May 2025 23:06:18 GMT server: Apache X-Firefox-Spdy: h2`

www.t-gottfried.de/download/welle201.zip

78.46.2.75

200 OK

187 kB

URL User Request GET
www.t-gottfried.de/download/welle201.zip
IP
78.46.2.75:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerDigiCert Inc
Subjectt-gottfried.de
FingerprintE3:05:96:D1:4B:28:AB:1F:62:28:16:2A:97:B3:09:17:98:D7:AF:4C
ValidityFri, 18 Apr 2025 00:00:00 GMT - Fri, 17 Apr 2026 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
187 kB (186724 bytes)
Hash
ee2ae16df662e1bf8bfe12f2911a663f
25b60ac3c2a8d2165326a6dab08d022f2ac169a4
c8502559428ebf60bc7b6cf05d2d06066301b33a905cd136b1c3e869c7e41523

HTTP Headers

GET /download/welle201.zip HTTP/1.1
Host: www.t-gottfried.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 13 Mar 2023 10:38:42 GMT
etag: "2d964-5f6c5b6ff44bb"
accept-ranges: bytes
content-length: 186724
content-type: application/zip
date: Sat, 03 May 2025 23:06:18 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers