Report - cdnroute.bpsgameserver.com/resources/mgpoker/download/betsafe/en/BetSafePokerBlack.exe?from=vg15NKpDW1720OuKgmRX__B9oWDGCBke-AX1118538173&affcode=AX1118538173

Report Overview

Visitedpublic

2024-04-29 02:17:41

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
cdnroute.bpsgameserver.com	319105	2010-12-28	2020-10-20 23:09:44	2024-04-25 23:15:06	612 B	689 kB	143.204.55.129
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2024-04-28 19:35:00	338 B	942 B	143.204.53.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

cdnroute.bpsgameserver.com/resources/mgpoker/download/betsafe/en/BetSafePokerBlack.exe?from=vg15NKpDW1720OuKgmRX__B9oWDGCBke-AX1118538173&affcode=AX1118538173

IP / ASN

143.204.55.129

#16509 AMAZON-02

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive, 4 sections

Size688 kB (688520 bytes)

MD50c857e8dcd9320473d74dd250cc673bf

SHA116e31ef417b68cd2e09d650eefd8fff5aa86a07c

SHA2564aa3291bc1247c047f94d3733ecb75a6bf11d1563aac407ded654067e9727f17

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 12/68

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL

ocsp.r2m03.amazontrust.com/

IP / ASN

143.204.53.97

#16509 AMAZON-02

Requested byN/A

Resource Info

File typedata

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size471 B (471 bytes)

MD53e18987de26eb24694e57a0bba69a05a

SHA155d9bdec0cf9bf731544a82ca9067ed5beea6ccc

SHA256ab906fb9ca7647cd06cc9dd6e1d482b8f945081be51ef4bcd4464dbfe9fa2b32

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 29 Apr 2024 02:17:16 GMT
Last-Modified: Mon, 29 Apr 2024 01:44:18 GMT
Server: ECAcc (amb/6BDA)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DNtry0BnZ9h2619FO-ZjymTFdIf89AwevJp8Zwhu-rsXcRDxpKu9Sg==
Age: 1978

GET cdnroute.bpsgameserver.com/resources/mgpoker/download/betsafe/en/BetSafePokerBlack.exe?from=vg15NKpDW1720OuKgmRX__B9oWDGCBke-AX1118538173&affcode=AX1118538173

143.204.55.129

200 OK

688 kB

URL

cdnroute.bpsgameserver.com/resources/mgpoker/download/betsafe/en/BetSafePokerBlack.exe?from=vg15NKpDW1720OuKgmRX__B9oWDGCBke-AX1118538173&affcode=AX1118538173

IP / ASN

143.204.55.129

#16509 AMAZON-02

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive, 4 sections

First Seen2023-06-25

Last Seen2024-08-21

Times Seen181

Size688 kB (688520 bytes)

MD50c857e8dcd9320473d74dd250cc673bf

SHA116e31ef417b68cd2e09d650eefd8fff5aa86a07c

SHA2564aa3291bc1247c047f94d3733ecb75a6bf11d1563aac407ded654067e9727f17

Certificate Info

IssuerAmazon

Subject*.bpsgameserver.com

FingerprintD1:2C:F1:F7:A2:7F:52:E0:4E:D2:AF:89:10:78:B2:A4:8F:4B:4C:BF

ValiditySun, 28 Apr 2024 00:00:00 GMT - Tue, 27 May 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 12/68

HTTP Headers

GET /resources/mgpoker/download/betsafe/en/BetSafePokerBlack.exe?from=vg15NKpDW1720OuKgmRX__B9oWDGCBke-AX1118538173&affcode=AX1118538173 HTTP/1.1
Host: cdnroute.bpsgameserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-msdos-program
content-length: 688520
date: Mon, 29 Apr 2024 02:17:15 GMT
server: Apache/2.4.34 (Ubuntu)
last-modified: Fri, 13 Jul 2012 13:50:55 GMT
etag: "a8188-4c4b65e7a2dc0"
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: d2tBKKzUF0szUBx_FGWQ8wyzSF9VvOpvpdgw3OURTP3ASlPUHjmZ7A==
X-Firefox-Spdy: h2