Report - magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit

Report Overview

Visited public
2025-01-15 09:49:45
Tags
URL
magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe
Finishing URL
about:privatebrowsing
IP / ASN
80.158.6.204
#6878 T-Systems International GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
magentacloud.de	300594	unknown	2017-02-01	2025-01-01	630 B	94 kB	80.158.22.59

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-15	medium	magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe	Detect pe file that no import table
2025-01-15	medium	magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe	Detects win.xorist.

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe
IP
80.158.22.59
ASN
#6878 T-Systems International GmbH

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
93 kB (92552 bytes)
Hash
1069785b157f9a4f9a0d40c16d1e9c39
88f788a104a86ae64b5585b9e03ddd57242dd5ca
c3200381eb73c12df04676e41dd08e040264ecd042c377f906848c9b52c49b64

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
Malpedia's yara-signator rules	malware	Detects win.xorist.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe

80.158.22.59

200 OK

93 kB

URL User Request GET HTTP/2
magentacloud.de/s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe
IP
80.158.22.59:443
ASN
#6878 T-Systems International GmbH

Certificate
IssuerDeutsche Telekom Security GmbH
Subjectmagentacloud.de
Fingerprint4A:8E:18:A2:31:78:0D:87:76:AD:E1:72:15:DC:27:7C:54:CF:14:42
ValidityFri, 15 Nov 2024 13:02:41 GMT - Wed, 19 Nov 2025 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
93 kB (92552 bytes)
Hash
1069785b157f9a4f9a0d40c16d1e9c39
88f788a104a86ae64b5585b9e03ddd57242dd5ca
c3200381eb73c12df04676e41dd08e040264ecd042c377f906848c9b52c49b64

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
Malpedia's yara-signator rules	malware	Detects win.xorist.

HTTP Headers

GET /s/BpRdCNxCwy9CRNH/download?path=/&files=DE_Office_2021_Professional_Plus_64Bit_v.exe HTTP/1.1
Host: magentacloud.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: CONSENTMGR=c1:0%7Cc3:0%7Cc7:0%7Cts:2524608000000%7Cconsent:false
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Jan 2025 09:49:20 GMT
content-type: application/x-ms-dos-executable
content-length: 3115240
content-security-policy: default-src 'self'; script-src 'self' 'nonce-L2JSSzY2ZEVVcFZoRm1PKzdTNjFlM09Bc24rd1BNVkdDNFBGWjdPb3dZbz06cEpzU21lSXpDcVVQUkRIbnUxVFBOd0xzM0F6R1pLMDJmT0NQRmNYTmt0dz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
set-cookie: oc_sessionPassphrase=a%2F%2Bq%2B0Vi0Qo8Aot5sH%2Be%2FiNdbM8e6qUJ4qI8i0XfAIjqPub%2F0vFcfe1Vb3Q2aWDoIPW%2Fb7U4taWom4QcbyFjV8j50dmpQmzI8K0bTslOpQfnbG97c83iNamFWxu7b%2FL0; path=/; secure; HttpOnly; SameSite=Lax
oc97a8ddfc96=n76amevlqqtp1k0hmlpinansgt; path=/; secure; HttpOnly; SameSite=Lax
content-disposition: attachment; filename*=UTF-8''DE_Office_2021_Professional_Plus_64Bit_v.exe; filename="DE_Office_2021_Professional_Plus_64Bit_v.exe"
content-transfer-encoding: binary
expires: 0
cache-control: must-revalidate, post-check=0, pre-check=0
strict-transport-security: max-age=15768000; includeSubDomains; preload;
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
x-upstream: nmcloud-prod1-node-f494lxlx
x-request-id: ad1db65d6f335b0f001f97a6cbed9dbb
server: elb
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers