Report - www.gandav.de/webupdate/fpsystemcheck/prog/dirapi.dll

Report Overview

Visited public
2025-01-06 04:14:40
Tags
URL
www.gandav.de/webupdate/fpsystemcheck/prog/dirapi.dll
Finishing URL
about:privatebrowsing
IP / ASN
217.160.0.118
#8560 IONOS SE
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gandav.de	unknown	unknown	2015-09-04	2015-09-04	1.5 kB	132 kB	217.160.0.118

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-06	medium	www.gandav.de/webupdate/FPSystemcheck/prog/Dirapi.dll	Detect pe file that no import table

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.gandav.de/webupdate/FPSystemcheck/prog/Dirapi.dll
IP
217.160.0.118
ASN
#8560 IONOS SE

File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
Size
131 kB (130743 bytes)
Hash
207da1e68ad07502b77f597ef1ee1fd7
d94edd958333624ba195bf94b0e4d743dde33854
2267aa46eecacbf81b348953ab6e2ad14fbce3a1f89a820998a3e774f51afdef

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

GET www.gandav.de/webupdate/fpsystemcheck/prog/dirapi.dll

217.160.0.118

301 Moved Permanently

269 B

URL User Request GET HTTP/2
www.gandav.de/webupdate/fpsystemcheck/prog/dirapi.dll
IP
217.160.0.118:443
ASN
#8560 IONOS SE

Certificate
IssuerDigiCert Inc
Subjectwww.gandav.de
Fingerprint17:D3:D1:7B:AB:53:18:AA:64:78:E0:44:59:D4:74:D6:31:51:CF:FF
ValidityMon, 15 Jan 2024 00:00:00 GMT - Mon, 27 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
269 B (269 bytes)
Hash
fee3b9caadf5b87ba212d4ed5c46ce54
21f9662b819c35bc806ca9898a485fff0e26a334
fef8b38990689482dc9a08d974b5175228b74588f42f7e4f57f3a81c297c6019

HTTP Headers

GET /webupdate/fpsystemcheck/prog/dirapi.dll HTTP/1.1
Host: www.gandav.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html; charset=iso-8859-1
content-length: 269
location: https://www.gandav.de/webupdate/FPSystemcheck/prog/dirapi.dll
date: Mon, 06 Jan 2025 04:14:15 GMT
server: Apache
cache-control: max-age=0
expires: Mon, 06 Jan 2025 04:14:15 GMT
X-Firefox-Spdy: h2

GET www.gandav.de/webupdate/FPSystemcheck/prog/dirapi.dll

217.160.0.118

301 Moved Permanently

269 B

URL User Request GET HTTP/2
www.gandav.de/webupdate/FPSystemcheck/prog/dirapi.dll
IP
217.160.0.118:443
ASN
#8560 IONOS SE

Certificate
IssuerDigiCert Inc
Subjectwww.gandav.de
Fingerprint17:D3:D1:7B:AB:53:18:AA:64:78:E0:44:59:D4:74:D6:31:51:CF:FF
ValidityMon, 15 Jan 2024 00:00:00 GMT - Mon, 27 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
269 B (269 bytes)
Hash
156f5d434415d0bea04cd06fd46a8dcc
b97d5b51302920c7bed98a18e0c04c5ef2b70e88
4f103fdacb6d795d9d8598d0480b2b9250fc06cd916ee55ed3a955d4b2f24397

HTTP Headers

GET /webupdate/FPSystemcheck/prog/dirapi.dll HTTP/1.1
Host: www.gandav.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
content-type: text/html; charset=iso-8859-1
content-length: 269
location: https://www.gandav.de/webupdate/FPSystemcheck/prog/Dirapi.dll
date: Mon, 06 Jan 2025 04:14:16 GMT
server: Apache
cache-control: max-age=0
expires: Mon, 06 Jan 2025 04:14:16 GMT
X-Firefox-Spdy: h2

GET www.gandav.de/webupdate/FPSystemcheck/prog/Dirapi.dll

217.160.0.118

200 OK

131 kB

URL User Request GET HTTP/2
www.gandav.de/webupdate/FPSystemcheck/prog/Dirapi.dll
IP
217.160.0.118:443
ASN
#8560 IONOS SE

Certificate
IssuerDigiCert Inc
Subjectwww.gandav.de
Fingerprint17:D3:D1:7B:AB:53:18:AA:64:78:E0:44:59:D4:74:D6:31:51:CF:FF
ValidityMon, 15 Jan 2024 00:00:00 GMT - Mon, 27 Jan 2025 23:59:59 GMT

File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
Size
131 kB (130743 bytes)
Hash
207da1e68ad07502b77f597ef1ee1fd7
d94edd958333624ba195bf94b0e4d743dde33854
2267aa46eecacbf81b348953ab6e2ad14fbce3a1f89a820998a3e774f51afdef

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

HTTP Headers

GET /webupdate/FPSystemcheck/prog/Dirapi.dll HTTP/1.1
Host: www.gandav.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-msdos-program
content-length: 1495040
date: Mon, 06 Jan 2025 04:14:17 GMT
server: Apache
last-modified: Fri, 21 Dec 2012 12:47:04 GMT
etag: "16d000-4d15c3e952200"
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 05 Feb 2025 04:14:17 GMT
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers