Report - cabinet-salyk.com/4/client32.exe

Report Overview

Visited public
2025-02-14 02:03:00
Tags
URL
cabinet-salyk.com/4/client32.exe
Finishing URL
cabinet-salyk.com/4/client32.exe
IP / ASN
185.77.97.19
#47583 Hostinger International Limited
Title
Checking your browser before accessing. Just a moment...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cabinet-salyk.com	unknown	2025-02-04	2025-02-14	2025-02-14	2.8 kB	120 kB	91.108.103.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cabinet-salyk.com/4/client32.exe
IP
91.108.103.8
ASN
#47583 Hostinger International Limited

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
107 kB (107384 bytes)
Hash
ae09c71e813a205ab8e5d455d83949e9
ad3f40af87017b64d7c12985c9474672e1cdda5f
090103ff90780c10ef2ffa01c44982f63ee687e5c900ef368a45dede207ff8ec

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/70

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	79 B	2023-04-11	2025-05-27
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-27 19:56 Times Seen113362 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-27
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-27 19:56 Times Seen266848 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	cabinet-salyk.com/hcdn-cgi/jschallenge	ScriptElement	152 B	2025-02-14	2025-02-14
Pretty URL cabinet-salyk.com/hcdn-cgi/jschallenge IP 91.108.103.8 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-14 02:03 Last Seen2025-02-14 02:03 Times Seen1 Hash 0dd455a21b8decede87fe1779721d1d2 81e4e1a33cb56ff87d2ed791c7bc15f1f3dc3738 1d982d04befd0ed70b63ffec3d9b1f712bd98b007161bff8654cdc4ef32d840c Loading...

	cabinet-salyk.com/4/client32.exe	ScriptElement	3.8 kB	2023-11-12	2025-03-02
Pretty URL cabinet-salyk.com/4/client32.exe IP 91.108.103.8 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 02:47 Last Seen2025-03-02 02:15 Times Seen841 Hash 51e189f3bed2b8fd301208bf717f8c64 79f795884dbd9d843435bd03fc6ef3b8cfd581cd fa2fabde1d6234d341a131ca74541c707cca4eea376ddcba3f8d34de934d18a4 Loading...

HTTP Transactions (6)

URL IP Response Size

cabinet-salyk.com/4/client32.exe

91.108.103.8

403 Forbidden

2.2 kB

URL User Request GET HTTP/1.1
cabinet-salyk.com/4/client32.exe
IP
91.108.103.8:80
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /4/client32.exe HTTP/1.1
Host: cabinet-salyk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 14 Feb 2025 02:02:29 GMT
content-type: text/html
content-length: 2193
vary: Accept-Encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8b5852ada7e8240c96d7d4204bab94a7-fast-edge4
X-Firefox-Spdy: h2

cabinet-salyk.com/4/client32.exe

91.108.103.8

403 Forbidden

2.4 kB

URL User Request GET HTTP/1.1
cabinet-salyk.com/4/client32.exe
IP
91.108.103.8:80
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /4/client32.exe HTTP/1.1
Host: cabinet-salyk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 14 Feb 2025 02:02:30 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: fd77d6b8bf7938f6140a5dfb49e3e58f-fast-edge5

cabinet-salyk.com/hcdn-cgi/jschallenge

91.108.103.8

200 OK

147 B

URL GET HTTP/1.1
cabinet-salyk.com/hcdn-cgi/jschallenge
IP
91.108.103.8:80
ASN
#47583 Hostinger International Limited

Requested by
http://cabinet-salyk.com/4/client32.exe

File type
ASCII text
Size
147 B (147 bytes)
Hash
0dd455a21b8decede87fe1779721d1d2
81e4e1a33cb56ff87d2ed791c7bc15f1f3dc3738
1d982d04befd0ed70b63ffec3d9b1f712bd98b007161bff8654cdc4ef32d840c

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: cabinet-salyk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cabinet-salyk.com/4/client32.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 14 Feb 2025 02:02:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 56dcba8a37e2d38914fa0bc63b1007a7-fast-edge5
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

cabinet-salyk.com/favicon.ico

91.108.103.8

403 Forbidden

2.4 kB

URL GET HTTP/1.1
cabinet-salyk.com/favicon.ico
IP
91.108.103.8:80
ASN
#47583 Hostinger International Limited

Requested by
http://cabinet-salyk.com/4/client32.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cabinet-salyk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cabinet-salyk.com/4/client32.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 14 Feb 2025 02:02:30 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: dafeb450c99d5dad7a44b31ef3e1808d-fast-edge5

cabinet-salyk.com/hcdn-cgi/jschallenge-validate

91.108.103.8

200 OK

0 B

URL POST HTTP/1.1
cabinet-salyk.com/hcdn-cgi/jschallenge-validate
IP
91.108.103.8:80
ASN
#47583 Hostinger International Limited

Requested by
http://cabinet-salyk.com/4/client32.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: cabinet-salyk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cabinet-salyk.com/4/client32.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://cabinet-salyk.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 14 Feb 2025 02:02:33 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA3kY98KIziWXp_vqAPak_SyMnN8VBqiBVcXr2OjOLtKw5pK5nAAAAAADeAAAz7muJMqHayzHzM2sGX8YiAAAA3V1_CxqNJfnm3D-xDXswLA; Path=/; SameSite=Lax; HttpOnly
Server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8caed2027be19535c4fbac332b3a673b-fast-edge5
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

cabinet-salyk.com/4/client32.exe

91.108.103.8

200 OK

107 kB

URL User Request GET HTTP/1.1
cabinet-salyk.com/4/client32.exe
IP
91.108.103.8:80
ASN
#47583 Hostinger International Limited

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
107 kB (107384 bytes)
Hash
ae09c71e813a205ab8e5d455d83949e9
ad3f40af87017b64d7c12985c9474672e1cdda5f
090103ff90780c10ef2ffa01c44982f63ee687e5c900ef368a45dede207ff8ec

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/70

HTTP Headers

GET /4/client32.exe HTTP/1.1
Host: cabinet-salyk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cabinet-salyk.com/4/client32.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA3kY98KIziWXp_vqAPak_SyMnN8VBqiBVcXr2OjOLtKw5pK5nAAAAAADeAAAz7muJMqHayzHzM2sGX8YiAAAA3V1_CxqNJfnm3D-xDXswLA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 14 Feb 2025 02:02:33 GMT
content-type: application/x-executable
content-length: 107384
last-modified: Thu, 13 Feb 2025 21:40:17 GMT
etag: "1a378-67ae66c1-2cab9e276ee59445;;;"
platform: hostinger
panel: hpanel
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
server: hcdn
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 833adec35b85341ff23eb9316bec9457-fast-edge4
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.007
accept-ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL POST HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash