Report - windows98.xf.cz/media/cccp-w9x.exe

Report Overview

Visited public
2025-04-28 14:56:30
Tags
URL
windows98.xf.cz/media/cccp-w9x.exe
Finishing URL
about:privatebrowsing
IP / ASN
185.64.219.6
#43541 VSHosting s.r.o.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
windows98.xf.cz	unknown	2005-09-26	2014-12-19	2025-02-26	920 B	5.5 MB	185.64.219.6

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-28 14:55:58	high	185.64.219.6	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
windows98.xf.cz/media/cccp-w9x.exe
IP
185.64.219.6
ASN
#43541 VSHosting s.r.o.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
Size
5.5 MB (5487133 bytes)
Hash
217789a0c399c4b52ec3dee4752f7592
315b3fcc726e9680ec1a36f34ea6cbebe3f8eccc
fdda2be8bc29095b3dacf43a510bb5b9e4d10b421f19510d4edf9d4f82ee2b2e

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

windows98.xf.cz/media/cccp-w9x.exe

185.64.219.6

403 Forbidden

9.3 kB

URL User Request GET
windows98.xf.cz/media/cccp-w9x.exe
IP
185.64.219.6:443
ASN
#43541 VSHosting s.r.o.

Certificate
IssuerLet's Encrypt
Subjectwz.cz
FingerprintF1:4C:7D:93:08:4C:83:B1:EC:6B:FD:F4:2D:F0:72:D7:05:FE:78:DD
ValidityMon, 28 Apr 2025 00:29:19 GMT - Sun, 27 Jul 2025 00:29:18 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
9.3 kB (9267 bytes)
Hash
0a6b908f49bd2d8bb13ed207b0245680
e85be7e6c99b10d44b9c38277d272d98aba93605
e8ddbaeb88b484d62bbb27a81fb77ea995a44c01abadf0041f76e909e40a6557

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /media/cccp-w9x.exe HTTP/1.1
Host: windows98.xf.cz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx
date: Mon, 28 Apr 2025 14:55:57 GMT
content-type: text/html
content-length: 9267
etag: "65a00fca-2433"
X-Firefox-Spdy: h2

windows98.xf.cz/media/cccp-w9x.exe

185.64.219.6

200 OK

5.5 MB

URL User Request GET
windows98.xf.cz/media/cccp-w9x.exe
IP
185.64.219.6:80
ASN
#43541 VSHosting s.r.o.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
Size
5.5 MB (5487133 bytes)
Hash
217789a0c399c4b52ec3dee4752f7592
315b3fcc726e9680ec1a36f34ea6cbebe3f8eccc
fdda2be8bc29095b3dacf43a510bb5b9e4d10b421f19510d4edf9d4f82ee2b2e

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /media/cccp-w9x.exe HTTP/1.1
Host: windows98.xf.cz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Apr 2025 14:55:58 GMT
Content-Type: application/octet-stream
Content-Length: 5487133
Connection: close
Last-Modified: Wed, 05 Mar 2025 05:02:46 GMT
ETag: "53ba1d-62f914cd63d0b"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (0)

HTTP Transactions (2)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers