Report Overview
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
heko.ro | unknown | 2013-04-17 | 2020-03-11 | 2022-11-16 | 478 B | 807 B | 91.213.11.32 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-05-05 | medium | heko.ro/Autodesk.exe.zip | Detects suspicious tiny ZIP files with phishing attachment characteristics |
2024-05-05 | medium | heko.ro/Autodesk.exe.zip | Detects suspicius tiny ZIP files with malicious lnk files |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-05-05 | medium | heko.ro | Sinkholed |
ThreatFox
No alerts detected
Files detected
URL
heko.ro/Autodesk.exe.zip
IP
91.213.11.32
ASN
#49468 Magit'st Srl
File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
561 B (561 bytes)
Hash
a44ff21d11222945916645798726c63d
dc0f9b646019f022511ad09730de66b53fcb6c3c
Archive (1)
Filename | Md5 | File type | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Autodesk.exe.lnk | faa7b30b9ff9331bc7b2a742f2997978
| MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=188, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public InfoSec YARA rules | malware | Identifies PowerShell artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies download artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public Nextron YARA rules | malware | Detects suspicious tiny ZIP files with phishing attachment characteristics |
YARAhub by abuse.ch | malware | Detects suspicius tiny ZIP files with malicious lnk files |
VirusTotal | malicious |
JavaScript (0)
No Javascripts found
No Javascripts found
No Javascripts found
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
heko.ro/Autodesk.exe.zip | 91.213.11.32 | 561 B | |||||||||||||||||
Detections
HTTP Headers
| |||||||||||||||||||