Report - www.totalcommander.ch/win/fs/cloudplugin2.90.zip

Report Overview

Visited public
2025-03-29 22:01:42
Tags
Submit Tags
URL
www.totalcommander.ch/win/fs/cloudplugin2.90.zip
Finishing URL
about:privatebrowsing
IP / ASN
88.99.192.139
#24940 Hetzner Online GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.totalcommander.ch	unknown	unknown	2014-12-10	2025-03-27	516 B	783 kB	88.99.192.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.totalcommander.ch/win/fs/cloudplugin2.90.zip
IP
88.99.192.139
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
783 kB (782704 bytes)
Hash
0c906018c873b2e15bc0fb93d79363ed
96563cf938b2f3215ee442912d5eeb3ffefba6a8
080be819edf69788ea13d0277153eafd409986d11f8c6377b048b3bd58878f9a

Archive (14)

Filename

Md5

File type

cloudplugin.wfx64

0ab5ffb4fe45f45028d16fbdc5a7534d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

waitpage.htm

56072862296ab409c2b7619b167f3497

HTML document, ASCII text, with CRLF line terminators

mime.types

7aa0647e41ff0af26084a7e36be562b5

ASCII text

pluginst.inf

f97805108439ac48cf74620c485181ec

ASCII text, with CRLF line terminators

oauthbrowser.exe

018b44397b8ae222baac522f34d6e914

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

oauthbrowser64.exe

d1fc5c5abd5c5ac5f6d7dea827c09d34

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

ReadMe.txt

5f07a859657cb65b31eb9383c42d7f3d

ASCII text, with CRLF line terminators

cloudplugin.wfx

f6903bc93053284ccb37ee0c160a8844

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

OauthBrowser2.exe

197627ac506a89b99fd943b8947e294b

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

waitpage.htm

56072862296ab409c2b7619b167f3497

HTML document, ASCII text, with CRLF line terminators

WebView2Loader.dll

60aa311c0865fa65af42aad1a9b1ba81

PE32+ executable (DLL) (console) x86-64, for MS Windows, 12 sections

OauthBrowser2.exe

1327e6fe13bd1e32a461ca15b034000c

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

waitpage.htm

56072862296ab409c2b7619b167f3497

HTML document, ASCII text, with CRLF line terminators

WebView2Loader.dll

e12389f7769a1b1d3328493518658cd0

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET www.totalcommander.ch/win/fs/cloudplugin2.90.zip

88.99.192.139

200 OK

783 kB

URL User Request GET
www.totalcommander.ch/win/fs/cloudplugin2.90.zip
IP
88.99.192.139:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecttotalcommander.ch
FingerprintA7:E0:30:B3:0B:6C:F8:53:92:8D:52:A3:55:F9:8B:65:9F:49:9B:25
ValidityTue, 04 Feb 2025 05:32:03 GMT - Mon, 05 May 2025 05:32:02 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
783 kB (782704 bytes)
Hash
0c906018c873b2e15bc0fb93d79363ed
96563cf938b2f3215ee442912d5eeb3ffefba6a8
080be819edf69788ea13d0277153eafd409986d11f8c6377b048b3bd58878f9a

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

HTTP Headers

GET /win/fs/cloudplugin2.90.zip HTTP/1.1
Host: www.totalcommander.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 29 Mar 2025 22:01:19 GMT
Content-Type: application/zip
Content-Length: 782704
Last-Modified: Thu, 08 Aug 2024 06:46:34 GMT
Connection: keep-alive
ETag: "66b469ca-bf170"
X-Powered-By: PleskLin
Strict-Transport-Security: max-age=15552000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (14)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers