Report - dl.4kdownload.com/app/4kimagecompressor_1.1.0

Report Overview

Visitedpublic

2023-12-11 02:05:55

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
dl.4kdownload.com	231179	2011-04-01	2017-11-10 15:57:23	2023-12-09 15:50:19	537 B	953 kB	185.244.209.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	dl.4kdownload.com/app/4kimagecompressor_1.1.0_online.exe?source=website	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

dl.4kdownload.com/app/4kimagecompressor_1.1.0_online.exe?source=website

IP / ASN

185.244.209.62

#58286 Electric-IT Business S.R.L.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows - data

Size952 kB (952504 bytes)

MD5e9150887c9540de40387d6d98ae12703

SHA1c7ed2c4c9b750d9301a5d8c16300406570ae6cef

SHA2560f5b87262917719961e47caec1186509bfc82166d695d755a696a2be804221b2

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET dl.4kdownload.com/app/4kimagecompressor_1.1.0_online.exe?source=website

185.244.209.62

200 OK

952 kB

URL

dl.4kdownload.com/app/4kimagecompressor_1.1.0_online.exe?source=website

IP / ASN

185.244.209.62

#58286 Electric-IT Business S.R.L.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows - data

First Seen2023-11-16

Last Seen2024-08-20

Times Seen26

Size952 kB (952504 bytes)

MD5e9150887c9540de40387d6d98ae12703

SHA1c7ed2c4c9b750d9301a5d8c16300406570ae6cef

SHA2560f5b87262917719961e47caec1186509bfc82166d695d755a696a2be804221b2

Certificate Info

IssuerLet's Encrypt

Subjectdl.4kdownload.com

FingerprintC2:D4:89:38:AE:AE:D0:60:37:F3:7C:F5:74:CA:FF:E9:26:D7:2D:77

ValidityThu, 30 Nov 2023 19:39:07 GMT - Wed, 28 Feb 2024 19:39:06 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

HTTP Headers

GET /app/4kimagecompressor_1.1.0_online.exe?source=website HTTP/1.1
Host: dl.4kdownload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 02:05:30 GMT
content-type: application/x-msdownload
content-length: 952504
x-amz-id-2: rDToW7dm7d6+1wOXgCd0GmjtWZkn+UaCXwRplg6HoLZxgZCfJvGA+vD2zq9gU5HbTBTEwQcXRzQ=
x-amz-request-id: 8R94YG3356C7PY0R
last-modified: Thu, 09 Nov 2023 15:59:57 GMT
etag: "e9150887c9540de40387d6d98ae12703"
x-amz-server-side-encryption: AES256
traceparent: 00-12bf32684a10f3207ca1f110b59c241a-d8533b2db3833bc3-01
x-id: osix-hw-edge-gc4
x-robots-tag: noindex,nofollow
cache: MISS
accept-ranges: bytes
x-id-fe: osix-hw-edge-gc4
X-Firefox-Spdy: h2