Report Overview

  1. Submitted URL

    www.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=

  2. IP

    199.58.116.130

    ASN

    #33007 KWIC-AS

  3. Submitted

    2023-11-01 04:26:16

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  1. urlquery

    0

  2. Network Intrusion Detection

    2

  3. Threat Detection Systems

    3

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
ocsp.godaddy.com6981999-03-022012-05-202023-10-31
www.rs.kwic.comunknown1995-09-082022-09-072023-10-27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
high 199.58.116.130Client IP
low 199.58.116.130Client IP

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
mediumwww.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected


PhishTank

No alerts detected


Fortinet's Web Filter

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    www.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=

  2. IP

    199.58.116.130

  3. ASN

    #33007 KWIC-AS

  1. File type

    PE32 executable (GUI) Intel 80386, for MS Windows\012- data

    Size

    790 kB (790064 bytes)

  2. Hash

    e1c31da0dee3552a6b95548b6c58c57b

    9b938f45144e74116e41a029f2ba28dc97e7865d

    Detections

    AnalyzerVerdictAlert
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    VirusTotalsuspicious

JavaScript (0)

HTTP Transactions (2)

URLIPResponseSize
ocsp.godaddy.com/
192.124.249.22 2.1 kB
www.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=
199.58.116.130 790 kB