Report Overview
Visitedpublic
2023-11-01 04:26:16
Tags
Submit Tags
URL
www.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=
Finishing URL
about:privatebrowsing
IP / ASN
199.58.116.130
#33007 KWIC-AS
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Host Summary

HostRankRegisteredFirst SeenLast Seen
ocsp.godaddy.com
6981999-03-022012-05-20 21:28:572023-10-31 05:09:26
www.rs.kwic.com
unknown1995-09-082022-09-07 18:35:532023-10-27 22:28:21

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
high
199.58.116.130
Client IPET POLICY PE EXE or DLL Windows file download HTTP
low
199.58.116.130
Client IPET INFO EXE - Served Inline HTTP

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
mediumwww.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


File detected

URL
www.rs.kwic.com/as/wapi/TurboMeetingStarter.exe?role=attendee&name=&email=&meeting_id=&user_password=&meeting_password=&meeting_type=0&pass_through=&ram=1697970666&plst=
IP / ASN
199.58.116.130
#33007 KWIC-AS
File Overview
File TypePE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size790 kB (790064 bytes)
MD5e1c31da0dee3552a6b95548b6c58c57b
SHA19b938f45144e74116e41a029f2ba28dc97e7865d

Detections

AnalyzerVerdictAlert
YARAhub by abuse.chmalware
files - file ~tmp01925d3f.exe
VirusTotalsuspicious
VirusTotal - Scan result 8/70

JavaScript (0)

HTTP Transactions (2)

URLIPResponseSize