Report - dl.4kdownload.com/app/4kvideodownloaderplus_1.9.2_x64

Report Overview

Visited public
2024-10-13 09:56:54
Tags
URL
dl.4kdownload.com/app/4kvideodownloaderplus_1.9.2_x64_online.exe?source=website
Finishing URL
about:privatebrowsing
IP / ASN
185.244.209.62
#199524 G-Core Labs S.A.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
e6.o.lencr.org	unknown	2020-06-29	2024-06-07	2024-10-13	326 B	729 B	23.36.77.32
dl.4kdownload.com	231179	2011-04-01	2017-11-10	2024-07-22	533 B	833 kB	185.244.209.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-10-13	medium	dl.4kdownload.com/app/4kvideodownloaderplus_1.9.2_x64_online.exe?source=website	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dl.4kdownload.com/app/4kvideodownloaderplus_1.9.2_x64_online.exe?source=website
IP
185.244.209.62
ASN
#199524 G-Core Labs S.A.

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
832 kB (832120 bytes)
Hash
9d9e115b201b6a14373bb006bdd9eecf
48fc32af6c7e114da0218c463270333b833ea387
2d2147a2206a96c7e8382251df42e2c66e1d913f222d34ff0406057b9278dd6f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

e6.o.lencr.org/

23.36.77.32

345 B

URL
e6.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
d429d204111764b89e4e93569071727e
00f6db60693df00d8fcaa6266ba2814933965083
1cc65e9d39cfad71ab11c3de5b602bd7179d4ce493696abb2732191237ac2a86

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1CC65E9D39CFAD71AB11C3DE5B602BD7179D4CE493696ABB2732191237AC2A86"
Last-Modified: Sun, 13 Oct 2024 04:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12075
Expires: Sun, 13 Oct 2024 13:17:43 GMT
Date: Sun, 13 Oct 2024 09:56:28 GMT
Connection: keep-alive

dl.4kdownload.com/app/4kvideodownloaderplus_1.9.2_x64_online.exe?source=website

185.244.209.62

200 OK

832 kB

URL User Request GET HTTP/2
dl.4kdownload.com/app/4kvideodownloaderplus_1.9.2_x64_online.exe?source=website
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerLet's Encrypt
Subjectdl.4kdownload.com
Fingerprint29:C9:0E:27:97:8D:E6:CC:BD:5B:6D:AD:3C:DE:93:61:BF:D6:F4:A1
ValidityWed, 25 Sep 2024 16:38:38 GMT - Tue, 24 Dec 2024 16:38:37 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
Size
832 kB (832120 bytes)
Hash
9d9e115b201b6a14373bb006bdd9eecf
48fc32af6c7e114da0218c463270333b833ea387
2d2147a2206a96c7e8382251df42e2c66e1d913f222d34ff0406057b9278dd6f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

HTTP Headers

GET /app/4kvideodownloaderplus_1.9.2_x64_online.exe?source=website HTTP/1.1
Host: dl.4kdownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 13 Oct 2024 09:56:28 GMT
content-type: application/octet-stream
content-length: 832120
x-amz-id-2: JNkidEvdbGfG9J04VosmQDbcXbaM0azydRn4b8JPALVgeyI6bmA+La/JeBGYJv+yPJHpS3WCr1KRyks9VPOzwA==
x-amz-request-id: S59JJ64S9MCBH2SV
last-modified: Fri, 11 Oct 2024 11:09:52 GMT
etag: "9d9e115b201b6a14373bb006bdd9eecf"
x-amz-server-side-encryption: AES256
traceparent: 00-e175a81701df52c877f2082855b50e74-be342a96005e7a36-01
x-id: osix-hw-edge-gc4
age: 168088
x-robots-tag: noindex
cache: HIT
x-cached-since: 2024-10-11T11:15:00+00:00
accept-ranges: bytes
x-id-fe: osix-hw-edge-gc4
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers