Report Overview
Visitedpublic
2024-11-29 22:26:08
Tags
Submit Tags
URL
135.148.28.56:5001/VTOLPACK.exe
Finishing URL
about:privatebrowsing
IP / ASN
135.148.28.56
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
135.148.28.56 2 alert(s) on this Host | unknown | unknown | No data | No data | 401 B | 35 kB | 135.148.28.56 |
Related reports
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2024-11-29 | medium | 135.148.28.56:5001/VTOLPACK.exe | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) |
OpenPhish
No alerts detected
PhishTank
No alerts detected
Mnemonic Secure DNS
No alerts detected
Quad9 DNS
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2024-11-29 | medium | 135.148.28.56 | Sinkholed |
ThreatFox
No alerts detected
File detected
URL
135.148.28.56:5001/VTOLPACK.exe
IP / ASN
135.148.28.56
File Overview
File TypePE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size35 kB (34816 bytes)
MD560ad4cdb6a158a97137836e93de1d471
SHA1cff530742f66c71e641f7f02b8e79df9825f5595
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) |
JavaScript (0)
No JavaScripts
HTTP Transactions (1)
| URL | IP | Response | Size |
|---|