Report Overview
Visitedpublic
2024-11-29 22:26:08
Tags
Submit Tags
URL
135.148.28.56:5001/VTOLPACK.exe
Finishing URL
about:privatebrowsing
IP / ASN
135.148.28.56
#16276 OVH SAS
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Host Summary

HostRankRegisteredFirst SeenLast Seen
135.148.28.56
unknownunknownNo dataNo data

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
mediumClient IP
135.148.28.56
ET INFO Executable Download from dotted-quad Host
high
135.148.28.56
Client IPET POLICY PE EXE or DLL Windows file download HTTP
medium
135.148.28.56
Client IPET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium135.148.28.56:5001/VTOLPACK.exeDetects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)

OpenPhish

No alerts detected


PhishTank

No alerts detected


Mnemonic Secure DNS

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium135.148.28.56Sinkholed

ThreatFox

No alerts detected


File detected

URL
135.148.28.56:5001/VTOLPACK.exe
IP / ASN
135.148.28.56
#16276 OVH SAS
File Overview
File TypePE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size35 kB (34816 bytes)
MD560ad4cdb6a158a97137836e93de1d471
SHA1cff530742f66c71e641f7f02b8e79df9825f5595

Detections

AnalyzerVerdictAlert
Public Nextron YARA rulesmalware
Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize