Report Overview

  1. Visited public
    2024-11-29 22:26:08
    Tags
  2. URL

    135.148.28.56:5001/VTOLPACK.exe

  3. Finishing URL

    about:privatebrowsing

  4. IP / ASN
    135.148.28.56

    #16276 OVH SAS

    Title
    about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
4

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
135.148.28.56unknownunknownNo dataNo data

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
mediumClient IP 135.148.28.56
high 135.148.28.56Client IP
medium 135.148.28.56Client IP

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium135.148.28.56:5001/VTOLPACK.exeDetects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)

OpenPhish

No alerts detected


PhishTank

No alerts detected


Mnemonic Secure DNS

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium135.148.28.56Sinkholed

ThreatFox

No alerts detected


Files detected

  1. URL

    135.148.28.56:5001/VTOLPACK.exe

  2. IP

    135.148.28.56

  3. ASN

    #16276 OVH SAS

  1. File type

    PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

    Size

    35 kB (34816 bytes)

  2. Hash

    60ad4cdb6a158a97137836e93de1d471

    cff530742f66c71e641f7f02b8e79df9825f5595

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
135.148.28.56:5001/VTOLPACK.exe
135.148.28.56200 OK35 kB