Report - www.checkmal.com/download/AppCheckSetup.exe

Report Overview

Submitted URL
www.checkmal.com/download/AppCheckSetup.exe
IP
52.78.76.217
ASN
#16509 AMAZON-02
Submitted
2023-06-06 05:58:37
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-06-06	660 B	1.9 kB	104.18.14.101
www.checkmal.com	761444	2015-03-23	2015-10-29	2023-06-03	499 B	15 MB	52.78.76.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-06 05:58:17	medium	Client IP	52.78.76.217	ET INFO Observed CheckMal AV/Anti-Ransomware Domain (www .checkmal .com in TLS SNI)
2023-06-06 05:58:17	medium	Client IP	52.78.76.217	ET INFO Observed CheckMal AV/Anti-Ransomware Domain (www .checkmal .com in TLS SNI)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.checkmal.com/download/AppCheckSetup.exe
IP
52.78.76.217
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\012- data
Size
15 MB (14604656 bytes)
Hash
d51c5579636d791c64f16f28650dd1d4
e5c34665ad0fb38743cb52d25902aa8b1d8c572b
92bc3aae02081ff84326a2ae7d4ca14f237fa26c173eda12b3ecaf7f3b8887f2

Detections

Analyzer	Verdict	Alert
VirusTotal	0/67	VirusTotal -

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.sectigo.com/

104.18.14.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
5193c14b74cf82039fffed6c44e3c280
a7fa6c8a097fa22e15faeee6c5e9337b01b16e63
33ea6084068a6b3759ead7305d8e0615dbff41b106bdc793513778a44cc8020d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 05:58:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Jun 2023 14:20:45 GMT
Expires: Mon, 12 Jun 2023 14:20:44 GMT
Etag: "a7fa6c8a097fa22e15faeee6c5e9337b01b16e63"
Cache-Control: max-age=548061,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d2e6c3d7a7eb4f9-OSL

ocsp.sectigo.com/

104.18.14.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
5193c14b74cf82039fffed6c44e3c280
a7fa6c8a097fa22e15faeee6c5e9337b01b16e63
33ea6084068a6b3759ead7305d8e0615dbff41b106bdc793513778a44cc8020d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 05:58:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Jun 2023 14:20:45 GMT
Expires: Mon, 12 Jun 2023 14:20:44 GMT
Etag: "a7fa6c8a097fa22e15faeee6c5e9337b01b16e63"
Cache-Control: max-age=547945,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d2e6c3eb9a40b3d-OSL

www.checkmal.com/download/AppCheckSetup.exe

52.78.76.217

200 OK

15 MB

URL User Request GET HTTP/1.1
www.checkmal.com/download/AppCheckSetup.exe
IP
52.78.76.217:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectwww.checkmal.com
Fingerprint75:20:E3:48:B4:8F:7E:B9:11:3A:B5:E4:3B:96:37:3B:D6:3A:4F:7B
ValidityMon, 19 Sep 2022 00:00:00 GMT - Fri, 20 Oct 2023 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\012- data
Size
15 MB (14604656 bytes)
Hash
d51c5579636d791c64f16f28650dd1d4
e5c34665ad0fb38743cb52d25902aa8b1d8c572b
92bc3aae02081ff84326a2ae7d4ca14f237fa26c173eda12b3ecaf7f3b8887f2

Detections

Analyzer	Verdict	Alert
VirusTotal	0/67	VirusTotal -

HTTP Headers

GET /download/AppCheckSetup.exe HTTP/1.1
Host: www.checkmal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Jun 2023 05:58:18 GMT
Content-Type: application/octet-stream
Content-Length: 14604656
Last-Modified: Wed, 16 Nov 2022 04:04:25 GMT
Connection: keep-alive
ETag: "63746149-ded970"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers