Report Overview
- Visited public2025-03-04 02:14:48Tags
- URL
ip.0-softs.ru/InstallPack.exe?preselecteditems=teamviewer&cid=&uid=&type=ip&ga_ci=blknstl_ruopera&singleRename=1&sign=1&ga_an=&ga_cn=direct&ga_cs=isg&ga_cm=&ga_ck=isg&ga_cc=&utm_source=&utm_campaign=&utm_medium=&uagent=Mozilla/5.0+(Linux;+Android+13;+Pixel+4a+(5G)+Build/TQ2A.230505.002;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/112.0.5615.136+Mobile+Safari/537.36+GoogleApp/14.16.27.29.arm64&abs=1/
- Finishing URL
about:privatebrowsing
- IP / ASN
195.201.247.90#24940 Hetzner Online GmbH
Titleabout:privatebrowsing
Domain Summary
| Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
|---|---|---|---|---|---|---|---|
| ip.0-softs.ru | unknown | 2021-07-11 | 2022-04-10 | 2025-03-02 | 888 B | 2.8 MB | 195.201.247.90 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
| Scan Date | Severity | Indicator | Alert |
|---|---|---|---|
| 2025-03-04 | medium | ip.0-softs.ru/InstallPack.exe?preselecteditems=teamviewer&cid=&uid=&type=ip&ga_ci=blknstl_ruopera&singleRename=1&sign=1&ga_an=&ga_cn=direct&ga_cs=isg&ga_cm=&ga_ck=isg&ga_cc=&utm_source=&utm_campaign=&utm_medium=&uagent=Mozilla/5.0+(Linux;+Android+13;+Pixel+4a+(5G)+Build/TQ2A.230505.002;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/112.0.5615.136+Mobile+Safari/537.36+GoogleApp/14.16.27.29.arm64&abs=1/ | Detects suspicious SFX as used by Gamaredon group |
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
ip.0-softs.ru/InstallPack.exe?preselecteditems=teamviewer&cid=&uid=&type=ip&ga_ci=blknstl_ruopera&singleRename=1&sign=1&ga_an=&ga_cn=direct&ga_cs=isg&ga_cm=&ga_ck=isg&ga_cc=&utm_source=&utm_campaign=&utm_medium=&uagent=Mozilla/5.0+(Linux;+Android+13;+Pixel+4a+(5G)+Build/TQ2A.230505.002;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/112.0.5615.136+Mobile+Safari/537.36+GoogleApp/14.16.27.29.arm64&abs=1/
IP
195.201.247.90ASN
#24940 Hetzner Online GmbH
File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
2.8 MB (2798808 bytes)
Hash
7501d485f2602bb23f5bdd9e1c1ba45c
65020b17ac53fc7bb4a8db723220f9a2bc11a547
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Detects suspicious SFX as used by Gamaredon group |
| VirusTotal | malicious | |
| ClamAV | malicious | Win.Adware.Drivepack-9918585-1 |
JavaScript (0)
HTTP Transactions (1)
| URL | IP | Response | Size | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ip.0-softs.ru/InstallPack.exe?preselecteditems=teamviewer&cid=&uid=&type=ip&ga_ci=blknstl_ruopera&singleRename=1&sign=1&ga_an=&ga_cn=direct&ga_cs=isg&ga_cm=&ga_ck=isg&ga_cc=&utm_source=&utm_campaign=&utm_medium=&uagent=Mozilla/5.0+(Linux;+Android+13;+Pixel+4a+(5G)+Build/TQ2A.230505.002;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/112.0.5615.136+Mobile+Safari/537.36+GoogleApp/14.16.27.29.arm64&abs=1/ | 195.201.247.90 | 200 OK | 2.8 MB | |||||||||||||
Detections
HTTP Headers
| ||||||||||||||||