Report - occ.server-eye.de/download/tools/SophosSetup.exe

Report Overview

Visitedpublic

2025-02-19 10:18:46

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
occ.server-eye.de	unknown	unknown	2015-05-15	2024-12-14	514 B	211 B	81.27.230.165
update.server-eye.de	500951	unknown	2017-01-30	2024-12-14	517 B	1.6 MB	104.26.11.122

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

update.server-eye.de/download/tools/SophosSetup.exe

IP / ASN

104.26.11.122

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size1.6 MB (1566648 bytes)

MD51e37eab1b0ff77dbc16656a18b25a077

SHA1bf404b4aeaa4270b68de2b7e581d9a51e9baa6ee

SHA2567364d01f2e46259699df786e680ce7842dcb22a51c826ef155b7b6b4c7aa1576

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/71

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET occ.server-eye.de/download/tools/SophosSetup.exe

81.27.230.165

302 Found

5 B

URL

occ.server-eye.de/download/tools/SophosSetup.exe

IP / ASN

81.27.230.165

#9063 VSE NET GmbH

Requested byN/A

Resource Info

File typeASCII text, with no line terminators

First Seen2023-04-05

Last Seen2025-03-01

Times Seen3982

Size5 B (5 bytes)

MD55d695cc28c6a7ea955162fbdd0ae42b9

SHA1bbba84135de6b052c2210e74e0cc5b2a9d359ddb

SHA256b0ee315f4ac6af09d05f9e6f23ffb606f3b4fec1ba897bd4315592d2a2979876

Certificate Info

IssuerDigiCert, Inc.

Subject*.server-eye.de

Fingerprint1D:52:F7:CD:EF:8A:27:65:85:91:F3:0F:75:EE:1E:DF:06:C6:A5:7B

ValidityWed, 05 Jun 2024 00:00:00 GMT - Sat, 21 Jun 2025 23:59:59 GMT

HTTP Headers

GET /download/tools/SophosSetup.exe HTTP/1.1
Host: occ.server-eye.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://update.server-eye.de/download/tools/SophosSetup.exe
content-type: text/plain; charset=utf-8
content-length: 5
date: Wed, 19 Feb 2025 10:18:16 GMT
X-Firefox-Spdy: h2

GET update.server-eye.de/download/tools/SophosSetup.exe

104.26.11.122

200 OK

1.6 MB

URL

update.server-eye.de/download/tools/SophosSetup.exe

IP / ASN

104.26.11.122

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2023-08-24

Last Seen2025-02-19

Times Seen3

Size1.6 MB (1566648 bytes)

MD51e37eab1b0ff77dbc16656a18b25a077

SHA1bf404b4aeaa4270b68de2b7e581d9a51e9baa6ee

SHA2567364d01f2e46259699df786e680ce7842dcb22a51c826ef155b7b6b4c7aa1576

Certificate Info

IssuerLet's Encrypt

Subjectserver-eye.de

FingerprintBE:24:0F:51:D6:A3:BB:95:E5:85:5D:E6:B6:A6:8E:10:A5:1F:7D:2B

ValiditySun, 29 Dec 2024 02:05:24 GMT - Sat, 29 Mar 2025 02:05:23 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/71

HTTP Headers

GET /download/tools/SophosSetup.exe HTTP/1.1
Host: update.server-eye.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 10:18:16 GMT
content-type: application/octet-stream
content-length: 1566648
last-modified: Tue, 01 Oct 2024 06:30:53 GMT
etag: "66fb971d-17e7b8"
cache-control: max-age=432000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cnLHW7QK5BZ1WrkYnOKXi7HeoyT%2FS4Z87w3J8%2FZkWy43FIyc9z7yUH3euOz3jL0W1UyqLIAzjBGdbeqcGG6SyXKe4%2BmD3GUy1ECTtvg3A8m%2B9EHq0M%2FcsIE%2F99hkHloEqm0k1Qsg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9145830ee96c569b-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=541&min_rtt=479&rtt_var=166&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2854&recv_bytes=1283&delivery_rate=4701298&cwnd=253&unsent_bytes=0&cid=39bbac9c3d91b90a&ts=203&x=0"
X-Firefox-Spdy: h2