Report - dav.cloud21.jp/UsiCloud/Bin/Us1R210

Report Overview

Visited public
2023-11-28 16:47:05
Tags
URL
dav.cloud21.jp/UsiCloud/Bin/Us1R210_V3.exe
Finishing URL
about:privatebrowsing
IP / ASN
203.138.100.132
#2514 NTT PC Communications, Inc.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dav.cloud21.jp	unknown	2012-06-02	2018-05-20 23:03:49	2023-11-14 15:39:01	424 B	434 kB	203.138.100.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-28 16:46:52	high	203.138.100.132	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2023-11-28 16:46:52	high	203.138.100.132	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2023-11-28 16:46:52	low	203.138.100.132	Client IP	ET INFO Packed Executable Download
2023-11-28 16:46:53	high	203.138.100.132	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dav.cloud21.jp/UsiCloud/Bin/Us1R210_V3.exe
IP
203.138.100.132
ASN
#2514 NTT PC Communications, Inc.

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
434 kB (434176 bytes)
Hash
a260911fdacaf4f6ee6b8282326bbb29
17ce9d05626aec0207b9f65cabd477e750d47ff1
7adfda3089ca7ff0c6ca0a095c7b6364659589fb112cefee2e3d2aa1724071f2

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

dav.cloud21.jp/UsiCloud/Bin/Us1R210_V3.exe

203.138.100.132

200 OK

434 kB

URL User Request GET HTTP/1.1
dav.cloud21.jp/UsiCloud/Bin/Us1R210_V3.exe
IP
203.138.100.132:80
ASN
#2514 NTT PC Communications, Inc.

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
434 kB (434176 bytes)
Hash
a260911fdacaf4f6ee6b8282326bbb29
17ce9d05626aec0207b9f65cabd477e750d47ff1
7adfda3089ca7ff0c6ca0a095c7b6364659589fb112cefee2e3d2aa1724071f2

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/72

NIDS	Severity	Alert
suricata	low	ET INFO Packed Executable Download
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /UsiCloud/Bin/Us1R210_V3.exe HTTP/1.1
Host: dav.cloud21.jp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 16:46:48 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 11 Oct 2021 01:02:42 GMT
ETag: "160324-6a000-5ce09493e8e0a"
Accept-Ranges: bytes
Content-Length: 434176
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers