Report - cpe90-146-215-59.liwest.at/photo.scr

Report Overview

Visited public
2024-07-05 19:52:31
Tags
URL
cpe90-146-215-59.liwest.at/photo.scr
Finishing URL
about:privatebrowsing
IP / ASN
90.146.215.59
#12605 LIWEST Kabelmedien GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-04 18:12:36	2.3 kB	6.2 kB	23.36.77.32
cpe90-146-215-59.liwest.at	unknown	unknown	No data	No data	683 B	181 kB	90.146.215.59

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-05 19:52:09	high	Client IP	90.146.215.59	URLhaus Known malware download URL detected (2911201)
2024-07-05 19:52:09	low	Client IP	90.146.215.59	ET HUNTING HTTP request for resource ending in .scr
2024-07-05 19:52:09	high	90.146.215.59	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-05	medium	cpe90-146-215-59.liwest.at/photo.scr	Detects mining pool protocol string in Executable

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cpe90-146-215-59.liwest.at/photo.scr
IP
90.146.215.59
ASN
#12605 LIWEST Kabelmedien GmbH

File type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
Size
180 kB (180224 bytes)
Hash
03364eb9ea6170328d51511d7639ba26
8523e4e64f54fc76588c0c8f58cd498ea2154858
23ff85e463672b3939302e967aae890e4ef7f489d9fc434fdfdc62f4f0995eb6

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
VirusTotal	malicious	VirusTotal - Scan result 59/73

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f63e8d9e64abf0e5b2784ca051160e84
d15d17504ed5c584ba42145060cf745fdb41c1d0
652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB"
Last-Modified: Fri, 05 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5441
Expires: Fri, 05 Jul 2024 21:22:47 GMT
Date: Fri, 05 Jul 2024 19:52:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e9a839fbbf2a5bc4f1a01cd5fca04d5e
ff4396bb2dcc9211b70f2e3266720172ee2ce085
3bb2a3698d452f1de2ff4f283a89fc427d9fe01c02ad968f215bee1834b1c1e3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3BB2A3698D452F1DE2FF4F283A89FC427D9FE01C02AD968F215BEE1834B1C1E3"
Last-Modified: Thu, 04 Jul 2024 15:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16469
Expires: Sat, 06 Jul 2024 00:26:35 GMT
Date: Fri, 05 Jul 2024 19:52:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
508d0867e7982df7cfa6ad58e05ce470
6f4e15b94e527d02e8dd38f8b69b493cfae84c56
376a5286b71a4a7e90b3eece9b39480f50435d5ef3c7793828481f590d04bc77

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "376A5286B71A4A7E90B3EECE9B39480F50435D5EF3C7793828481F590D04BC77"
Last-Modified: Thu, 04 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8060
Expires: Fri, 05 Jul 2024 22:06:26 GMT
Date: Fri, 05 Jul 2024 19:52:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
223ffc40cc96a2aa59687065c089ccfc
6bc7fa694691bdca752335ecf0f7268bf2c908d5
1a1d7236b0738f65d98e772f67be883f477ac175767f971800a6bb3997399811

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A1D7236B0738F65D98E772F67BE883F477AC175767F971800A6BB3997399811"
Last-Modified: Thu, 04 Jul 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8206
Expires: Fri, 05 Jul 2024 22:08:52 GMT
Date: Fri, 05 Jul 2024 19:52:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2786
Expires: Fri, 05 Jul 2024 20:38:34 GMT
Date: Fri, 05 Jul 2024 19:52:08 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2786
Expires: Fri, 05 Jul 2024 20:38:34 GMT
Date: Fri, 05 Jul 2024 19:52:08 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20f6da3946882ea83e1d78dfaedbf953
1a8f214ff6a98dae0e57244bac88b6721452a40c
a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27"
Last-Modified: Wed, 03 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2786
Expires: Fri, 05 Jul 2024 20:38:34 GMT
Date: Fri, 05 Jul 2024 19:52:08 GMT
Connection: keep-alive

cpe90-146-215-59.liwest.at/

90.146.215.59

398 B

URL
cpe90-146-215-59.liwest.at/
IP
90.146.215.59:0
ASN
#12605 LIWEST Kabelmedien GmbH

File type
HTML document, ASCII text, with CRLF line terminators
Size
398 B (398 bytes)
Hash
bf2aa9c0ebd5e464d7a87bda0be3e88c
4e223dc22658081262b9476277904f7ec7542ed3
128539efe92a94180569c3e28a7d91c3b0bd55d33958fb5952d8d90507418477

HTTP Headers

GET / HTTP/1.1
Host: cpe90-146-215-59.liwest.at
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Fri, 05 Jul 2024 19:53:21 GMT
Connection: keep-alive
Server: Microsoft-WinCE/6.00
Last-Modified: Tue, 31 Jan 2017 03:21:38 GMT
Content-Type: text/html
Content-Length: 398

cpe90-146-215-59.liwest.at/photo.scr

90.146.215.59

200 OK

180 kB

URL User Request GET HTTP/1.0
cpe90-146-215-59.liwest.at/photo.scr
IP
90.146.215.59:80
ASN
#12605 LIWEST Kabelmedien GmbH

File type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections
Size
180 kB (180224 bytes)
Hash
03364eb9ea6170328d51511d7639ba26
8523e4e64f54fc76588c0c8f58cd498ea2154858
23ff85e463672b3939302e967aae890e4ef7f489d9fc434fdfdc62f4f0995eb6

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
VirusTotal	malicious	VirusTotal - Scan result 59/73

NIDS	Severity	Alert
suricata	high	URLhaus Known malware download URL detected (2911201)
suricata	low	ET HUNTING HTTP request for resource ending in .scr
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /photo.scr HTTP/1.1
Host: cpe90-146-215-59.liwest.at
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Date: Fri, 05 Jul 2024 19:53:21 GMT
Connection: keep-alive
Server: Microsoft-WinCE/6.00
Last-Modified: Wed, 01 Feb 2017 11:58:34 GMT
Content-Type: application/octet-stream
Content-Length: 180224

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.0

IP