Report Overview
Submitted URL
rsx.webythebrain.com/win/WePlus.msi
IP
122.155.167.87
ASN
#9335 CAT Telecom Public Company Limited
Submitted
2024-04-18 13:57:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
rsx.webythebrain.com | unknown | 2012-11-23 | 2023-11-05 | 2023-11-05 | 489 B | 577 kB | 122.155.167.87 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-04-18 | medium | rsx.webythebrain.com/win/WePlus.msi | Detects POC code from disclosed 0day hacktool set |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
rsx.webythebrain.com/win/WePlus.msi
IP
122.155.167.87
ASN
#9335 CAT Telecom Public Company Limited
File type
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {C5869FB8-7CC1-49B8-B0AE-FABA0D87DD64}, Number of Words: 2, Subject: WEPLUS ONLINE, Author: We By The Brain, Name of Creating Application: Advanced Installer 16.5 build 8df7ad95, Template: ;1033, Comments: This installer database contains the logic and data required to install WEPLUS ONLINE., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Size
576 kB (576512 bytes)
Hash
59d47042d4d55974ffafcf6613b8fb8f
76d9cbab50ff61fda4a67d298f1ce34722689566
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects POC code from disclosed 0day hacktool set |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
rsx.webythebrain.com/win/WePlus.msi | 122.155.167.87 | 576 kB | |||||||||||
Detections
HTTP Headers
| |||||||||||||