Report - webcdn.triongames.com/redis/dxwebsetup.exe

Report Overview

Visited public
2023-12-06 02:02:16
Tags
Submit Tags
URL
webcdn.triongames.com/redis/dxwebsetup.exe
Finishing URL
about:privatebrowsing
IP / ASN
23.36.76.184
#20940 Akamai International B.V.
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webcdn.triongames.com	unknown	2005-12-26	2013-04-24 22:10:44	2023-11-22 01:45:02	508 B	296 kB	23.36.76.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-06	medium	webcdn.triongames.com/redis/dxwebsetup.exe	detect_Redline_Stealer

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET webcdn.triongames.com/redis/dxwebsetup.exe

23.36.76.184

200 OK

295 kB

URL User Request GET HTTP/2
webcdn.triongames.com/redis/dxwebsetup.exe
IP
23.36.76.184:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerLet's Encrypt
Subjectwebcdn.triongames.com
Fingerprint48:9F:15:F4:C1:D8:E1:57:8E:A9:32:4D:A2:4A:9B:A3:D8:A5:9D:40
ValidityThu, 16 Nov 2023 17:11:28 GMT - Wed, 14 Feb 2024 17:11:27 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive\012- data
Size
295 kB (295320 bytes)
Hash
2cbd6ad183914a0c554f0739069e77d7
7bf35f2afca666078db35ca95130beb2e3782212
2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	detect_Redline_Stealer

HTTP Headers

GET /redis/dxwebsetup.exe HTTP/1.1
Host: webcdn.triongames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPpQ7FYfnSF_WiJ151055B7sFbCsppKyFADFQ9AaZ7V5cMmlQGK2XiCiJPuJHVkSuVnQkY0
last-modified: Fri, 26 Feb 2021 19:29:09 GMT
etag: "2cbd6ad183914a0c554f0739069e77d7"
server: UploadServer
x-goog-generation: 1614367749869734
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 295320
content-type: application/x-msdos-program
x-goog-hash: crc32c=lvIF3g==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 295320
cache-control: public, max-age=3574
date: Wed, 06 Dec 2023 02:01:59 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers