Report - deinmeister.de/asmtut3.zip

Report Overview

Submitted URL
deinmeister.de/asmtut3.zip
IP
217.160.0.203
ASN
#8560 IONOS SE
Submitted
2024-05-05 06:21:00
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
deinmeister.de	unknown	unknown	2016-06-05	2023-12-12	480 B	94 kB	217.160.0.203
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-03	512 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
deinmeister.de/asmtut3.zip
IP
217.160.0.203
ASN
#8560 IONOS SE

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
94 kB (93539 bytes)
Hash
f252aef2d8421f8ffac6f5078ef8b621
b2df2118537d3a3d3bae7b3916241c1502edd2db
ed86d24ef12eba2012f34dc5a231eb9848d234e170f8bcc83509ea945537ebf3

Archive (28)

Filename

Md5

File type

MAKE.BAT

979230d111cc44ed29b68f7c605269d9

DOS batch file, ASCII text, with CRLF line terminators

win004_n.exe

6d82116a22e4290622415b0fbd2401ad

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

cleanup.inc

49271ab3fdad955c6795bd71b7da19a2

ASCII text, with CRLF line terminators

cleanup_n.inc

6f472f74bb6e6ed86cf959a8854eb343

ASCII text, with CRLF line terminators

msgproc.inc

48c25715465e4ef4ab2b568ea6ac6ec7

ASCII text, with CRLF line terminators

msgproc_n.inc

48c25715465e4ef4ab2b568ea6ac6ec7

ASCII text, with CRLF line terminators

rdfile.inc

1061d70e037b4050d64843685208c641

ASCII text, with CRLF line terminators

rdfile_n.inc

90ec67074cbc9604b4f1df4b865e3744

ASCII text, with CRLF line terminators

startup.inc

90fa28410500b93b9126cc8726af2548

ISO-8859 text, with CRLF line terminators

startup_n.inc

c0dd51c59d5619ab193519c08fb9b7bf

Generic INItialization configuration [GetProcAddress]

thrd1.inc

ef1ec8418ece01de3d276c547b9a8a52

ASCII text, with CRLF line terminators

thrd1_n.inc

6d8f85532c24471f4b85b5c513822c36

ASCII text, with CRLF line terminators

thrd2.inc

840157d9ddcd918b09d2b5b552418e6e

ISO-8859 text, with CRLF line terminators

thrd2_n.inc

39e1c636048ac2d6360716743f4ee876

Generic INItialization configuration [SetThreadPriority]

thrd34.inc

65c99fcc275e3b8da8c75bbb04e7dbdb

ASCII text, with CRLF line terminators

thrd34_n.inc

f1308c260482d3e247a038c4e9acd326

Generic INItialization configuration [timeGetTime]

win004.asm

c43bca0d6a209d0fb734b71ffd492235

ASCII text, with CRLF line terminators

win004_n.asm

f8d70cdf1f89be7ecf308c45f4d77ac2

ASCII text, with CRLF line terminators

cursor.cur

68e710d12c72553a35e84091ae50901f

MS Windows icon resource - 1 icon, 32x32, 4 colors

back.raw

c1e87edb4c04bf1e9daa2432010b4277

ISO-8859 text, with very long lines (65536), with no line terminators

boat.raw

721259d64fef119cd6b8518e65997e21

data

moon.raw

3f55eadb9b44644d37ee8da14a6973cb

data

sun.raw

52906296eee606c1387658c3da0c5917

data

Win004.rc

f7c763033affeed3206e0d103d891c30

ASCII text, with CRLF line terminators

win004.EXE

b8c35e2b952b5a1e22c70df5efd50964

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

birne.ico

b7bdee0e6b7fd8ce019a67bbedd30fe1

MS Windows icon resource - 1 icon, 32x32, 4 colors

MEINICON.ICO

62cc1494c7931e0e98a82217f6e8ddff

MS Windows icon resource - 1 icon, 32x32, 4 colors

INFO.TXT

0b3dc4cb3fe28fb07291047b32e2fd3d

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/48

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

deinmeister.de/asmtut3.zip

217.160.0.203

200 OK

94 kB

URL User Request GET HTTP/2
deinmeister.de/asmtut3.zip
IP
217.160.0.203:443
ASN
#8560 IONOS SE

Certificate
IssuerDigiCert Inc
Subject*.deinmeister.de
FingerprintC8:B8:EB:EA:E7:B9:6B:A4:31:B2:BB:F6:5F:11:44:E1:D7:3F:F6:9B
ValidityTue, 22 Aug 2023 00:00:00 GMT - Tue, 03 Sep 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
94 kB (93539 bytes)
Hash
f252aef2d8421f8ffac6f5078ef8b621
b2df2118537d3a3d3bae7b3916241c1502edd2db
ed86d24ef12eba2012f34dc5a231eb9848d234e170f8bcc83509ea945537ebf3

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/48

HTTP Headers

GET /asmtut3.zip HTTP/1.1
Host: deinmeister.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 93539
date: Sun, 05 May 2024 06:20:35 GMT
server: Apache
last-modified: Sun, 15 Nov 2009 23:00:02 GMT
etag: "16d63-47870da5c6080"
accept-ranges: bytes
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
aa33725c2d0a3d1c2f9c878d64914807
6e83d13ec860384a977738b04ff0891a01ab519a
fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 06:20:54 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=YN2wwokaBGAwQvB8m50qPCPtiL4yz7snog313Kn2TBg3r5rvK8B76gtbbHXxsnVpObl0mFdYKmH1KEenB9cnCvYP4VEyKUtgz4KOb8cg6i9kgc6ZB_P4ihKv7CuL1m8k
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (28)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers