MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
CyberGate
Vendor detections: 16
| SHA256 hash: | b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e |
|---|---|
| SHA3-384 hash: | 27d85779d5ed1ae459c8a968af329d0705dc56ccae1e1ee1fe35e1f8608de1f4e10f663a68099bf773dc7fd64a9317e9 |
| SHA1 hash: | bbc64a56c522e962be0f6242aab2625610b39d5e |
| MD5 hash: | 8e6a9ea0f6560e985e865f243589537c |
| humanhash: | zebra-pizza-tennis-kitten |
| File name: | PDFReader.exe |
| Download: | download sample |
| Signature | CyberGate |
| File size: | 311'296 bytes |
| First seen: | 2025-05-21 22:30:16 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | cba5bd52b3e624400ffe41eb22644b79 (13 x CyberGate, 1 x njrat) |
| ssdeep | 6144:Hk4qmtrT8aeSgcHbGB2oRCiDgTDmjgIylwmQJNgkj4QQFNv0:E9KroygWbxoRLs6gzQ/z+ |
| Threatray | 101 similar samples on MalwareBazaar |
| TLSH | T1B06422B6E8CC69A6F4E21C7C163A94F46DAE55656A20EB344F0FC3ED543C4E6F486203 |
| TrID | 37.1% (.EXE) UPX compressed Win32 Executable (27066/9/6) 36.4% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 9.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win32 Executable (generic) (4504/4/1) 2.8% (.EXE) Win16/32 Executable Delphi generic (2072/23) |
| Magika | pebin |
| dhash icon | f2ceaeaeb2968eaa (68 x RedLineStealer, 21 x AgentTesla, 18 x AveMariaRAT) |
| Reporter |  skocherhan |
| Tags: | CyberGate exe thomson101 |
Intelligence
File Origin
# of uploads :
1
# of downloads :
486
Origin country :
GBVendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
HelpPane.exe
Verdict:
Malicious activity
Analysis date:
2025-05-21 22:38:16 UTC
Tags:
susp-powershell
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.Agent-36136
Win.Trojan.Agent-36200
SecuriteInfo.com.Win32.GenMalicious-CM.1024.UNOFFICIAL
Win.Worm.Explorerhijack-6999913-0
Win.Trojan.Bifrose-7001005-0
Win.Worm.Rebhip-9834633-0
ditekSHen.MALWARE.Win.Trojan.CyberGate.UNOFFICIAL
Win.Packed.Spynet-6841468-0
Win.Trojan.Cybergate-5744895-0
Win.Trojan.Agent-207854
Win.Trojan.Agent-36200
SecuriteInfo.com.Win32.GenMalicious-CM.1024.UNOFFICIAL
Win.Worm.Explorerhijack-6999913-0
Win.Trojan.Bifrose-7001005-0
Win.Worm.Rebhip-9834633-0
ditekSHen.MALWARE.Win.Trojan.CyberGate.UNOFFICIAL
Win.Packed.Spynet-6841468-0
Win.Trojan.Cybergate-5744895-0
Win.Trojan.Agent-207854
Verdict:
Malicious
Score:
99.9%
Tags:
vmdetect emotet
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file
Creating a file in the %temp% directory
Launching a process
Searching for synchronization primitives
Creating a window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Launching the default Windows debugger (dwwin.exe)
DNS request
Connection attempt
Delayed writing of the file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
anti-vm borland_delphi crypto crypto cybergate packed packed packed packed packer_detected rat rat upx
Verdict:
Malicious
Labled as:
Trojan.Llac
Malware family:
Rebhip
Verdict:
Malicious
Result
Threat name:
CyberGate
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contain functionality to detect virtual machines
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Contains functionality to register a low level keyboard hook
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Deletes itself after installation
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected CyberGate RAT
Behaviour
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
PE
Threat name:
Win32.Worm.Rebhip
Status:
Malicious
First seen:
2025-05-21 22:31:02 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
24 of 24 (100.00%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
cybergate
Similar samples:
+ 91 additional samples on MalwareBazaar
Result
Malware family:
cybergate
Score:
10/10
Tags:
family:cybergate botnet:x99 discovery persistence stealer trojan upx
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
UPX packed file
Adds Run key to start application
Deletes itself
Executes dropped EXE
Adds policy Run key to start application
Boot or Logon Autostart Execution: Active Setup
CyberGate, Rebhip
Cybergate family
Malware Config
C2 Extraction:
xx88.duckdns.org:1453
Unpacked files
SH256 hash:
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
MD5 hash:
8e6a9ea0f6560e985e865f243589537c
SHA1 hash:
bbc64a56c522e962be0f6242aab2625610b39d5e
SH256 hash:
5468be638be5902eb3d30ce8b01b1ac34b1ee26b97711f6bca95a03de5b0db24
MD5 hash:
c1bc1dfc1edf85e663718f38aac79fff
SHA1 hash:
9d01c6d2b9512720ea7723e7dec5e3f6029aee3d
SH256 hash:
80bec04a9461e7f3da4fd677743e8f42b284bdf2fa11fe3fd625dcadd59af6f3
MD5 hash:
188164d1f5c6c473a8ae96e3a99f4c8e
SHA1 hash:
6f198f9608923c1992f0ef892149a0fcf50597bc
Detections:
win_cybergate_auto
win_cybergate_w0
RAT_CyberGate
SUSP_XORed_MSDOS_Stub_Message
INDICATOR_SUSPICIOUS_EXE_SandboxProductID
MALWARE_Win_CyberGate
SH256 hash:
ae901fa363880ad311b51f9c26d19dc3d33016c81c223925002b468acb102d09
MD5 hash:
d78bb77b7fddf36ad1b2b68308179a1d
SHA1 hash:
5ae2ed65ea692e74799589badf6ecd9eb55957e8
Detections:
win_cybergate_auto
win_cybergate_w0
RAT_CyberGate
SUSP_XORed_MSDOS_Stub_Message
INDICATOR_SUSPICIOUS_EXE_SandboxProductID
MALWARE_Win_CyberGate
SH256 hash:
315ea78aeb8d8b09c1c38a94c350ad3fe5d16b4e49cce2dff0da78ce46334175
MD5 hash:
74214e7270590b06eb8a8632468fe8e2
SHA1 hash:
6722853609f678ec7eb58afbf879d2e28ae41e5f
SH256 hash:
722733565029ac1bbde370cc0083f0baf472b2ac744b6ddbd23bb358d5c01a5c
MD5 hash:
cee7cc13b9a0276eda7713c909703611
SHA1 hash:
01f17bf165f7371a54dc3e05fa9b6b110cfff471
SH256 hash:
b5d8eba7bfdf0d5d105c5b92f3b494b7ed0355891259cfeffeb75df8ab8dc1f9
MD5 hash:
9a0568b049a7581590895be1f764a61f
SHA1 hash:
50c9060ba8e0ab24a4cece684eedc5f12f7ac29f
SH256 hash:
f844823d78c96cc54edbf07a4bb6e8466aa9bf8ff8330f6f40cc4d0becb929f5
MD5 hash:
23e2a71a9a7eb63cd0ef511c9bdd7144
SHA1 hash:
7f584aef0adeea752044d5ab61d443470d2501d7
SH256 hash:
db5a652338aebdc25ac56d5494eb7530dbfb75e0f7f45b718d3bc2ed21aacbd8
MD5 hash:
7311b74453231f0029b6c4893c82bd3e
SHA1 hash:
9a05ac6364f032320bbaa2a0794eb28b6d47f69b
SH256 hash:
b87724a1b491566cb8c0fcb1118ec335810f50255873f35ab7ab53fb2679cc52
MD5 hash:
d3b85ec1564111ebe75310c20b9f6638
SHA1 hash:
9e3bae0eecea9b30360dd7e4aa5dbe84e01327cd
SH256 hash:
933d2df94574843e44a60ad7b2f55b8f38074002ed05e99921933ca811fee88d
MD5 hash:
4f18bf7d8c84fe99ead3074cbc0ebdd2
SHA1 hash:
be1cee1d84922fb66f586c8c59c21d3e286e6a36
SH256 hash:
fc36029de54037ec29de06151958e7ba622e96c0a61ee3468df19702042d676d
MD5 hash:
2cad447a37c7cc5d8985958f5aa367f7
SHA1 hash:
e06071a282e309daa2838a813100c8b9a1f3366a
SH256 hash:
2ccd794568626e2a4876135024163ed73c09a95484f251e1d71d2b63fb8f242b
MD5 hash:
5dd6edb91e1b76b5f814840b466a8e85
SHA1 hash:
1e4bcdb08ae72b83666de629cf235cbac69099f4
Detections:
win_cybergate_auto
win_cybergate_w0
RAT_CyberGate
SUSP_XORed_MSDOS_Stub_Message
INDICATOR_SUSPICIOUS_EXE_SandboxProductID
MALWARE_Win_CyberGate
SH256 hash:
1fd16ca095f1557cc8848b36633d4c570b10a2be26ec89d8a339c63c150d3b44
MD5 hash:
f920cee005589f150856d311b4e5d363
SHA1 hash:
2589fa5536331a53e9a264dd630af2bdb6f6fc00
Detections:
win_cybergate_auto
win_cybergate_w0
Malware_QA_update
Parent samples :
b64c40843b011d715c431b761680e8565383ac702f5ed80492fb30bd6aa33929
61c2d5a213f1b68ef98f2800f02697650ccf28eb38ec07635f0bffcdf18a803a
70a9324fd74829cb87228210962e4b68747f6203b4de74e061d67fc4b7f5da51
baaef35c43e34186c7e2ff97f998e41692498a2c60f78eb294bf71ae7fe1e16b
571a708504cf085b54eaed702a6c95b3189426dc20c78e42a3f1e1096d6bf044
19e71e510a71ff531afb1790500259dd4439fc56ea402c8d4baf205a03b56edc
57bf128dd42cbcebac753c89ead426c684b3f524272bad0fedb50d206c9779bc
2a17bde3e32db214b3c72b761548bf91b6e0689d1c3725a7e2d94a6a5ef3d96f
d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1
86311a5851a1ce5cd5cedd9db3de8fc5c4b60a549db33ca019e34edc19bb7490
214207ef7ad88929d21240a3826a3c9a123127f52d1b6c43a2f604dca019804c
24510f5cee3e6f4422f58dfe5142f1ebaf29ebf6bfd44c60b5213c3db32a5344
98abcc6f294bd8549a963bbeccb0e01013dd42cc61a07aa496793aa667630a2b
12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
738496124b1b2800e8e069e7131f995d1693728e27676c4550bd393f4cb96619
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
61c2d5a213f1b68ef98f2800f02697650ccf28eb38ec07635f0bffcdf18a803a
70a9324fd74829cb87228210962e4b68747f6203b4de74e061d67fc4b7f5da51
baaef35c43e34186c7e2ff97f998e41692498a2c60f78eb294bf71ae7fe1e16b
571a708504cf085b54eaed702a6c95b3189426dc20c78e42a3f1e1096d6bf044
19e71e510a71ff531afb1790500259dd4439fc56ea402c8d4baf205a03b56edc
57bf128dd42cbcebac753c89ead426c684b3f524272bad0fedb50d206c9779bc
2a17bde3e32db214b3c72b761548bf91b6e0689d1c3725a7e2d94a6a5ef3d96f
d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1
86311a5851a1ce5cd5cedd9db3de8fc5c4b60a549db33ca019e34edc19bb7490
214207ef7ad88929d21240a3826a3c9a123127f52d1b6c43a2f604dca019804c
24510f5cee3e6f4422f58dfe5142f1ebaf29ebf6bfd44c60b5213c3db32a5344
98abcc6f294bd8549a963bbeccb0e01013dd42cc61a07aa496793aa667630a2b
12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
738496124b1b2800e8e069e7131f995d1693728e27676c4550bd393f4cb96619
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
SH256 hash:
fc50cb7d6cb4f18992363fcba1473464f526d5c574f4bfbdbed9e025a2072bbe
MD5 hash:
6953ffcb135a8355e6e6ad6531ec8e39
SHA1 hash:
8dea89a2c585db0c1a00666a3bf9f06b50d79f1c
Detections:
INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Parent samples :
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
SH256 hash:
6b7628cf46aede0c11a52a82c72a98bbebcdafe4bbd79de253e54c6f74afd16e
MD5 hash:
f530740b15b6c3b12af8b4562d2ebc17
SHA1 hash:
c3ecdd4431dcadd4d56f2bc68386ea94ecfb9323
SH256 hash:
af6daaf1027b5544587eb27b9cbea45be19499e4b921a27be2f303fc6dad8dd1
MD5 hash:
f8da9d10e039115a2c4c9f9fd9008cf4
SHA1 hash:
c13df6dad5f7faf5ba57f3b0952d7446e82a93d9
Malware family:
CyberGate
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | Borland |
|---|---|
| Author: | malware-lu |
| Rule name: | Check_Dlls |
|---|
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | DebuggerCheck__QueryInfo |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_SandboxProductID |
|---|---|
| Author: | ditekSHen |
| Description: | Detects binaries and memory artifacts referencing sandbox product IDs |
| Rule name: | Malware_QA_update |
|---|---|
| Author: | Florian Roth (Nextron Systems) |
| Description: | VT Research QA uploaded malware - file update.exe |
| Reference: | VT Research QA |
| Rule name: | Malware_QA_update_RID2DAD |
|---|---|
| Author: | Florian Roth |
| Description: | VT Research QA uploaded malware - file update.exe |
| Reference: | VT Research QA |
| Rule name: | MALWARE_Win_CyberGate |
|---|---|
| Author: | ditekSHen |
| Description: | Detects CyberGate/Spyrat/Rebhip RTA |
| Rule name: | MD5_Constants |
|---|---|
| Author: | phoul (@phoul) |
| Description: | Look for MD5 constants |
| Rule name: | pe_detect_tls_callbacks |
|---|
| Rule name: | RAT_CyberGate |
|---|---|
| Author: | Kevin Breen <kevin@techanarchy.net> |
| Description: | Detects CyberGate RAT |
| Reference: | http://malwareconfig.com/stats/CyberGate |
| Rule name: | SUSP_XORed_MSDOS_Stub_Message |
|---|---|
| Author: | Florian Roth |
| Description: | Detects suspicious XORed MSDOS stub message |
| Reference: | https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings |
| Rule name: | Sus_Obf_Enc_Spoof_Hide_PE |
|---|---|
| Author: | XiAnzheng |
| Description: | Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP) |
| Rule name: | test_Malaysia |
|---|---|
| Author: | rectifyq |
| Description: | Detects file containing malaysia string |
| Rule name: | ThreadControl__Context |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| Rule name: | UPX20030XMarkusOberhumerLaszloMolnarJohnReiser |
|---|---|
| Author: | malware-lu |
| Rule name: | UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser |
|---|---|
| Author: | malware-lu |
| Rule name: | UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser |
|---|---|
| Author: | malware-lu |
| Rule name: | UPXv20MarkusLaszloReiser |
|---|---|
| Author: | malware-lu |
| Rule name: | upx_3 |
|---|---|
| Author: | Kevin Falcoz |
| Description: | UPX 3.X |
| Rule name: | upx_largefile |
|---|---|
| Author: | k3nr9 |
| Rule name: | vmdetect |
|---|---|
| Author: | nex |
| Description: | Possibly employs anti-virtualization techniques |
| Rule name: | Windows_Generic_Threat_073909cf |
|---|---|
| Author: | Elastic Security |
| Rule name: | Windows_Trojan_CyberGate_517aac7d |
|---|---|
| Author: | Elastic Security |
| Rule name: | Windows_Trojan_CyberGate_9996d800 |
|---|---|
| Author: | Elastic Security |
| Rule name: | Windows_Trojan_CyberGate_c219a2f3 |
|---|---|
| Author: | Elastic Security |
| Rule name: | win_cybergate_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | autogenerated rule brought to you by yara-signator |
| Rule name: | win_cybergate_w0 |
|---|---|
| Author: | Kevin Breen <kevin@techanarchy.net> |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.