Report - palaugov.org/wp-content/uploads/2016/01/TaxFiling-1.zip

Report Overview

Submitted URL
palaugov.org/wp-content/uploads/2016/01/TaxFiling-1.zip
IP
198.46.94.112
ASN
#22611 INMOTION
Submitted
2024-04-26 09:56:29
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
palaugov.org	unknown	unknown	No data	No data	509 B	511 B	198.46.94.112
palaugov.pw	124477	2015-01-13	2016-03-15	2020-05-28	424 B	19 MB	35.213.182.202

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
palaugov.pw/wp-content/uploads/2016/01/TaxFiling-1.zip
IP
35.213.182.202
ASN
#15169 GOOGLE

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
19 MB (18589994 bytes)
Hash
685447c5885d34df320bb7065715137b
87704ff0ec11d2e1d1ce9768014d579b8a52476d
5daaa42cec9c32b186ad5b4791bfeea339802c3976d1eff823d95e9e1e57f0a9

Archive (35)

Filename

Md5

File type

dockLayout.xml

e5d5f40c49e1f3132ce949040ac7a091

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

EnvDTE.dll

5ced75dc6415d2f84520c609210860e5

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

EnvDTE.xml

9af4d87689fe4e4ffd5d293721b705bf

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

tax100_employee.xls

58841b4cfb9d21a52a36c652f003b3b2

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 950, Author: dt, Last Saved By: User, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Sep 21 04:43:06 2015, Last Saved Time/Date: Mon Sep 28 07:28:00 2015, Security: 0

w2_employee.xls

f56bf66db51fcfa4cd84e51b7241a452

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 950, Author: dt, Last Saved By: User, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Sep 21 05:12:54 2015, Last Saved Time/Date: Mon Sep 28 07:28:42 2015, Security: 0

ICSharpCode.SharpZipLib.dll

c8164876b6f66616d68387443621510c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft ReportViewer.msi

c13cebdfb4e64bc97cd145cda28bccda

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft Report Viewer 2012 Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Microsoft Report Viewer 2012 Runtime MSI, Template: Intel;1033, Revision Number: {1DDDC395-38F6-45E1-B012-865CD92CC8E7}, Create Time/Date: Fri Aug 30 00:48:24 2013, Last Saved Time/Date: Fri Aug 30 00:48:24 2013, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML v0.0.0.0, Security: 2

Readme.txt

b1efb1ecb494c8f0cae1b69d631def16

ASCII text, with CRLF line terminators

SQL System CLR Types (32 Bit Installer).msi

7ac710a153a554124490479080d2159f

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft System CLR Types for SQL Server 2012, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Microsoft System CLR Types for SQL Server 2012 MSI, Template: Intel;1033, Revision Number: {D1958ACA-F0FC-44FD-910B-5D70C13C6411}, Create Time/Date: Sat Feb 11 23:59:14 2012, Last Saved Time/Date: Sat Feb 11 23:59:14 2012, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML v0.0.0.0, Security: 2

SQL System CLR Types (64 Bit Installer).msi

42a2affc4b3ad1cc70bcba17be24af44

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft System CLR Types for SQL Server 2012 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Microsoft System CLR Types for SQL Server 2012 (x64) MSI, Template: x64;1033, Revision Number: {B802A9F5-42EA-446B-A13F-0557FFAD5E0B}, Create Time/Date: Sun Feb 12 03:06:42 2012, Last Saved Time/Date: Sun Feb 12 03:06:42 2012, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML v0.0.0.0, Security: 2

NPOI.dll

5bc2a54da0f94d95fec985417498dc29

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NPOI.OOXML.dll

050133e5090302ca7d637d65138be624

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NPOI.OOXML.xml

c8ec3c3aae92bc1ce109c440079ad976

XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators

NPOI.OpenXml4Net.dll

cef5cf2e85229e7e419f9feec0e391d7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NPOI.OpenXml4Net.xml

d8b39728e3d7cfe9478b5c31a23f45d0

XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators

NPOI.OpenXmlFormats.dll

12fb072c1910ff7c613ba0946fa23c66

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NPOI.xml

06573a00067d11937f1d34a579f32058

XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators

saveFeeds.xml

799dd9b321b1ff34130b93e454512bfd

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

stdole.dll

a390735ec9f5136a1228c5c855672848

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

TaxFiling.exe

a7eac0f5d711167a70170d26c5b6d520

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

TaxFiling.exe.config

d643aff089c9657e22ffa2ee868be020

XML 1.0 document, ASCII text, with very long lines (301), with CRLF line terminators

TaxFiling.pdb

3b9db3db63eaa83684c9304c60a54ce6

MSVC program database ver 7.00, 512*703 bytes

TaxFiling.vshost.exe

c243735fc91d039eba1f7d1b84e26037

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

TaxFiling.vshost.exe.config

b49361f9d96b73acecc2c4f83f133f0c

XML 1.0 document, ASCII text, with very long lines (301), with CRLF line terminators

Telerik.WinControls.dll

6c0ca747e2d8591d78d7acd041f75b8a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.GridView.dll

5e27cfcd05a824bb53547664e6208c5b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.RadDock.dll

b5d04b02942f5933f32942cc4368f2cf

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.Themes.HighContrastBlack.dll

695d1e4002ff0fbec10e2b55f60d84fb

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.Themes.Office2010Black.dll

00c056c1382e45f2a5628566b9540f69

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.Themes.Office2010Blue.dll

d82108cc52b5f7bfc15e03ae509e2607

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.Themes.Office2010Silver.dll

71e78df4898e29282f2426fbb6c170aa

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.Themes.TelerikMetro.dll

9dc7abba2858804f55e284ade453622c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.UI.Design.dll

11dc5e03fe2d10c3c9fcba23270b2d6b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Telerik.WinControls.UI.dll

b120b65af326fe6a735f2d427fca1069

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

TelerikCommon.dll

bcfd647c41325cac42fba9245136fc4b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

palaugov.org/wp-content/uploads/2016/01/TaxFiling-1.zip

198.46.94.112

301 Moved Permanently

269 B

URL User Request GET HTTP/2
palaugov.org/wp-content/uploads/2016/01/TaxFiling-1.zip
IP
198.46.94.112:443
ASN
#22611 INMOTION

Certificate
IssuercPanel, Inc.
Subjectpalaugov.org
FingerprintB0:64:7B:E0:55:10:08:87:0F:A3:84:CE:0A:06:6E:28:92:B3:6F:7F
ValidityWed, 06 Mar 2024 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
269 B (269 bytes)
Hash
6effb8a3b740ba53bf751594659df6bf
8731ef6f06b882aded11ec4014a6c273e3ecf7e0
6bb8695eb2e0e99adf81638678c92bdfa571c12fff7ff0b6507387c0e299e970

HTTP Headers

GET /wp-content/uploads/2016/01/TaxFiling-1.zip HTTP/1.1
Host: palaugov.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: http://palaugov.pw/wp-content/uploads/2016/01/TaxFiling-1.zip
content-length: 269
content-type: text/html; charset=iso-8859-1
date: Fri, 26 Apr 2024 09:55:56 GMT
server: Apache
X-Firefox-Spdy: h2

palaugov.pw/wp-content/uploads/2016/01/TaxFiling-1.zip

35.213.182.202

200 OK

19 MB

URL User Request GET HTTP/1.1
palaugov.pw/wp-content/uploads/2016/01/TaxFiling-1.zip
IP
35.213.182.202:80
ASN
#15169 GOOGLE

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
19 MB (18589994 bytes)
Hash
685447c5885d34df320bb7065715137b
87704ff0ec11d2e1d1ce9768014d579b8a52476d
5daaa42cec9c32b186ad5b4791bfeea339802c3976d1eff823d95e9e1e57f0a9

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

HTTP Headers

GET /wp-content/uploads/2016/01/TaxFiling-1.zip HTTP/1.1
Host: palaugov.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 09:55:57 GMT
Content-Type: application/zip
Content-Length: 18589994
Last-Modified: Tue, 18 Sep 2018 07:23:20 GMT
Connection: keep-alive
ETag: "5ba0a7e8-11ba92a"
Expires: Wed, 23 Oct 2024 09:55:57 GMT
Cache-Control: max-age=15552000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (35)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers