Report - arecorugbyclub.com.ar/index-carpeta.zip

Report Overview

Submitted URL
arecorugbyclub.com.ar/index-carpeta.zip
IP
167.250.5.31
ASN
#264649 NUT HOST SRL
Submitted
2024-04-19 15:49:01
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
17

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
arecorugbyclub.com.ar	unknown	2022-05-16	2016-02-12	2023-06-08	493 B	220 kB	167.250.5.31

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
arecorugbyclub.com.ar/index-carpeta.zip
IP
167.250.5.31
ASN
#264649 NUT HOST SRL

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
219 kB (219426 bytes)
Hash
79be5f17e36ceb6e3528939f893ae257
707934be8044badc2ffdd11894fc24b0343a91ed
61f0245119d9fe726a4b268adae89b09e0891e249ea33082502c36b45b6fbd15

Archive (23)

Filename

Md5

File type

.htaccess.old

cbc45c6939a0915ac95ea780282e0b8a

Unicode text, UTF-8 text

robots.txt

7f20ae400b2cfb1b58092f29ea9cf2c6

ASCII text

jydczodf.php

a52bb98f00751fc8ef0710f708b9bc26

PHP script, ASCII text, with very long lines (15114), with no line terminators

expect.php

a8a77475b6667657c8d0dabf486bea5d

data

ofpmilma.php

3addf0fc4596400107815464b7ba607f

PHP script, ASCII text, with very long lines (15504), with no line terminators

ORVX-y1OZFN.php

be47c30c46478a4805e34d0e9c60394f

PHP script, ASCII text, with CRLF line terminators

as.php

7ef00d92277cea24c253d2d8ff7affdd

PHP script, ASCII text, with very long lines (32511), with CRLF line terminators

test-iam.php

313d12465604c221c55a91b25822ba2f

PHP script, ASCII text

unZIPpeRmhp.php

a36a17795fc1a8cef886fc8d33b0d638

PHP script, ASCII text, with very long lines (24750), with no line terminators

unZIPpeRgzq.php

a36a17795fc1a8cef886fc8d33b0d638

PHP script, ASCII text, with very long lines (24750), with no line terminators

chosen.php

688d8adf03edd67896759b721d231b11

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

recollection.php

e07d6db6aa71dae9563fd9c9071341d0

PHP script, ASCII text, with very long lines (5924), with CRLF line terminators

.htaccess

9d9dec17fb8848fe7044d887e0d71ec1

Unicode text, UTF-8 text, with CRLF, LF line terminators

.htaccess.old

9d9dec17fb8848fe7044d887e0d71ec1

Unicode text, UTF-8 text, with CRLF, LF line terminators

.htaccess

25bb22c19afb7ef30154326024078c9e

Unicode text, UTF-8 text, with CRLF, LF line terminators

ytuygybt.php

3cc620a09a14970db0a5cb06de3d9406

PHP script, ASCII text, with very long lines (15069), with no line terminators

tomftyji.php

b1522ae9c90a600cbd325d1f0e351229

PHP script, ASCII text, with very long lines (15119), with no line terminators

index.php

c8fc4111e81daa9b1312de674203130e

PHP script, ASCII text, with very long lines (5923), with CRLF line terminators

test-qng.php

313d12465604c221c55a91b25822ba2f

PHP script, ASCII text

iwyaxxzm.php

cc7ad3ddaa54483072b2de131b2495c9

PHP script, ASCII text

good.php

28879375890c16738377b0e9e502f743

PHP script, ASCII text, with very long lines (5923), with CRLF line terminators

smmpkrok.php

a52bb98f00751fc8ef0710f708b9bc26

PHP script, ASCII text, with very long lines (15114), with no line terminators

simple.php

76ed6acd84fec28ff713050f40d61baa

PHP script, ASCII text, with very long lines (332), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	arecorugbyclub.com.ar/index-carpeta.zip	167.250.5.31	200 OK	219 kB
URL User Request GET HTTP/2 arecorugbyclub.com.ar/index-carpeta.zip IP 167.250.5.31:443 ASN #264649 NUT HOST SRL Certificate IssuercPanel, Inc. Subjectarecorugbyclub.com.ar Fingerprint82:A2:62:15:47:10:2C:2E:04:56:EF:EE:37:EE:12:10:F6:2A:BC:5D ValidityWed, 06 Mar 2024 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 219 kB (219426 bytes) Hash 79be5f17e36ceb6e3528939f893ae257 707934be8044badc2ffdd11894fc24b0343a91ed 61f0245119d9fe726a4b268adae89b09e0891e249ea33082502c36b45b6fbd15 HTTP Headers `GET /index-carpeta.zip HTTP/1.1 Host: arecorugbyclub.com.ar User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK last-modified: Wed, 17 Apr 2024 00:04:04 GMT accept-ranges: bytes content-length: 219426 content-type: application/zip date: Fri, 19 Apr 2024 15:48:36 GMT server: Apache X-Firefox-Spdy: h2`

arecorugbyclub.com.ar/index-carpeta.zip

167.250.5.31

200 OK

219 kB

URL User Request GET HTTP/2
arecorugbyclub.com.ar/index-carpeta.zip
IP
167.250.5.31:443
ASN
#264649 NUT HOST SRL

Certificate
IssuercPanel, Inc.
Subjectarecorugbyclub.com.ar
Fingerprint82:A2:62:15:47:10:2C:2E:04:56:EF:EE:37:EE:12:10:F6:2A:BC:5D
ValidityWed, 06 Mar 2024 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
219 kB (219426 bytes)
Hash
79be5f17e36ceb6e3528939f893ae257
707934be8044badc2ffdd11894fc24b0343a91ed
61f0245119d9fe726a4b268adae89b09e0891e249ea33082502c36b45b6fbd15

HTTP Headers

GET /index-carpeta.zip HTTP/1.1
Host: arecorugbyclub.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 00:04:04 GMT
accept-ranges: bytes
content-length: 219426
content-type: application/zip
date: Fri, 19 Apr 2024 15:48:36 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (23)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers