Report - oketado.ru/files/shared/misc/darkstone-fixsaver.7z

Report Overview

Submitted URL
oketado.ru/files/shared/misc/darkstone-fixsaver.7z
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 00:33:32
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
oketado.ru	unknown	2017-01-21	2019-06-14	2024-04-15	504 B	5.8 MB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
oketado.ru/files/shared/misc/darkstone-fixsaver.7z
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET

File type
7-zip archive data, version 0.4
Size
5.8 MB (5847844 bytes)
Hash
7139ee6d33f6cdd57e0565fe779bcaa2
f842b5c48838de41dbbbf52391264d076a48db96
a629b6a99313103083beaea26fd3f79d5c0f8f035c11e303d5f84cd48ce618c3

Archive (10)

Filename

Md5

File type

readme.pdf

af2854c63c4cdae65a560d9c7d3ddb94

PDF document, version 1.4, 8 pages

checksum.md5

5c44825bd84ca21485a237d32c9d7037

ASCII text, with CRLF line terminators

dates.sh

ebb908dde9c1356e63ea0a23090fb25c

Bourne-Again shell script, ASCII text executable

FixSaver.cpp

8fee4800122e4f6c858df202029f3b6f

C source, ASCII text, with CRLF line terminators

script.cmd

3467fe49670e9254978fd50116bb084a

DOS batch file, ASCII text

script.sh

1b010ec547cd26dd331238a9bfb6fcb0

Bourne-Again shell script, ASCII text executable

FixSaver.exe

f829b81f5cc64a9caf6c0cf71835604c

PE32 executable (GUI) Intel 80386, for MS Windows, 16 sections

bash.exe

0547508ad9a40d71df3f06c7d1382008

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

busybox.exe

0547508ad9a40d71df3f06c7d1382008

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

sfk.exe

2b8470e8459debb573d331f02fec430d

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/59

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

oketado.ru/files/shared/misc/darkstone-fixsaver.7z

188.114.96.1

200 OK

5.8 MB

URL User Request GET HTTP/2
oketado.ru/files/shared/misc/darkstone-fixsaver.7z
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectoketado.ru
FingerprintC1:52:C2:76:68:38:64:1C:D3:8E:61:51:0C:11:1F:BF:DD:82:9D:51
ValidityMon, 15 Apr 2024 08:22:45 GMT - Sun, 14 Jul 2024 08:22:44 GMT

File type
7-zip archive data, version 0.4
Size
5.8 MB (5847844 bytes)
Hash
7139ee6d33f6cdd57e0565fe779bcaa2
f842b5c48838de41dbbbf52391264d076a48db96
a629b6a99313103083beaea26fd3f79d5c0f8f035c11e303d5f84cd48ce618c3

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/59

HTTP Headers

GET /files/shared/misc/darkstone-fixsaver.7z HTTP/1.1
Host: oketado.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:33:04 GMT
content-type: application/x-7z-compressed
content-length: 5847844
last-modified: Sat, 28 Nov 2020 14:37:35 GMT
etag: "593b24-5b52bb7c649c0"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qOJ9%2BIi4LeB9i7HN1ZM8eRWpoRk9hsLwY%2Fuq6u8axQmd4Z00ufVDIx5uJW4zTBP1te%2BLE7W0y5LMqxaJ1Amx9oRM93R%2FukoQU236RV0Nq%2F8aHCwxL2nfYm3u0oo%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a27ab30c29b52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (10)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers