Report - xx.oxcg8.ru.com/.xn/drive/new%20drv.zip

Report Overview

Submitted URL
xx.oxcg8.ru.com/.xn/drive/new%20drv.zip
IP
89.117.148.30
ASN
#40021 NL-811-40021
Submitted
2024-03-29 15:27:57
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xx.oxcg8.ru.com	unknown	2023-08-26	2024-03-21	2024-03-22	493 B	151 kB	89.117.148.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	xx.oxcg8.ru.com/.xn/drive/new%20drv.zip	Phishing Kit impersonating OneDrive

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
xx.oxcg8.ru.com/.xn/drive/new%20drv.zip
IP
89.117.148.30
ASN
#40021 NL-811-40021

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
151 kB (150941 bytes)
Hash
83941ef5b4ac19ae73b2932531399920
ff38789fc0e8890d42702883801dc87cf953e0d1
e52271234edcba9d50c84bb2e32be0ebfff0fc3fcd526ab94f143b470a7cae6e

Archive (15)

Modified	Filename	Size	Md5	File type
2019-04-29 15:49	.DS_Store	6.1 kB	666db52b23bd7d86aa1c629cb7922c37	Apple Desktop Services Store
2018-06-17 06:41	sync.php	3.4 kB	5d37e61898cbf21f44fbb0a245a33896	PHP script, ASCII text, with CRLF line terminators
2018-06-18 06:00	auth.php	5.7 kB	50677c2a10089027a664ad9b61b15b82	PHP script, ASCII text, with CRLF line terminators
2018-06-18 06:27	login.php	5.8 kB	94aec896cb6ac7514ec0d39de6a987df	PHP script, ASCII text, with CRLF line terminators
2023-05-26 22:43	mail.php	121 B	e37fad84f529b5941deb6732819f0599	PHP script, ASCII text
2018-06-18 05:39	0.jpg	21 kB	8a596db47a14b4131a064689b18cd9ae	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, xresolution=98, yresolution=106, resolutionunit=2, software=paint.net 4.0.1], progressive, precision 8, 800x343, components 3
2018-06-18 05:40	1.gif	28 kB	d0c2f735a5d56e3f1f55faf6e3addf44	GIF image data, version 89a, 469 x 188
2018-06-18 05:54	favicon.ico	7.9 kB	1195bfe885af7c60b352a3b3bef7e42c	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
2018-06-17 06:41	robots.txt	1.3 kB	f314da1c5a277b3e72edfcc71017eca7	ASCII text, with CRLF line terminators
2018-06-18 06:39	error.php	3.3 kB	589911adee90e25a3a3325a7917cc236	PHP script, ASCII text, with CRLF line terminators
2018-06-18 06:32	index.php	236 B	728247ff75af50f442704606fea1d495	PHP script, ASCII text, with CRLF line terminators
2018-06-18 06:29	api.php	2.7 kB	f6158ac76d02f687b3ccfe7353a136e3	PHP script, ASCII text, with very long lines (1302), with CRLF line terminators
2018-06-17 06:41	.htaccess	8.1 kB	05e6d0dc18ce40a278c849cfe9b35c4a	ASCII text, with CRLF line terminators
2019-04-09 03:20	drive.php	5.8 kB	a5db4dde17d351358fa2d42637877045	HTML document, ASCII text, with CRLF line terminators
2019-06-15 17:12	1.PNG	96 kB	f19b8d190062c9f25c9898e2e16d8c85	PNG image data, 1249 x 626, 8-bit/color RGBA, non-interlaced

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating OneDrive
VirusTotal	malicious	VirusTotal - Scan result 11/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

xx.oxcg8.ru.com/.xn/drive/new%20drv.zip

89.117.148.30

200 OK

151 kB

URL User Request GET HTTP/1.1
xx.oxcg8.ru.com/.xn/drive/new%20drv.zip
IP
89.117.148.30:443
ASN
#40021 NL-811-40021

Certificate
IssuerLet's Encrypt
Subjectxx.oxcg8.ru.com
Fingerprint5F:83:A2:EB:13:F1:C5:75:FB:E2:02:3E:51:12:B8:54:F2:4F:4C:D7
ValidityThu, 21 Mar 2024 07:27:43 GMT - Wed, 19 Jun 2024 07:27:42 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
151 kB (150941 bytes)
Hash
83941ef5b4ac19ae73b2932531399920
ff38789fc0e8890d42702883801dc87cf953e0d1
e52271234edcba9d50c84bb2e32be0ebfff0fc3fcd526ab94f143b470a7cae6e

Detections

Analyzer	Verdict	Alert
Phishing Kit YARA rules	phishing	Phishing Kit impersonating OneDrive
VirusTotal	malicious	VirusTotal - Scan result 11/61

HTTP Headers

GET /.xn/drive/new%20drv.zip HTTP/1.1
Host: xx.oxcg8.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 15:27:32 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2024 14:23:30 GMT
Accept-Ranges: bytes
Content-Length: 150941
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (15)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers