Report - feiranx.mizbans.site/Remote

Report Overview

Submitted URL
feiranx.mizbans.site/Remote_.zip
IP
54.37.198.211
ASN
#16276 OVH SAS
Submitted
2024-04-26 15:35:10
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
feiranx.mizbans.site	unknown	unknown	No data	No data	486 B	42 kB	54.37.198.211

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
feiranx.mizbans.site/Remote_.zip
IP
54.37.198.211
ASN
#16276 OVH SAS

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
42 kB (41709 bytes)
Hash
b214a3a2c7e4a1ce770265dc934adede
acb1f49cb72c42fb82bd06646f331a3d2fb8709a
efa525b193dd3e29508c3f45599a692daafbedf8bbc67c6faef2db7e41503d85

Archive (25)

Filename

Md5

File type

sms.txt

6b87f56904e0bcd54c2599534b90b3d4

Unicode text, UTF-8 text, with very long lines (545), with CRLF, CR, LF line terminators

jdf.php

df4b6e6c7131bcb694e14c1e9292477b

PHP script, Unicode text, UTF-8 text

ftext.txt

ed7921806e4c671ee8aef04994558f22

ASCII text, with no line terminators

contact.php

8aca037110cc31ba16fcff5a01b45a54

PHP script, Unicode text, UTF-8 text, with CRLF line terminators

num.txt

54495605f0d9e34a0ba2f039b6b7a0e8

ASCII text

contact.txt

d5b101473236369625edb1116768531c

ASCII text

smsbomber.txt

3665a76e271ada5a75368b99f774e404

ASCII text, with no line terminators

nump

d41d8cd98f00b204e9800998ecf8427e

Amirsad.php

093d250df6f97915a6ed39a79b51ef4f

PHP script, Unicode text, UTF-8 text

fsms.txt

d41d8cd98f00b204e9800998ecf8427e

actionbuy.txt

3262d48df5d75e3452f0f16b313b7808

ASCII text, with no line terminators

autohide.txt

3262d48df5d75e3452f0f16b313b7808

ASCII text, with no line terminators

id.txt

99999ebcfdb78df077ad2727fd00969f

ASCII text, with no line terminators

error_log

702ac8738dd393e76cdf95d2a73d6d7b

ASCII text, with very long lines (2841), with CRLF, LF line terminators

admins

d41d8cd98f00b204e9800998ecf8427e

bomber.txt

81c9469f1dd1f7b16fd062742923b9b3

ASCII text, with no line terminators

sms.php

7d02a9a8b05438407c9aac1283fcdee6

PHP script, Unicode text, UTF-8 text

user.txt

47ac794402167f308b0e3766d328988c

ASCII text, with no line terminators

M2102J20SG-44.json

393aca7fc169ca6d169fa03574fd4903

JSON text data

autohide

3262d48df5d75e3452f0f16b313b7808

ASCII text, with no line terminators

actionfirst.txt

3262d48df5d75e3452f0f16b313b7808

ASCII text, with no line terminators

actionhide.txt

3262d48df5d75e3452f0f16b313b7808

ASCII text, with no line terminators

bot.php

a4eef074c4c3815d7c5fe4c6b3fdecaf

PHP script, Unicode text, UTF-8 text

6630b37a5e5c71c236e88b3a567a1ad5

ASCII text, with no line terminators

requests.php

90a153978d9835755c2b858f45e448cc

PHP script, Unicode text, UTF-8 text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	PHP webshell which only writes an uploaded file to disk
Public Nextron YARA rules	malware	PHP webshell which only writes an uploaded file to disk

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	feiranx.mizbans.site/Remote_.zip	54.37.198.211	200 OK	42 kB
URL User Request GET HTTP/2 feiranx.mizbans.site/Remote_.zip IP 54.37.198.211:443 ASN #16276 OVH SAS Certificate IssuerLet's Encrypt Subjectfeiranx.mizbans.site Fingerprint5B:17:F0:C5:86:83:3D:5A:E4:01:68:18:97:17:46:CF:3D:49:89:E1 ValidityMon, 15 Apr 2024 19:17:56 GMT - Sun, 14 Jul 2024 19:17:55 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 42 kB (41709 bytes) Hash b214a3a2c7e4a1ce770265dc934adede acb1f49cb72c42fb82bd06646f331a3d2fb8709a efa525b193dd3e29508c3f45599a692daafbedf8bbc67c6faef2db7e41503d85 HTTP Headers `GET /Remote_.zip HTTP/1.1 Host: feiranx.mizbans.site User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/zip last-modified: Tue, 16 Apr 2024 16:51:49 GMT accept-ranges: bytes content-length: 41709 date: Fri, 26 Apr 2024 15:34:44 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" X-Firefox-Spdy: h2`

feiranx.mizbans.site/Remote_.zip

54.37.198.211

200 OK

42 kB

URL User Request GET HTTP/2
feiranx.mizbans.site/Remote_.zip
IP
54.37.198.211:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectfeiranx.mizbans.site
Fingerprint5B:17:F0:C5:86:83:3D:5A:E4:01:68:18:97:17:46:CF:3D:49:89:E1
ValidityMon, 15 Apr 2024 19:17:56 GMT - Sun, 14 Jul 2024 19:17:55 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
42 kB (41709 bytes)
Hash
b214a3a2c7e4a1ce770265dc934adede
acb1f49cb72c42fb82bd06646f331a3d2fb8709a
efa525b193dd3e29508c3f45599a692daafbedf8bbc67c6faef2db7e41503d85

HTTP Headers

GET /Remote_.zip HTTP/1.1
Host: feiranx.mizbans.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Tue, 16 Apr 2024 16:51:49 GMT
accept-ranges: bytes
content-length: 41709
date: Fri, 26 Apr 2024 15:34:44 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers