Report Overview
Submitted URL
lecudasecurity.co.za/Aku%20sayang%20kamu.zip
IP
41.185.64.62
ASN
#36943 ZA-1-Grid
Submitted
2024-03-28 22:11:06
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
60
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
lecudasecurity.co.za | unknown | 2021-11-16 | 2021-11-17 | 2024-01-08 | 498 B | 558 kB | 41.185.64.62 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
lecudasecurity.co.za/Aku%20sayang%20kamu.zip
IP
41.185.64.62
ASN
#36943 ZA-1-Grid
File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
558 kB (557703 bytes)
Hash
f551d3a7e2e903493af2eb95fe93055b
5345ee51f851421e8467946c1de394c443aa2007
Archive (24)
Filename | Md5 | File type | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
akunorak;(.PhP7 | ded4d43e9068719af05faf2f39bf1cd1
| PHP script, ASCII text | |||||||||||||||||||||||||||
ditolak#.php | 9c7fe45aa3f9114610f3f47da3ea6f53 | HTML document, ASCII text, with very long lines (1069) | |||||||||||||||||||||||||||
Ganja403.php | 43294f5cc4ccffb0425ebc48555dae59
| JavaScript source, ASCII text, with very long lines (1069) | |||||||||||||||||||||||||||
fine.PhP5 | 8231b8416ee3eab08638bce2724a91d7
| PHP script, ASCII text, with very long lines (2281), with CRLF line terminators | |||||||||||||||||||||||||||
Attack.PhP7 | 8231b8416ee3eab08638bce2724a91d7
| PHP script, ASCII text, with very long lines (2281), with CRLF line terminators | |||||||||||||||||||||||||||
wibu.PhP7 | 51645f25c1826a95a8e07aff07ee42f3
| PHP script, Unicode text, UTF-8 text, with very long lines (1791) | |||||||||||||||||||||||||||
asu.php7 | 77954b66d9a27cdd9b23ddc643dbb5ba
| PHP script, ASCII text, with very long lines (2052) | |||||||||||||||||||||||||||
Shell.PhP7 | b89755fdf59169ada4610671fc1ab212 | Unicode text, UTF-8 text, with very long lines (65531), with no line terminators | |||||||||||||||||||||||||||
mass.PhP7 | 439a9452f461c32dc62a72e92d100a27 | PHP script, ASCII text, with CRLF line terminators | |||||||||||||||||||||||||||
Hehe.php | 33b6e8f167c9d34b49ad707791249abe | JavaScript source, ASCII text, with very long lines (1564), with CRLF, LF line terminators | |||||||||||||||||||||||||||
mmct.php | 2b8fdf0f57a6abd257e23ade0ecfce2b
| PHP script, ASCII text, with very long lines (2541), with CRLF line terminators | |||||||||||||||||||||||||||
Mass.sh | 818f172b4cc7dade9c7becc7f0e30218 | Bourne-Again shell script, ASCII text executable, with CRLF line terminators | |||||||||||||||||||||||||||
wso.php | 07a3fe9875d3a8b7c57874c4cc509929
| PHP script, Unicode text, UTF-8 text, with very long lines (2504) | |||||||||||||||||||||||||||
deface.php | 439a9452f461c32dc62a72e92d100a27 | PHP script, ASCII text, with CRLF line terminators | |||||||||||||||||||||||||||
gel4y.PhP7 | d56c2f7d6c85df2db68856ed70eb1d9e
| PHP script, ASCII text, with very long lines (2709) | |||||||||||||||||||||||||||
kalera.php | 8d82c81fa35ba8949d408e101416d7f4
| PHP script, ASCII text, with very long lines (1612) | |||||||||||||||||||||||||||
Mah.PhP56 | 24597a530ba20d0d907ce39ebb1d7194
| PHP script, Unicode text, UTF-8 text, with very long lines (2975) | |||||||||||||||||||||||||||
hatikamu$.php7 | 8d83bc138670daa06ea242c348b01e50 | PHP script, ASCII text, with CRLF line terminators | |||||||||||||||||||||||||||
ezz.php.txt | 86425213bdea3247879811dce3860259 | HTML document, ASCII text, with very long lines (1564), with CRLF line terminators | |||||||||||||||||||||||||||
cpanel.php | 8d82c81fa35ba8949d408e101416d7f4
| PHP script, ASCII text, with very long lines (1612) | |||||||||||||||||||||||||||
UnknownSec.PhP7 | a4809fc3a5c2fa7a52cda2eb65a096c6
| PHP script, ASCII text, with very long lines (3443), with CRLF line terminators | |||||||||||||||||||||||||||
Heart.PhP2024 | 2a78a8268986010a0ad7a0c55b7e8d1e
| PHP script, ASCII text, with very long lines (2709), with CRLF line terminators | |||||||||||||||||||||||||||
indoXploite.PhP404 | 12b68bbbcc86c2f268b0825a0134bb37
| HTML document, Unicode text, UTF-8 text, with very long lines (4078), with CRLF line terminators | |||||||||||||||||||||||||||
panelc.php.jpg | 29ac5eb074d35b97392ea0b1ea0b3072
| PHP script, ASCII text, with CRLF line terminators |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
Public Nextron YARA rules | malware | php webshell containing base64 encoded payload |
Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php |
Public Nextron YARA rules | malware | Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt |
Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
Public Nextron YARA rules | malware | php webshell containing base64 encoded payload |
Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php |
Public Nextron YARA rules | malware | Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt |
Public Nextron YARA rules | malware | PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php |
Public Nextron YARA rules | malware | Chinese Hacktool Set - file templatr.php |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | PHP webshell which directly eval()s obfuscated string |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | PHP webshell obfuscated |
Public Nextron YARA rules | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
Public Nextron YARA rules | malware | PHP webshell obfuscated |
Public Nextron YARA rules | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell containing base64 encoded payload |
Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | Webshell which sends eval/assert via GET |
Public Nextron YARA rules | malware | Web Shell - file r57142.php |
Public Nextron YARA rules | malware | Web Shell - file 404.php |
Public Nextron YARA rules | malware | Semi-Auto-generated - file wso.txt |
Public Nextron YARA rules | malware | Semi-Auto-generated - from files multiple_php_webshells |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
Public Nextron YARA rules | malware | PHP webshell obfuscated |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | php webshell containing base64 encoded payload |
Public Nextron YARA rules | malware | PHP webshell using some kind of eval with encoded blob to decode |
Public Nextron YARA rules | malware | PHP webshell which directly eval()s obfuscated string |
Public Nextron YARA rules | malware | php webshell containing base64 encoded payload |
Public Nextron YARA rules | malware | PHP webshell using some kind of eval with encoded blob to decode |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives |
Public Nextron YARA rules | malware | PHP webshell obfuscated |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | php webshell containing base64 encoded payload |
Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k |
Public Nextron YARA rules | malware | Semi-Auto-generated - from files multiple_php_webshells |
Public Nextron YARA rules | malware | Detects hex encoded code that has been base64 encoded |
Public Nextron YARA rules | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
Public Nextron YARA rules | malware | PHP webshell which eval()s obfuscated string |
Public Nextron YARA rules | malware | PHP webshell using some kind of eval with encoded blob to decode |
Public Nextron YARA rules | malware | Detects malware from NK APT incident DE |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |
---|---|---|---|---|
lecudasecurity.co.za/Aku%20sayang%20kamu.zip | 41.185.64.62 | 200 OK | 558 kB | |
HTTP Headers
| ||||