Report - ql.kiotvsm7.sa.com/TNB.zip

Report Overview

Visited public
2025-02-02 13:59:53
Tags
URL
ql.kiotvsm7.sa.com/TNB.zip
Finishing URL
about:privatebrowsing
IP / ASN
209.145.53.18
#40021 NL-811-40021
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ql.kiotvsm7.sa.com	unknown	2024-12-09	2025-02-02	2025-02-02	492 B	4.8 MB	209.145.53.18

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ql.kiotvsm7.sa.com/TNB.zip
IP
209.145.53.18
ASN
#40021 NL-811-40021

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.8 MB (4795071 bytes)
Hash
fc835c71c21d9a1a8d7823363aaccb97
646a079fee47c1bb0a3451872b27f6b25e6f592a
49a9ef04b2c8b20e01306b4e27c662ac5baf7b0b5ca7dc44b4239beb0298ac51

Archive (19)

Filename

Md5

File type

me.php

6f771f4ec64716c9df7a228e6dfd9a7f

PHP script, ASCII text, with CRLF line terminators

db_connect3.php

2661ae7255768a9d8704344d6d6a0f62

PHP script, ASCII text, with CRLF line terminators

db_connect1.php

e293bc8fa5e0a2b7e892caf565791393

PHP script, ASCII text, with CRLF line terminators

db_connect2.php

c3c46d9e44b5036b67d9f54673e7d098

PHP script, ASCII text, with CRLF line terminators

db_connect.php

b5a3510d16e69f7602ebdd1af80ae1ab

PHP script, ASCII text, with CRLF line terminators

c.html

760a7dd90794f3e3c35cd0e70196fa87

HTML document, Unicode text, UTF-8 text, with very long lines (1004), with CRLF line terminators

roboto-regular-webfont.woff2

5d4aeb4e5f5ef754e307d7ffaef688bd

Web Open Font Format (Version 2), TrueType, length 15344, version 1.0

roboto-medium-webfont.woff2

285467176f7fe6bb6a9c6873b3dad2cc

Web Open Font Format (Version 2), TrueType, length 15552, version 1.0

224.css

d3672cf9a3366ccec0e8184772f22832

ASCII text, with CRLF line terminators

vthreeallFullCss.css

fa15f3856781880e0defb4a1bd966f71

ASCII text, with very long lines (56592), with CRLF line terminators

index2.html

103bd08de925db416446aaaa09f743ae

HTML document, Unicode text, UTF-8 text, with very long lines (738), with CRLF line terminators

config.php

b92eb31fec1ea3d1330f560e358d3311

PHP script, ASCII text, with CRLF line terminators

settings.php

5df365571c7dd65a3668d1e7c5bc6d32

PHP script, ASCII text, with CRLF line terminators

index.html

6ccb3d6de37bb3d08d9ee3ae5b3f7e76

HTML document, Unicode text, UTF-8 text, with very long lines (737), with CRLF line terminators

personal.html

a6f5a5560e7ce81ca15399fdd1573ca0

HTML document, Unicode text, UTF-8 text, with very long lines (712), with CRLF line terminators

.DS_Store

194577a7e20bdcc7afbb718f502c134c

Apple Desktop Services Store

Logo.png

47f3de676d1357011fe7896832f20419

PNG image data, 413 x 122, 8-bit colormap, non-interlaced

Background.png

756a018176f0f8944660158e085e97e7

PNG image data, 2880 x 1466, 8-bit/color RGBA, non-interlaced

otp.html

ab43fc6fc6462813314889f9221ebfc8

HTML document, Unicode text, UTF-8 text, with very long lines (738), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API
VirusTotal	malicious	VirusTotal - Scan result 19/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

ql.kiotvsm7.sa.com/TNB.zip

209.145.53.18

200 OK

4.8 MB

URL User Request GET HTTP/1.1
ql.kiotvsm7.sa.com/TNB.zip
IP
209.145.53.18:443
ASN
#40021 NL-811-40021

Certificate
IssuerLet's Encrypt
Subjectql.kiotvsm7.sa.com
FingerprintAD:43:17:4A:6E:5C:29:F5:B4:68:2F:4F:4E:F4:5E:EC:81:88:5C:E6
ValidityWed, 22 Jan 2025 00:41:07 GMT - Tue, 22 Apr 2025 00:41:06 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.8 MB (4795071 bytes)
Hash
fc835c71c21d9a1a8d7823363aaccb97
646a079fee47c1bb0a3451872b27f6b25e6f592a
49a9ef04b2c8b20e01306b4e27c662ac5baf7b0b5ca7dc44b4239beb0298ac51

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 19/65

HTTP Headers

GET /TNB.zip HTTP/1.1
Host: ql.kiotvsm7.sa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 02 Feb 2025 13:59:22 GMT
Server: Apache
Last-Modified: Fri, 31 Jan 2025 18:40:27 GMT
Accept-Ranges: bytes
Content-Length: 4795071
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers