Report - historyfiles.ru/executedprogramslist.zip

Report Overview

Visited public
2024-09-15 00:15:51
Tags
URL
historyfiles.ru/executedprogramslist.zip
Finishing URL
about:privatebrowsing
IP / ASN
31.31.196.247
#197695 Domain names registrar REG.RU, Ltd
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-14 18:12:51	1.3 kB	3.5 kB	23.36.76.226
historyfiles.ru	unknown	2024-01-30	2024-01-31 15:28:29	2024-02-01 04:05:56	410 B	15 MB	31.31.196.247
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-13 18:12:22	981 B	2.7 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
historyfiles.ru/executedprogramslist.zip
IP
31.31.196.247
ASN
#197695 Domain names registrar REG.RU, Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (14816092 bytes)
Hash
9e52a39c8254b5352717c8e4bf926ba6
0352db1ce72ca6bfe33e7c7966bb706ad355c59f
d1d9489c9446664d76ae02c617bf6d3854c8e6b1233585a852bfddbfb342eb3b

Archive (3)

Filename

Md5

File type

ExecutedProgramsList.chm

fe6617aa7dde0822ef1057159d9f9523

MS Windows HtmlHelp Data

readme.txt

35a866eaa7d11e39c8b331047b6f06c4

ASCII text, with CRLF line terminators

ExecutedProgramsList.jar

5b42b5de0c5efa8d91c4e644bcadd397

Java archive data (JAR)

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 17/61

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8ddc0c958da73dfad4d42a6ae9a6dff6
6ed3ed6b818e91ac249cbfbb1fb14c96f19117c3
4320d78c549884fe858d0985285c94e70ac95e66ac557e8043514247c23feb0c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4320D78C549884FE858D0985285C94E70AC95E66AC557E8043514247C23FEB0C"
Last-Modified: Fri, 13 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3848
Expires: Sun, 15 Sep 2024 01:19:29 GMT
Date: Sun, 15 Sep 2024 00:15:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6f417a1a5ebcee1534c03d401bc1e686
8044ec315b73dfc62fbba88aa848b26e6b9d0572
797b7242665c53d103116e758891ec7b61c10602e290a9f1bb0f190148860c7b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "797B7242665C53D103116E758891EC7B61C10602E290A9F1BB0F190148860C7B"
Last-Modified: Thu, 12 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3793
Expires: Sun, 15 Sep 2024 01:18:34 GMT
Date: Sun, 15 Sep 2024 00:15:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
df2d88b80b39ed651ca6b7ee3465b1c4
1bd6e2288cd500728b6ea8a9ebe97c25aeedc550
604a907a35f947c7cf17c8f09efd5fbd8836864aedc55fbc49b66b8cc95bd089

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "604A907A35F947C7CF17C8F09EFD5FBD8836864AEDC55FBC49B66B8CC95BD089"
Last-Modified: Thu, 12 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3333
Expires: Sun, 15 Sep 2024 01:10:54 GMT
Date: Sun, 15 Sep 2024 00:15:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
412d9004c8151860eda05974aee9639c
3e566016927f2bc8db38f5c3ad492183f62b14dd
6d656552984346a0504288ce7a94c63ee549f1d712ed11469f60da8ec3ad7ce9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6D656552984346A0504288CE7A94C63EE549F1D712ED11469F60DA8EC3AD7CE9"
Last-Modified: Thu, 12 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3559
Expires: Sun, 15 Sep 2024 01:14:40 GMT
Date: Sun, 15 Sep 2024 00:15:21 GMT
Connection: keep-alive

historyfiles.ru/executedprogramslist.zip

31.31.196.247

200 OK

15 MB

URL User Request GET HTTP/1.1
historyfiles.ru/executedprogramslist.zip
IP
31.31.196.247:80
ASN
#197695 Domain names registrar REG.RU, Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (14816092 bytes)
Hash
9e52a39c8254b5352717c8e4bf926ba6
0352db1ce72ca6bfe33e7c7966bb706ad355c59f
d1d9489c9446664d76ae02c617bf6d3854c8e6b1233585a852bfddbfb342eb3b

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 17/61

HTTP Headers

GET /executedprogramslist.zip HTTP/1.1
Host: historyfiles.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Sep 2024 00:15:22 GMT
Content-Type: application/zip
Content-Length: 14816092
Last-Modified: Fri, 09 Aug 2024 08:46:52 GMT
Connection: keep-alive
ETag: "66b5d77c-e2135c"
Expires: Wed, 30 Oct 2024 00:15:22 GMT
Cache-Control: max-age=3888000
Accept-Ranges: bytes

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
168d290815a20e464291c1d0c5277d95
4ae4ab90f60788a17dff631a381fc920823e458e
e319cc1080efb5754f0ec12e0be18d9248eb697a82d65b2775239e3ddfb36a6c

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E319CC1080EFB5754F0EC12E0BE18D9248EB697A82D65B2775239E3DDFB36A6C"
Last-Modified: Thu, 12 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13896
Expires: Sun, 15 Sep 2024 04:07:01 GMT
Date: Sun, 15 Sep 2024 00:15:25 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
168d290815a20e464291c1d0c5277d95
4ae4ab90f60788a17dff631a381fc920823e458e
e319cc1080efb5754f0ec12e0be18d9248eb697a82d65b2775239e3ddfb36a6c

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E319CC1080EFB5754F0EC12E0BE18D9248EB697A82D65B2775239E3DDFB36A6C"
Last-Modified: Thu, 12 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13896
Expires: Sun, 15 Sep 2024 04:07:01 GMT
Date: Sun, 15 Sep 2024 00:15:25 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
168d290815a20e464291c1d0c5277d95
4ae4ab90f60788a17dff631a381fc920823e458e
e319cc1080efb5754f0ec12e0be18d9248eb697a82d65b2775239e3ddfb36a6c

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E319CC1080EFB5754F0EC12E0BE18D9248EB697A82D65B2775239E3DDFB36A6C"
Last-Modified: Thu, 12 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13896
Expires: Sun, 15 Sep 2024 04:07:01 GMT
Date: Sun, 15 Sep 2024 00:15:25 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers