Report - cpanel.apkturbo.cloud/ibo12.zip

Report Overview

Visited public
2024-12-30 08:04:40
Tags
URL
cpanel.apkturbo.cloud/ibo12.zip
Finishing URL
about:privatebrowsing
IP / ASN
192.99.207.11
#16276 OVH SAS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cpanel.apkturbo.cloud	unknown	2023-12-13	2024-01-22	2024-09-21	485 B	4.8 MB	192.99.207.11

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cpanel.apkturbo.cloud/ibo12.zip
IP
192.99.207.11
ASN
#16276 OVH SAS

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.8 MB (4794428 bytes)
Hash
1d560a402b507fae00e907f5e02893d9
65a9f3ba8b9ef65d3de23d59bccbdac51c21c079
c85c0aa70a4c37c2f615814061bed8d323a5cbea9630b20ed8e9bd7ec6bccd48

Archive (130)

Filename

Md5

File type

LICENSE

0aaa6dd21fe5729d29d6ea5d6e74c626

ASCII text, with CRLF line terminators

ibo.json

e5c70200dd7d98f4f8ed72a70e0b1df1

JSON text data

nr-working.json

50b459f4757a458e4a890e0c35723daa

JSON text data

fetch.php

ec5edd5c58b3b0a14db7aa9659410d90

data

tmdb_api.php

f01e1d5a91769e1da26bc1159100a285

PHP script, ASCII text, with very long lines (3084)

_debug_app_url.json

db84f5b38a4249d3aef22c8a1367c41a

ASCII text, with no line terminators

note.json

be6312784a28e63807c4835cea17abd8

JSON text data

betstyle.css

f8b9a6996568a5c6b305e317cc85e67b

ASCII text

.adb.db

5b97a1704c937198370586b3c55d2175

SQLite 3.x database, last written using SQLite version 3045002, file counter 20, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 20

add.php

20b4e8f5a007dfffafc227d6ae97e2cf

PHP script, ASCII text, with very long lines (1261)

movies_script.js

607d9b0b62ff5697e2b40f94a6c56b8d

ASCII text, with very long lines (65522)

tmdb.php

fadc31ede1a7689cc6c042725d6bf2c4

PHP script, ASCII text, with very long lines (1025)

movies.php

eff27ace6e4af0ba1d56ba43fedbca49

PHP script, ASCII text

update.php

fc2f07a4a2bd251955c3726ddadef673

PHP script, ASCII text

manual_ads.php

b69a60b2416976f417b4279daa4ecf7a

JavaScript source, ASCII text, with very long lines (991)

.db_ads.db

5a4e063b7c63884d607850f90df33919

SQLite 3.x database, last written using SQLite version 3045002, file counter 71, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 71

ads.php

001ed95d0fc31f42bb6c7446a95e4564

PHP script, ASCII text

allads.php

61677e1e27640022c4f66729bb985e73

HTML document, ASCII text

.htaccess

7cf1c2e3671c879b2b7f6fab3d5d0a28

ASCII text, with CRLF line terminators

.bet_tmdb.db

b070fe54ad79a1eaa076ad38c2acdf01

SQLite 3.x database, last written using SQLite version 3026000, file counter 10, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 10

sport.php

6c7701886f0d75b6487dcc5b7c0dd8b2

HTML document, Unicode text, UTF-8 text, with very long lines (410), with CRLF line terminators

language.json

10803bf18762ee6a546ad7cd949bb219

JSON text data

esporte.php

d41d8cd98f00b204e9800998ecf8427e

auth.php

d0d4cca8d22242fbfc84f90bf0f1b53c

PHP script, ASCII text, with very long lines (720)

index.php

c318edfd8fe6ce16b08c78ca785016fa

PHP script, ASCII text

backdrop.php

2dd95376a99224ff3f3990c2614de900

PHP script, ASCII text

combined_cache.json

7c9b11c189201b79342303ae9b64f74a

JSON text data

.db.db

32b244d1adcd471754a33b499c939226

SQLite 3.x database, last written using SQLite version 3045002, file counter 103, database pages 9, cookie 0x8, schema 4, UTF-8, version-valid-for 103

fetch_leagues.php

3718e3234efe4f24bd7c9c101c34532f

PHP script, ASCII text, with CRLF line terminators

script.js

b76e10107f7928148994138b426d199b

ASCII text, with CRLF line terminators

particles.js

4857f83d64184ffb846343ceaece566d

ASCII text, with CRLF line terminators

alerts.js

dd009248f66eacbdb987946bc94cdbf4

JavaScript source, ASCII text, with CRLF line terminators

index.php

410c4c92c5359ad6cb039533fd2f793c

PHP script, Unicode text, UTF-8 text, with very long lines (944), with CRLF line terminators

sportsdb.db

dff07bb2572019e796e91aa31a4040f9

SQLite 3.x database, last written using SQLite version 3039002, file counter 989, database pages 16, cookie 0x1, schema 4, UTF-8, version-valid-for 989

.logs.db

66d4345465ef40c259596e3c98b7c144

SQLite 3.x database, last written using SQLite version 3026000, file counter 438, database pages 8, cookie 0x1, schema 4, UTF-8, version-valid-for 438

sports.php

59f6cf5a70992c24f703d3dffffe25f2

PHP script, ASCII text, with very long lines (1899)

getappuser.php

c9a52328ab3bb9b423b0f0876798b4d8

PHP script, Unicode text, UTF-8 text

themes.php

e6d4cbc0066a15429c5f4b268770891f

PHP script, ASCII text, with very long lines (1278)

.eggziedb.db

d6e12e16d1272de18a6c34f43bafb55c

SQLite 3.x database, last written using SQLite version 3026000, file counter 1247, database pages 48, 1st free page 7, free pages 43, cookie 0x4, schema 4, UTF-8, version-valid-for 1247

_debug_dns.json

b23c1a9617f5d92b3be2abcd5f3fca84

ASCII text, with no line terminators

catch.db

ea3eaa40e18af3f5e2ff8f45cc7e7297

SQLite 3.x database, last written using SQLite version 3026000, file counter 109, database pages 5, cookie 0x1, schema 4, UTF-8, version-valid-for 109

..eggziedb.db

d41d8cd98f00b204e9800998ecf8427e

_debug_data1.json

aa2b9380dd46f7501db8b15b75e38dd9

JSON text data

_debug_data2.json

cc14e74324e7b4d621627514b6ab0f60

JSON text data

ads.php

7fe13e0ed0916b7d67df80ffc6ef0326

PHP script, Unicode text, UTF-8 text, with very long lines (1184)

.eggziepanels.db

753e77a43af4372747eecca84f75813c

SQLite 3.x database, last written using SQLite version 3026000, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

_debug_response.json

8e592b9f0d439b7f20f95b6021b0d3c2

JSON text data

logout.php

4a89d605e773e19b1b649bb20f5c5898

PHP script, ASCII text

allads.php

dad1ad15f4210fc675cac641c8529026

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

showlan.php

a894d4554a20462cc9e95267e44c73f7

PHP script, ASCII text

ad_type.php

9e250a56aec342349948a2fd72d6a080

PHP script, ASCII text

Setting.json

e4b9eca1a375a7175fbe69342bc5dd8e

JSON text data

data.json

f587ea83c76fc2eb3faeb1a283ead91a

JSON text data

View_filenames.json

051939a70fb4c70828ebf8dcec2b40d8

JSON text data

image_filenames.json

21c8f6a30b36cde075b19f9fca7608f9

JSON text data

video_filenames.json

8574933998b206528d6ba5e73f64e42b

JSON text data

logo_filenames.json

00ea08d7bb3778f41b2678eacd44e502

JSON text data

qrcode_filenames.json

ad6a54334467af56040fc2f5826734cb

JSON text data

header.php

6b9894f8afd9a7ecb3945f309f3e9519

PHP script, Unicode text, UTF-8 text

ad_type.json

029827fc21772d113aa064899f58591b

JSON text data

functions.php

063f719adaef4ecbb64b37fcd46293c9

PHP script, ASCII text, with very long lines (977)

index.php

f1c6a8d7089b3a91b379ee331b63a86c

JavaScript source, ASCII text, with very long lines (1453)

footer.php

dbaf18d100217b3142ee615986f13730

JavaScript source, ASCII text, with very long lines (1769)

.htaccess

06b264a65a37fb50cbce8d1d2be501c2

ASCII text, with CRLF line terminators

mRTXAdsSetting.php

98d6d1a7378a763227aeb8ec61d7667b

PHP script, ASCII text, with very long lines (1354)

...eggziepanels.db

d41d8cd98f00b204e9800998ecf8427e

allads.php

61677e1e27640022c4f66729bb985e73

HTML document, ASCII text

playlists.php

3c6e6b7615db47df2dfe8d34c65938c3

PHP script, ASCII text, with very long lines (2623)

ibo.json

e5c70200dd7d98f4f8ed72a70e0b1df1

JSON text data

nr-working.json

50b459f4757a458e4a890e0c35723daa

JSON text data

fetch.php

ec5edd5c58b3b0a14db7aa9659410d90

data

_debug_app_url.json

db84f5b38a4249d3aef22c8a1367c41a

ASCII text, with no line terminators

note.json

be6312784a28e63807c4835cea17abd8

JSON text data

.logs.db

66d4345465ef40c259596e3c98b7c144

SQLite 3.x database, last written using SQLite version 3026000, file counter 438, database pages 8, cookie 0x1, schema 4, UTF-8, version-valid-for 438

getappuser.php

c9a52328ab3bb9b423b0f0876798b4d8

PHP script, Unicode text, UTF-8 text

.eggziedb.db

d6e12e16d1272de18a6c34f43bafb55c

SQLite 3.x database, last written using SQLite version 3026000, file counter 1247, database pages 48, 1st free page 7, free pages 43, cookie 0x4, schema 4, UTF-8, version-valid-for 1247

_debug_dns.json

b23c1a9617f5d92b3be2abcd5f3fca84

ASCII text, with no line terminators

catch.db

ea3eaa40e18af3f5e2ff8f45cc7e7297

SQLite 3.x database, last written using SQLite version 3026000, file counter 109, database pages 5, cookie 0x1, schema 4, UTF-8, version-valid-for 109

..eggziedb.db

d41d8cd98f00b204e9800998ecf8427e

_debug_data1.json

aa2b9380dd46f7501db8b15b75e38dd9

JSON text data

_debug_data2.json

cc14e74324e7b4d621627514b6ab0f60

JSON text data

.eggziepanels.db

753e77a43af4372747eecca84f75813c

SQLite 3.x database, last written using SQLite version 3026000, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

_debug_response.json

8e592b9f0d439b7f20f95b6021b0d3c2

JSON text data

showlan.php

a894d4554a20462cc9e95267e44c73f7

PHP script, ASCII text

Setting.json

e4b9eca1a375a7175fbe69342bc5dd8e

JSON text data

data.json

f587ea83c76fc2eb3faeb1a283ead91a

JSON text data

View_filenames.json

051939a70fb4c70828ebf8dcec2b40d8

JSON text data

image_filenames.json

21c8f6a30b36cde075b19f9fca7608f9

JSON text data

video_filenames.json

8574933998b206528d6ba5e73f64e42b

JSON text data

logo_filenames.json

00ea08d7bb3778f41b2678eacd44e502

JSON text data

qrcode_filenames.json

ad6a54334467af56040fc2f5826734cb

JSON text data

.htaccess

06b264a65a37fb50cbce8d1d2be501c2

ASCII text, with CRLF line terminators

...eggziepanels.db

d41d8cd98f00b204e9800998ecf8427e

.file.txt

f324474c5b7e4f35d84cfb00488c8d50

ASCII text, with no line terminators

language.json

bf4cf7a7bc035d1a3e6de563efc8bb46

JSON text data

index.php

ca8975d77600f4260aca4d6286e3072a

PHP script, ASCII text

info.php

80d0a4c9d599e1ec31a68a912c8aba13

PHP script, Unicode text, UTF-8 text, with CRLF line terminators

nr.json

8ef66402169f4e275408c80f0049e723

JSON text data

betstyle.css

95ab72474ef0939a943d936d381f21e2

ASCII text

movies_script.js

23712442b22b43797a5f210f9e8c8378

ASCII text, with very long lines (65522)

movies.php

1cf9d77640bd2aea240a5a131bddbaa4

PHP script, ASCII text

allads.php

f30bf891edcf12d805342dd8562b344f

HTML document, ASCII text

combined_cache.json

7c9b11c189201b79342303ae9b64f74a

JSON text data

.file.txt

f324474c5b7e4f35d84cfb00488c8d50

ASCII text, with no line terminators

theme_4.png

9d7eef9f2c1acc6365f3191488fc0daf

JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=1080, software=Android TP1A.220624.014.A346MUBS4AWL2, orientation=[*0*], width=2340], baseline, precision 8, 2340x1080, components 3

selected.png

200d65bef8e05c78c37edbfbd537ade8

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

theme_3.png

7a5495b080bb732ff731e13beff4145c

logo.png

1e4015686cba998dae50a96bc43ca8d6

PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced

theme_2.png

9dedf33c25214d905c2924614b789f62

bg.jpg

a48607f2ad630a5bce47af37e6d6165d

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3

theme_5.png

191945cae834610450950925f086c89b

.htaccess

e6ff87bb39b1fa2c13935a77a2e21e52

ASCII text, with CRLF line terminators

binding_dark.webp

1ad11f0bcc5dedb392b032b1d4ab7d2b

RIFF (little-endian) data, Web/P image

theme_1.png

6626e6a1b15e05c87a81c943bc60b4a8

index.php

410c4c92c5359ad6cb039533fd2f793c

PHP script, Unicode text, UTF-8 text, with very long lines (944), with CRLF line terminators

index.css

761ef5317ffb07ee8f0d87e82b223b05

ASCII text, with CRLF line terminators

_variables.scss

ec260db7baa3ed5148907aa0b33f6169

ASCII text

_bootswatch.scss

895092c1cbc3aa1ba6bc18850273bddf

ASCII text

bootstrap.css

548312d76bfec8d6490d9d6684ae36b1

ASCII text, with very long lines (629), with CRLF line terminators

slider.css

bb8f501ad49c427492c6106c35cf3085

ASCII text

signin.css

ab75a84f5f955582e4330620a2a0feaf

ASCII text, with CRLF line terminators

simple-sidebar.css

b65bf303f14f3eb0ba190fe58290f0a7

ASCII text, with CRLF line terminators

index.php

367bdc84c9a71f25421fce47a5454e36

PHP script, Unicode text, UTF-8 text, with very long lines (944), with CRLF line terminators

language.json

bf4cf7a7bc035d1a3e6de563efc8bb46

JSON text data

index.php

19a098a14f0f64fc2e2dc16d94cd5ab4

PHP script, ASCII text, with very long lines (2187)

dns.php

69ef78faff26c73f9e6254f1be960ed4

PHP script, ASCII text, with very long lines (1949)

settings.php

545d35909be799339f3ce3a5d7678305

PHP script, ASCII text, with very long lines (799)

user.php

c444f5ee13a1e084f46b08d5271cc06e

PHP script, ASCII text, with very long lines (1146)

info.php

80d0a4c9d599e1ec31a68a912c8aba13

PHP script, Unicode text, UTF-8 text, with CRLF line terminators

nr.json

8ef66402169f4e275408c80f0049e723

JSON text data

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cpanel.apkturbo.cloud/ibo12.zip	192.99.207.11	200 OK	4.8 MB
URL User Request GET HTTP/2 cpanel.apkturbo.cloud/ibo12.zip IP 192.99.207.11:443 ASN #16276 OVH SAS Certificate IssuerLet's Encrypt Subjectcpanel.apkturbo.cloud Fingerprint88:39:0A:66:86:AD:94:04:6C:05:22:30:03:5B:88:08:1C:DD:AF:55 ValidityThu, 21 Nov 2024 12:33:26 GMT - Wed, 19 Feb 2025 12:33:25 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 4.8 MB (4794428 bytes) Hash 1d560a402b507fae00e907f5e02893d9 65a9f3ba8b9ef65d3de23d59bccbdac51c21c079 c85c0aa70a4c37c2f615814061bed8d323a5cbea9630b20ed8e9bd7ec6bccd48 HTTP Headers `GET /ibo12.zip HTTP/1.1 Host: cpanel.apkturbo.cloud User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/zip last-modified: Sun, 29 Dec 2024 00:27:05 GMT accept-ranges: bytes content-length: 4794428 date: Mon, 30 Dec 2024 08:04:13 GMT vary: User-Agent alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" X-Firefox-Spdy: h2`

cpanel.apkturbo.cloud/ibo12.zip

192.99.207.11

200 OK

4.8 MB

URL User Request GET HTTP/2
cpanel.apkturbo.cloud/ibo12.zip
IP
192.99.207.11:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectcpanel.apkturbo.cloud
Fingerprint88:39:0A:66:86:AD:94:04:6C:05:22:30:03:5B:88:08:1C:DD:AF:55
ValidityThu, 21 Nov 2024 12:33:26 GMT - Wed, 19 Feb 2025 12:33:25 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.8 MB (4794428 bytes)
Hash
1d560a402b507fae00e907f5e02893d9
65a9f3ba8b9ef65d3de23d59bccbdac51c21c079
c85c0aa70a4c37c2f615814061bed8d323a5cbea9630b20ed8e9bd7ec6bccd48

HTTP Headers

GET /ibo12.zip HTTP/1.1
Host: cpanel.apkturbo.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Sun, 29 Dec 2024 00:27:05 GMT
accept-ranges: bytes
content-length: 4794428
date: Mon, 30 Dec 2024 08:04:13 GMT
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (130)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers