Report - www.grupo01.rana.avnam.net/wordpress/login/DKB.zip

Report Overview

Visited public
2025-04-09 20:03:22
Tags
URL
www.grupo01.rana.avnam.net/wordpress/login/DKB.zip
Finishing URL
about:privatebrowsing
IP / ASN
45.162.169.250
#18747 IFX18747
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.grupo01.rana.avnam.net	unknown	2004-03-30	2025-04-02	2025-04-02	518 B	667 kB	45.162.169.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.grupo01.rana.avnam.net/wordpress/login/DKB.zip
IP
45.162.169.250
ASN
#18747 IFX18747

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
666 kB (666444 bytes)
Hash
246ef357df7c74a1e456cd17f051afe8
3dc89aacbdd200373934a992ed32280cfc94d396
2681a8e95ef8f8e5f43c1e2a0aff8e4e0ec9f05ee8546e8f060920f8a43121a6

Archive (62)

Filename

Md5

File type

ajax.php

3a11d2ef99ed622b1b5647a18ce67954

PHP script, ASCII text, with CRLF line terminators

anti1.php

e3c2e5ed43ced555c802fe34b57f0759

PHP script, ASCII text, with very long lines (1306), with CRLF line terminators

anti2.php

731f8bb9a6aedb6681ea60b06ae301ed

PHP script, ASCII text, with very long lines (1626), with no line terminators

anti3.php

f6cdc7e24b551124fbe97a348a5ba718

PHP script, ASCII text, with very long lines (4184), with no line terminators

anti4.php

f1abe1a46b483c33df21f069a8869c8f

PHP script, ASCII text, with very long lines (7559), with no line terminators

anti5.php

8199555027d1b8b6cd1567d177f5e4ba

PHP script, ASCII text, with very long lines (5979), with no line terminators

anti6.php

2dd353ab868cdf2fa8a35faac5608594

PHP script, ASCII text, with very long lines (2668)

anti7.php

8d79ee4032df73e5b0d9b56fda07efdf

PHP script, ASCII text, with very long lines (2915), with CRLF line terminators

anti8.php

7fec839dd3a0c75b97a1eee935713b2b

PHP script, ASCII text, with CRLF line terminators

cc.php

baf50028bba62bdc9dc936ab9c93cc0f

PHP script, ASCII text, with very long lines (20431), with CRLF line terminators

config.php

5463f78da39ca1cf29e04fff765d2528

PHP script, ASCII text, with CRLF line terminators

control.php

56f403710cb182281cff5216c6e5b038

PHP script, ASCII text, with very long lines (2704), with CRLF line terminators

colors.css

a4196367005c2b6529b138428eae50a5

ASCII text, with CRLF line terminators

colors.css.map

c44d255c24ab2c5058e270ab8bbc4ab8

JSON text data

colors.scss

321a2a367c967f0beea1f68f35375868

ASCII text, with CRLF line terminators

font_family.css

1fd6760950cb3e68658ad2f7b005effc

ASCII text, with CRLF line terminators

font_family.css.map

cbf9efdbe8fa22e4b4b07a322aee7891

JSON text data

font_family.scss

05c29fca944ea783113de59c78fff820

ASCII text, with CRLF line terminators

screen.css

0234a678e0f6d892c745fb63c5523b62

ASCII text, with CRLF line terminators

screen.css.map

d42df49b90533d6d03383a97e0463b9c

JSON text data

screen.scss

120819393919aaf057d2832cef799652

ASCII text, with CRLF line terminators

bootstrap.css

052dfc723bbdf659b1528e37b1472301

Unicode text, UTF-8 text, with very long lines (560)

dada.scss

dff5255d72a3e3ed381605992fd305f0

ASCII text, with CRLF line terminators

dose.css

06ee08346bb53f0adc8c33c6702edee6

ASCII text, with CRLF line terminators

dose.css.map

59538847476d5b10d6d66a698cdd46a3

JSON text data

dose.scss

b0dc19a5d87f52647becc378836f3722

ASCII text, with CRLF line terminators

lol.css

d212082f8737ba86520c982c99d9b370

ASCII text, with CRLF line terminators

lol.css.map

3c922cdba57a04e7a9280baa88fada37

JSON text data

lol.scss

5a6ef8e8ab4a940adfe1fbe182f6960a

ASCII text, with CRLF line terminators

lord.css

875c6a0b3441de61836a045439eb902b

ASCII text, with CRLF line terminators

lord.css.map

59f95a6801a096c2b03a608c50e172f3

JSON text data

lord.scss

aca86b4063a70d76418edabc14e10c02

ASCII text, with CRLF line terminators

detect.php

440a4353652f2e06128b350226eac912

PHP script, ASCII text, with CRLF line terminators

functions.php

8ca479530745e6a863e946e9aa7a61c6

PHP script, ASCII text, with CRLF line terminators

bar.png

88244618bb94c35a9596674f6aa52d03

PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced

cherch.svg

146b8dc1d5cc39c68ebb902daf292da0

SVG Scalable Vector Graphics image

favicon.ico

b35d0dda49783541abcaab8f61083b76

MS Windows icon resource - 5 icons, -64x-64, 32 bits/pixel, -128x-128, 32 bits/pixel

hack.avif

9e50c16bf7ab0e6836c9dd4d82e1f5be

ISO Media, AVIF Image

lo.svg

8ef555ecde4ddf658d8ee1c169207b6d

SVG Scalable Vector Graphics image

loading.gif

ae9a002cdde76f2b777a1a6f91822c19

GIF image data, version 89a, 498 x 498

lock.svg

fb333afcd4c92458ef0e11c63d53227a

SVG Scalable Vector Graphics image

safe.png

fdd07e3ab759864bed5f4057bdfc0271

PNG image data, 104 x 104, 8-bit/color RGBA, non-interlaced

tan.png

39ca101eb996acc42653cef29afe82d4

PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced

index.php

b52b5238c130e2e9139c7daba471104f

JavaScript source, Unicode text, UTF-8 text, with very long lines (2700), with CRLF line terminators

infos.php

6a92685fe869b4f95a9294fa89a87d27

PHP script, Unicode text, UTF-8 text, with CRLF line terminators

bootstrap.js

5f4c1dd6ab9fdbc5d1d1a0898afc7f49

JavaScript source, ASCII text, with very long lines (620)

bootstrap.min.js

53f7f752152ec85a9b53e66e807930aa

JavaScript source, ASCII text, with very long lines (59454)

jquery-3.5.1.min.js

dc5e7f18c8d36ac1d3d4753a87c98d0a

JavaScript source, ASCII text, with very long lines (65451)

jquery.mask.js

24992f1ed62baf9393609f3c6c2ad20e

JavaScript source, ASCII text

respond.min.js

78915bb8b3dd6696d3842d82ed48b104

JavaScript source, ASCII text, with very long lines (4453)

wow.min.js

21fe90eedcbaafb4ed529d78418d30bd

JavaScript source, ASCII text, with very long lines (8099)

loading_1.php

1910bb7b9c5fdbe31ebf943841c3a5d1

JavaScript source, ASCII text, with CRLF line terminators

loginerr.php

5a02fe456e1968aa870ee6b2f6911f2c

PHP script, Unicode text, UTF-8 text, with very long lines (2700), with CRLF line terminators

smserr.php

a160ff66983710d63fa855321c034054

PHP script, Unicode text, UTF-8 text, with very long lines (2691), with CRLF line terminators

sse-server.php

11e7941146b75309811574f526eef2b0

PHP script, ASCII text, with CRLF line terminators

127.0.0.1.txt

cfcd208495d565ef66e7dff9f98764da

very short file (no magic)

success.php

433cb6efd4a8284450623ee33decfba8

PHP script, ASCII text, with very long lines (15692), with CRLF line terminators

tan.php

e16b01e8630c8b07231e562d1bb5bac2

PHP script, ASCII text, with very long lines (16835), with CRLF line terminators

tan_2.php

c94b043ee7d787e3a9875b04a5c552a1

PHP script, Unicode text, UTF-8 text, with very long lines (2691), with CRLF line terminators

127.0.0.1.php

d56b699830e77ba53855679cb1d252da

ASCII text, with no line terminators

127.0.0.1.txt

04f41847e091fcd02fed07363b0e7593

ASCII text, with no line terminators

visitors.html

eea68ecc1e9a0b6ac934c3dba57e87d0

HTML document, ASCII text, with very long lines (4313), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API
VirusTotal	suspicious	VirusTotal - Scan result 7/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.grupo01.rana.avnam.net/wordpress/login/DKB.zip

45.162.169.250

200 OK

666 kB

URL User Request GET
www.grupo01.rana.avnam.net/wordpress/login/DKB.zip
IP
45.162.169.250:443
ASN
#18747 IFX18747

Certificate
IssuerLet's Encrypt
Subjectgrupo01.rana.avnam.net
Fingerprint2F:CA:F6:5D:9F:66:5D:77:DD:95:25:6A:B4:AE:40:83:39:48:F5:43
ValidityTue, 18 Feb 2025 16:00:54 GMT - Mon, 19 May 2025 16:00:53 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
666 kB (666444 bytes)
Hash
246ef357df7c74a1e456cd17f051afe8
3dc89aacbdd200373934a992ed32280cfc94d396
2681a8e95ef8f8e5f43c1e2a0aff8e4e0ec9f05ee8546e8f060920f8a43121a6

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 7/65

HTTP Headers

GET /wordpress/login/DKB.zip HTTP/1.1
Host: www.grupo01.rana.avnam.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 09 Apr 2025 20:03:00 GMT
server: Apache
last-modified: Mon, 07 Apr 2025 02:35:15 GMT
etag: "a2b4c-63227160c857a"
accept-ranges: bytes
content-length: 666444
content-type: application/zip
X-Firefox-Spdy: h2