Report - dragokas.com/tools/HiJackThis

Report Overview

Visited public
2024-10-06 05:32:08
Tags
URL
dragokas.com/tools/HiJackThis_test.zip
Finishing URL
about:privatebrowsing
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-04 18:12:02	1.3 kB	3.6 kB	184.51.252.176
dragokas.com	unknown	2014-11-21	2015-01-19 06:44:23	2024-04-18 02:22:10	492 B	4.4 MB	188.114.96.1
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-04 18:12:12	1.6 kB	4.4 kB	184.51.252.197

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dragokas.com/tools/HiJackThis_test.zip
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.4 MB (4368969 bytes)
Hash
0d1676e67fd5b5604f87d769d0079eec
7eb1dfb3d22beb85b5b7a86c99c94685e57b1180
a6ea9c17d03e89feb788b8903fb41f551c017075978dc78d5ed5c243fe323dad

Archive (3)

Filename

Md5

File type

abr.exe

769f78e61da897aeb15f3378818b97ff

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

VBCCR17.OCX

e7aaa82f0a491fe4cf7603038758af41

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

HiJackThis.exe

a20fa5bb0130fb9c80af9378af8a3caf

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
VirusTotal	suspicious	VirusTotal - Scan result 1/66

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

184.51.252.176

504 B

URL
r10.o.lencr.org/
IP
184.51.252.176:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
961f4f0ab9b7bf5f05b339f676b49762
cd111640dbe14096627ae7a7692aa12de2009820
0842041bacd5f9c317b8b951addea5b11b18c882478a57e582e172bf84c9404e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0842041BACD5F9C317B8B951ADDEA5B11B18C882478A57E582E172BF84C9404E"
Last-Modified: Sat, 05 Oct 2024 18:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4617
Expires: Sun, 06 Oct 2024 06:48:37 GMT
Date: Sun, 06 Oct 2024 05:31:40 GMT
Connection: keep-alive

r10.o.lencr.org/

184.51.252.176

504 B

URL
r10.o.lencr.org/
IP
184.51.252.176:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
829fecd15de4dd0ed31ce195b5be2fa1
ccaf4828926928cad1657086011d59746696104e
623eea1df276a002f0a6e60c06087fa2cbd34842581b6375ca1fdb1209d664a4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "623EEA1DF276A002F0A6E60C06087FA2CBD34842581B6375CA1FDB1209D664A4"
Last-Modified: Fri, 04 Oct 2024 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17283
Expires: Sun, 06 Oct 2024 10:19:43 GMT
Date: Sun, 06 Oct 2024 05:31:40 GMT
Connection: keep-alive

r10.o.lencr.org/

184.51.252.176

504 B

URL
r10.o.lencr.org/
IP
184.51.252.176:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92cd7893843bf7005d9d4281f7ddeb25
1d1762ecf80a622168eb8734901fc27382da2b2a
7e1c229fca475d3a4760d7950e2ccd0b8bb27f4c4bc5fd43e96260bfa32388b7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7E1C229FCA475D3A4760D7950E2CCD0B8BB27F4C4BC5FD43E96260BFA32388B7"
Last-Modified: Sat, 05 Oct 2024 16:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11792
Expires: Sun, 06 Oct 2024 08:48:12 GMT
Date: Sun, 06 Oct 2024 05:31:40 GMT
Connection: keep-alive

r10.o.lencr.org/

184.51.252.176

504 B

URL
r10.o.lencr.org/
IP
184.51.252.176:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
534fa2e1105f9129f2574744ff930df4
a8fb611109e2c99289db55e795713ab5deed9fad
f0ecb884921f835e2a47a40df8f723e182eac53a71894c3ebce89474ca686fdb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0ECB884921F835E2A47A40DF8F723E182EAC53A71894C3EBCE89474CA686FDB"
Last-Modified: Sat, 05 Oct 2024 22:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17337
Expires: Sun, 06 Oct 2024 10:20:37 GMT
Date: Sun, 06 Oct 2024 05:31:40 GMT
Connection: keep-alive

dragokas.com/tools/HiJackThis_test.zip

188.114.96.1

200 OK

4.4 MB

URL User Request GET HTTP/2
dragokas.com/tools/HiJackThis_test.zip
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdragokas.com
FingerprintB0:D0:8F:44:C5:E5:48:F2:A7:66:85:CD:60:EB:6E:E0:0B:DF:FE:09
ValidityWed, 11 Sep 2024 13:49:16 GMT - Tue, 10 Dec 2024 13:49:15 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.4 MB (4368969 bytes)
Hash
0d1676e67fd5b5604f87d769d0079eec
7eb1dfb3d22beb85b5b7a86c99c94685e57b1180
a6ea9c17d03e89feb788b8903fb41f551c017075978dc78d5ed5c243fe323dad

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

HTTP Headers

GET /tools/HiJackThis_test.zip HTTP/1.1
Host: dragokas.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Oct 2024 05:31:40 GMT
content-type: application/zip
content-length: 4368969
x-ray: wnp22404:0.012/wn22404:0.000/wa22404:D=298
last-modified: Mon, 23 Sep 2024 09:00:42 GMT
etag: "42aa49-622c59f9ce631"
cf-cache-status: HIT
age: 6054
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hTZvI40zWVDVFRDY5hspS48XoLTpue3kQXOHINS5bhDpXL4H00hMU44VbzJK3NNsodrxERE%2FIQZs%2F3vwhGHBrre4w0CitjYRTOJmrZfIsO3ABmTWJhm16yKDppgYqeE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce3443c0e60be5b-CPH
X-Firefox-Spdy: h2

r11.o.lencr.org/

184.51.252.197

504 B

URL
r11.o.lencr.org/
IP
184.51.252.197:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11813
Expires: Sun, 06 Oct 2024 08:48:35 GMT
Date: Sun, 06 Oct 2024 05:31:42 GMT
Connection: keep-alive

r11.o.lencr.org/

184.51.252.197

504 B

URL
r11.o.lencr.org/
IP
184.51.252.197:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11813
Expires: Sun, 06 Oct 2024 08:48:35 GMT
Date: Sun, 06 Oct 2024 05:31:42 GMT
Connection: keep-alive

r11.o.lencr.org/

184.51.252.197

504 B

URL
r11.o.lencr.org/
IP
184.51.252.197:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11813
Expires: Sun, 06 Oct 2024 08:48:35 GMT
Date: Sun, 06 Oct 2024 05:31:42 GMT
Connection: keep-alive

r11.o.lencr.org/

184.51.252.197

504 B

URL
r11.o.lencr.org/
IP
184.51.252.197:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11813
Expires: Sun, 06 Oct 2024 08:48:35 GMT
Date: Sun, 06 Oct 2024 05:31:42 GMT
Connection: keep-alive

r11.o.lencr.org/

184.51.252.197

504 B

URL
r11.o.lencr.org/
IP
184.51.252.197:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11813
Expires: Sun, 06 Oct 2024 08:48:35 GMT
Date: Sun, 06 Oct 2024 05:31:42 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash