Report Overview

  1. Visited public
    2025-05-11 03:25:50
    Tags
  2. URL

    amnesiarat.netlify.app/amnesiarat.zip

  3. Finishing URL

    about:privatebrowsing

  4. IP / ASN
    3.124.100.143

    #16509 AMAZON-02

    Title
    about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
amnesiarat.netlify.appunknown2018-05-082025-01-052025-05-09

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    amnesiarat.netlify.app/amnesiarat.zip

  2. IP

    3.124.100.143

  3. ASN

    #16509 AMAZON-02

  1. File type

    Zip archive data, at least v1.0 to extract, compression method=store

    Size

    19 MB (19134908 bytes)

  2. Hash

    6fb2d50e0452c5c965589d119f089066

    97a606d5b2a96825b8ec1d6d55a1e55714d58129

  1. Archive (46)

    2. FilenameMd5File type
    amnesiarat.py
    3de6a08deaf346b750b95245b71a0462
    		Python script, Unicode text, UTF-8 text executable, with very long lines (17151), with CRLF line terminators
    builder.bat
    e6b2a2ca5edf513b02534d7105f20e8f
    		DOS batch file, ASCII text, with CRLF line terminators
    7zxa.dll
    85026cfba1afed081a84f70c3cf46815
    		PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
    Default.SFX
    224f78b66ec07b08edc62ca0868ded3e
    		PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
    Default64.SFX
    34fad68e2cf5ede0c5ab7ea6d1dc8235
    		PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
    DefaultEn.SFX
    120508b3b012c40cf5e5acbcc573c586
    		PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
    DefaultEn64.SFX
    c8c0d9bcc38b11ae30033724290f523d
    		PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
    Descript.ion
    bceb17e978667343d2bae6417a07736b
    		Non-ISO extended-ASCII text
    icon.ico
    99e1bdaa6743d38327e9acd482f5f297
    		MS Windows icon resource - 1 icon, 32x64, 8 bits/pixel
    main.py
    9b7501423e47e2367d8630517729870a
    		Python script, ASCII text executable
    Order.htm
    51402d8c1114647287c649d27bfc1800
    		HTML document, Non-ISO extended-ASCII text
    rar
    d41d8cd98f00b204e9800998ecf8427e
    Rar.exe
    f7c0c38bdf23992fc92ca8a55afa28f2
    		PE32+ executable (console) x86-64, for MS Windows, 7 sections
    Rar.txt
    4daaf310174662a8b20ad452d74ece05
    		Unicode text, UTF-16, little-endian text, with CRLF line terminators
    RarExt.dll
    d0f4632be7031cc372ffdd2d9063ffb2
    		PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections
    RarExt32.dll
    8510bea1dc5a2245a72dfe5ecd20cda6
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections
    RarExtInstaller.exe
    1e1cac0725cf47e62ea96669eac678fc
    		PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
    RarExtLogo.altform-unplated_targetsize-32.png
    85ee643e6b0837849e300b11395422c4
    		PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
    RarExtLogo.altform-unplated_targetsize-48.png
    ec177cbe676473543e8c9b5d9fb0b797
    		PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
    RarExtLogo.altform-unplated_targetsize-64.png
    248fa2b659874a14b43b5e0e17ac1cff
    		PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
    RarExtPackage.msix
    9301f2ad24daa60404407053635cb2ad
    		Zip archive data, at least v4.5 to extract, compression method=store
    RarFiles.lst
    eb527f9c93ea1582a4bd650378832fb2
    		ISO-8859 text
    RarLng.dll
    9f4c05a96dc3da20b2ef7a353f1d0dca
    		PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    rarnew.dat
    c69d0b5902a959577c02e9dcdda77de0
    		RAR archive data, v5
    rarreg.key
    4dab4191209c461c1b902e85d9a18407
    		ASCII text
    Resources.pri
    43cb15c1f1cc705305aeba33b0a9ee73
    		data
    setup.sfx
    b8d3ebc24b31b88f6299e1dd809a6486
    		ASCII text
    Uninstall.exe
    62c61b5bc915f81c8038aa83ed1a3b01
    		PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
    Uninstall.lst
    76e0a4ddf972478bc276a50f05314ad0
    		ASCII text
    UnRAR.exe
    1ee4846cca962f50c85ae93af0376bd1
    		PE32+ executable (console) x86-64, for MS Windows, 7 sections
    WhatsNew.txt
    e2226e8c1fe0ad060f9ed0d74fedf838
    		Unicode text, UTF-16, little-endian text, with CRLF line terminators
    WinCon.SFX
    ecf56993b7a05885da9197cd36135cde
    		PE32 executable (console) Intel 80386, for MS Windows, 6 sections
    WinCon64.SFX
    a8d5219f446d3c03fa87b4e6ee0c85ae
    		PE32+ executable (console) x86-64, for MS Windows, 8 sections
    WinConEn.SFX
    d27a3d83167276da2847ec3d385446f7
    		PE32 executable (console) Intel 80386, for MS Windows, 6 sections
    WinConEn64.SFX
    e882e0122566f8284f1da272b00d50e9
    		PE32+ executable (console) x86-64, for MS Windows, 8 sections
    WinRAR.exe
    3daf58b12efdae4d43032ef96895ba58
    		PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
    xfs.conf
    b6bd309ac043de72d149521717201613
    		ASCII text, with CRLF line terminators
    xfs_backup.conf
    b6bd309ac043de72d149521717201613
    		ASCII text, with CRLF line terminators
    Zip.SFX
    32389d929fb42fabcd772ba3cbaf24a4
    		PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
    Zip64.SFX
    9d8ef4e94b72611c084a401e530c9fff
    		PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
    ZipEn.SFX
    dd5e37cb05ef290b830e9c031b3baded
    		PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
    ZipEn64.SFX
    8f8cdb74d018e6daa4181944a9308fc4
    		PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
    zipnew.dat
    76cdb2bad9582d23c1f6f4d868218d6c
    		Zip archive data (empty)
    obf.py
    7a337ebe9063d262a8e61400a5e8b609
    		Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
    builder.py
    8a1134c83203b97b466c86a1b7a9ee6d
    		Python script, Unicode text, UTF-8 text executable, with very long lines (65201), with CRLF line terminators
    main.py
    5c619606da307819784d99db673bf3f2
    		ASCII text, with CRLF line terminators

    Detections

    AnalyzerVerdictAlert
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    YARAhub by abuse.chmalware
    Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    YARAhub by abuse.chmalware
    Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    YARAhub by abuse.chmalware
    Detect pe file that no import table
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    YARAhub by abuse.chmalware
    Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
    VirusTotalsuspicious
    VirusTotal - Scan result 10/68

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
amnesiarat.netlify.app/amnesiarat.zip
3.124.100.143200 OK19 MB