Report - aluigi.altervista.org/papers/quickbms.zip

Report Overview

Visited public
2023-12-09 12:42:20
Tags
URL
aluigi.altervista.org/papers/quickbms.zip
Finishing URL
about:privatebrowsing
IP / ASN
46.4.28.58
#24940 Hetzner Online GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aluigi.altervista.org	unknown	2000-12-22	2012-05-30 04:05:56	2023-12-09 06:57:31	507 B	16 MB	46.4.28.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-09	medium	aluigi.altervista.org/papers/quickbms.zip	MacOS.Cryptominer.Generic

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
aluigi.altervista.org/papers/quickbms.zip
IP
46.4.28.58
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
16 MB (15979735 bytes)
Hash
88937b19ef5cc16eb61666b55d6b1906
1733e99417a3410180628917ce7b29483df76395
b9d4f9efb55692994cd42a491cfea11f86e3375a618b9bd771583ce40ddb3828

Archive (9)

Modified	Filename	Size	Md5	File type
2022-08-24 11:01	changelog.txt	51 kB	c62bc62d16837f00dd290e02f5ca130c	ASCII text, with very long lines (2805), with CRLF line terminators
2022-08-24 10:59	quickbms.exe	20 MB	a935570d2ee43b6813f888a323e2776e	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections
2022-08-23 22:35	quickbms.txt	233 kB	30976713cb7bc4f758fd1f8f4dda2e61	ASCII text, with CRLF, LF line terminators
2022-08-24 10:54	quickbms_4gb_files.exe	20 MB	e827b6d399a682123e7299094740429a	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections
2018-09-15 23:36	reimport.bat	23 B	9bb6eff92cba40e5fb1e67467d942400	ASCII text, with CRLF line terminators
2018-09-15 23:36	reimport2.bat	26 B	d228877253ef2f5221fe547cd43d6b0a	ASCII text, with CRLF line terminators
2018-09-15 23:36	reimport2_4gb_files.bat	36 B	1be024c1da7c214b8c6d3c84ad42f644	ASCII text, with CRLF line terminators
2021-02-14 11:13	reimport3_localizations.bat	29 B	a38d26985b7c3d664a474a54d21ba3e2	ASCII text, with CRLF line terminators
2018-09-15 23:36	reimport_4gb_files.bat	33 B	5a3c7d07b678d8d54b2ba96c2f24bca3	ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

aluigi.altervista.org/papers/quickbms.zip

46.4.28.58

200 OK

16 MB

URL User Request GET HTTP/2
aluigi.altervista.org/papers/quickbms.zip
IP
46.4.28.58:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectaluigi.altervista.org
Fingerprint38:E2:CC:EC:E0:A1:0D:BE:18:5E:08:5A:88:CD:BC:ED:AA:B2:BD:87
ValidityWed, 29 Nov 2023 22:52:56 GMT - Tue, 27 Feb 2024 22:52:55 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
16 MB (15979735 bytes)
Hash
88937b19ef5cc16eb61666b55d6b1906
1733e99417a3410180628917ce7b29483df76395
b9d4f9efb55692994cd42a491cfea11f86e3375a618b9bd771583ce40ddb3828

Detections

Analyzer	Verdict	Alert
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic

HTTP Headers

GET /papers/quickbms.zip HTTP/1.1
Host: aluigi.altervista.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 09:18:47 GMT
accept-ranges: bytes
content-length: 15979735
content-type: application/zip
content-language: en-US
date: Sat, 09 Dec 2023 12:41:59 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (9)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers