Report - www.totalcommander.ch/win/fs/sftpplug.zip

Report Overview

Visited public
2025-04-15 17:17:11
Tags
URL
www.totalcommander.ch/win/fs/sftpplug.zip
Finishing URL
about:privatebrowsing
IP / ASN
88.99.192.139
#24940 Hetzner Online GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.totalcommander.ch	unknown	unknown	2014-12-10	2025-04-11	509 B	745 kB	88.99.192.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.totalcommander.ch/win/fs/sftpplug.zip
IP
88.99.192.139
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
744 kB (744488 bytes)
Hash
3613fea3147f90f3a64b057a14aeba40
504e252f587ab135c35bd94797849f4479d26908
b7a8faffbd4042eff80230571a942c486a2abd55bc05b612da45dc47af406ab6

Archive (6)

Filename

Md5

File type

sftpplug.wfx

bf869350b4fd7ccf8848180d99987659

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

readme.txt

264298374e80f531f4bc6d2c9c338439

ASCII text, with CRLF line terminators

pluginst.inf

9d05843f4e6bef6afe16a9904b66411f

ASCII text, with CRLF line terminators

sftpplug.wfx64

484a6e7fe003e3aed456d2a7771edb3d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

libssh2.dll

c5ed9cf7f6569315cd600fab5c6ddaf7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

libssh2.dll

b0e68f1e7066b88fb7d43a1642c9d870

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.totalcommander.ch/win/fs/sftpplug.zip	88.99.192.139	200 OK	744 kB
URL User Request GET www.totalcommander.ch/win/fs/sftpplug.zip IP 88.99.192.139:443 ASN #24940 Hetzner Online GmbH Certificate IssuerLet's Encrypt Subjecttotalcommander.ch FingerprintEC:3A:95:14:92:6C:86:C7:7F:09:EF:CD:42:22:40:50:27:26:C9:40 ValiditySat, 05 Apr 2025 05:32:05 GMT - Fri, 04 Jul 2025 05:32:04 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 744 kB (744488 bytes) Hash 3613fea3147f90f3a64b057a14aeba40 504e252f587ab135c35bd94797849f4479d26908 b7a8faffbd4042eff80230571a942c486a2abd55bc05b612da45dc47af406ab6 HTTP Headers `GET /win/fs/sftpplug.zip HTTP/1.1 Host: www.totalcommander.ch User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Apr 2025 17:16:49 GMT Content-Type: application/zip Content-Length: 744488 Last-Modified: Fri, 24 Mar 2023 10:32:56 GMT Connection: keep-alive ETag: "641d7c58-b5c28" X-Powered-By: PleskLin Strict-Transport-Security: max-age=15552000`

www.totalcommander.ch/win/fs/sftpplug.zip

88.99.192.139

200 OK

744 kB

URL User Request GET
www.totalcommander.ch/win/fs/sftpplug.zip
IP
88.99.192.139:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecttotalcommander.ch
FingerprintEC:3A:95:14:92:6C:86:C7:7F:09:EF:CD:42:22:40:50:27:26:C9:40
ValiditySat, 05 Apr 2025 05:32:05 GMT - Fri, 04 Jul 2025 05:32:04 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
744 kB (744488 bytes)
Hash
3613fea3147f90f3a64b057a14aeba40
504e252f587ab135c35bd94797849f4479d26908
b7a8faffbd4042eff80230571a942c486a2abd55bc05b612da45dc47af406ab6

HTTP Headers

GET /win/fs/sftpplug.zip HTTP/1.1
Host: www.totalcommander.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 15 Apr 2025 17:16:49 GMT
Content-Type: application/zip
Content-Length: 744488
Last-Modified: Fri, 24 Mar 2023 10:32:56 GMT
Connection: keep-alive
ETag: "641d7c58-b5c28"
X-Powered-By: PleskLin
Strict-Transport-Security: max-age=15552000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers