Report Overview

  1. Visited public
    2025-01-19 17:19:19
    Tags
  2. URL

    filedn.eu/lFS6h5cBEsru02lgr5VwkTJ/Zapret/zapret6.5.0.zip

  3. Finishing URL

    about:privatebrowsing

  4. IP / ASN
    45.131.244.47

    #51154 pCloud AG

    Title
    about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
filedn.euunknownunknown2020-04-232025-01-14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    filedn.eu/lFS6h5cBEsru02lgr5VwkTJ/Zapret/zapret6.5.0.zip

  2. IP

    45.131.244.47

  3. ASN

    #51154 pCloud AG

  1. File type

    Zip archive data, at least v2.0 to extract, compression method=store

    Size

    1.3 MB (1336630 bytes)

  2. Hash

    33f6c8cba67dce215f7b99546486b23c

    b08f01c53a7b8951cc0b34443df920d3ec43873d

  1. Archive (57)

    2. FilenameMd5File type
    check_update.ps1
    e1eb3dea48f34f93ce470cc5c7b88d53
    		Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
    cygwin1.dll
    a1c82ed072dc079dd7851f82d9aa7678
    		PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections
    dht_find_node.bin
    b0af2e09b3977dfe983b7b7df50d04c3
    		data
    dht_get_peers.bin
    d755f09ea9d03f842e1ad2693ebc4bbe
    		data
    dtls_clienthello_w3_org.bin
    e091d8e448cb76d8842ca22643e12b82
    		data
    http_iana_org.bin
    f482aaed24fbd728ab608989ba7cc2be
    		ASCII text
    quic_1.bin
    312526d39958d89b1f8ab67789ab985f
    		data
    quic_2.bin
    9face1abdaf5b0fca2c7b49068c9c6f0
    		data
    quic_3.bin
    79be17b482d8ee1e96eec9e16e7a506d
    		data
    quic_initial_facebook_com.bin
    fbed62e95d51ee56b8045e905e0945df
    		data
    quic_initial_facebook_com_quiche.bin
    4537d172b1fcf9a63f1d910b51999a39
    		data
    quic_initial_google_com.bin
    c57bb9228e386a7706b079407000a4bf
    		OpenPGP Public Key
    quic_initial_rutracker_org.bin
    0fffe2ce436e3135e80287f5218f398a
    		data
    quic_initial_rutracker_org_kyber_1.bin
    8972e88af7f4e932513ce7c93d5c730e
    		data
    quic_initial_rutracker_org_kyber_2.bin
    e8276b3baa700d1ca5c826cb2b07db0a
    		data
    quic_initial_vk_com.bin
    79be17b482d8ee1e96eec9e16e7a506d
    		data
    quic_initial_www_google_com.bin
    312526d39958d89b1f8ab67789ab985f
    		data
    quic_short_header.bin
    41024fe1d0152f545887d7b84bcca430
    		data
    quic_test_00.bin
    a7e79147c9683c754133ead62cb91a74
    		data
    service_install.bat
    9dde1afb95824b768ce0a98002b81f72
    		DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
    tls_clienthello_1.bin
    db3c0631dd001bb9919ee87984caae3b
    		data
    tls_clienthello_2.bin
    7ab7ad857c5b8794fbdf1091b494dc94
    		data
    tls_clienthello_3.bin
    25f535aebfdfce4b84e4fd996cb82ac1
    		data
    tls_clienthello_4.bin
    25f535aebfdfce4b84e4fd996cb82ac1
    		data
    tls_clienthello_gosuslugi_ru.bin
    e2c7337d41e48644dcb16591c446ab17
    		data
    tls_clienthello_iana_org.bin
    25f535aebfdfce4b84e4fd996cb82ac1
    		data
    tls_clienthello_rutracker_org_kyber.bin
    b09cf16b9c9e2785b01a98965132d03c
    		data
    tls_clienthello_sberbank_ru.bin
    6287cc49725e3f869660c078355eee06
    		data
    tls_clienthello_vk_com.bin
    5299f24cf3ef34818300e204cf40c203
    		data
    tls_clienthello_vk_com_kyber.bin
    2e3f8f12885093044a4a7b064f9006b7
    		SPARC executable not stripped
    tls_clienthello_www_google_com.bin
    7ab7ad857c5b8794fbdf1091b494dc94
    		data
    WinDivert.dll
    8fb2ed69551488ba889f5d813d8937da
    		PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
    WinDivert64.sys
    eb187d171359a5bb1c754107f18cf8bb
    		PE32+ executable (native) x86-64, for MS Windows, 8 sections
    winws.exe
    7824c819bd3c98bf7890d92fd3ef3785
    		PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections
    wireguard_initiation.bin
    b8f6d4112a4ffafcddf3186d3ff2444c
    		data
    wireguard_response.bin
    f4d0b945d98614931ac640b9e769f34f
    		data
    zero_1024.bin
    0f343b0931126a20f133d67c2b018a3b
    		data
    zero_256.bin
    348a9791dc41b89796ec3808b5b5262f
    		data
    zero_512.bin
    bf619eac0cdf3f68d496ea9344137e8b
    		data
    core.ps1
    5a0aa76a03930f5a1c9a7b69543fab06
    		Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
    autorun.md
    c0d115b57d7f8c5164d854c15ec25253
    		Unicode text, UTF-8 text, with CRLF line terminators
    browser.md
    ecd7d9bf4b7211b16d612501a34c526d
    		Unicode text, UTF-8 text, with very long lines (335), with CRLF line terminators
    faq.md
    bc95c96020fc0f76fb146978cf085b86
    		Unicode text, UTF-8 text, with CRLF line terminators
    README.md
    11f62ea5279180c8e61a9a688e2c5c00
    		HTML document, Unicode text, UTF-8 text, with very long lines (441), with CRLF line terminators
    discord.txt
    fb9be82b63f5d64f45394c04d2813e0c
    		ASCII text, with CRLF line terminators
    faceinsta.txt
    ec465b9c8e47cfb9f9a52a55df29d6b8
    		ASCII text
    ipset-discord.txt
    347febfd859bf77a142c5aa396354b2e
    		ASCII text, with CRLF line terminators
    netrogat.txt
    81051bcc2cf1bedf378224b0a93e2877
    		ASCII text, with CRLF line terminators
    other.txt
    c4cdc39740295dc89ecba7f6ae88b59e
    		ASCII text, with CRLF line terminators
    russia-youtube-rtmps.txt
    f520c4e765a108e7cf412d4f867d3776
    		ASCII text, with CRLF line terminators
    youtube.txt
    cd2b0718214f604a1726b5f08fae3fbe
    		ASCII text, with CRLF line terminators
    youtubeGV.txt
    9521166916c82eacce7b10e98184bebd
    		ASCII text, with no line terminators
    youtubeQ.txt
    d0c1e61fc802a0e446bd5697f35e11bc
    		ASCII text, with CRLF line terminators
    youtube_v2.txt
    40d0921cdd0ed29b47d54b7e32a8415e
    		ASCII text, with CRLF line terminators
    service_remove.cmd
    8fd82806a69b1dd8a0aeb7d4acb9848d
    		DOS batch file, ASCII text, with CRLF line terminators
    start.bat
    14cba5eb42804c974976b6c9fdbd5ba1
    		DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
    СсылкиНаПомощь.txt
    c093e79b47141b643b8077f2f040a0d8
    		ASCII text

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Detects WinDivert User-Mode packet capturing driver
    YARAhub by abuse.chmalware
    files - file ~tmp01925d3f.exe
    VirusTotalsuspicious
    VirusTotal - Scan result 3/65

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
filedn.eu/lFS6h5cBEsru02lgr5VwkTJ/Zapret/zapret6.5.0.zip
45.131.244.47200 OK1.3 MB