Report - www.morkoskhalaf.com/ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/NetworkTools.exe

Report Overview

Visitedpublic

2025-01-22 17:21:00

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
www.morkoskhalaf.com	unknown	2020-03-24	2023-03-28	2025-01-22	543 B	20 MB	104.21.90.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.morkoskhalaf.com/ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/NetworkTools.exe

IP / ASN

104.21.90.214

#13335 CLOUDFLARENET

File Overview

File Type7-zip archive data, version 0.4

Size20 MB (20447124 bytes)

MD50c9a89127a974b9ece9fe827b6aabf1d

SHA10ea6f238b2c7d25de144463f79d2f08a2544014e

SHA2568807b8e5b0b1f79c6a09e0391ba40055212c2dfa03ba23effe8ac0ba22773296

Archive (7)

Modified	Filename	Size	MD5	File type
2023-07-24 11:18	advanced_ip_scanner.exe	5.0 MB	8a67c2448b496ca4381b5c5170939fe6	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
2023-07-24 11:19	advanced_port_scanner.exe	6.6 MB	15fa763548457c87d33674ef9d92faff	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
2015-04-21 09:59	netscan.exe	1.3 MB	4d90d1e4e7c2b85cf5dc25617fff09c9	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections
2023-09-15 11:28	PUTTY.exe	1.4 MB	aae03219d0aba71615b6e91ba26740df	PE32+ executable (GUI) x86-64, for MS Windows, 3 sections
2018-01-08 00:12	winbox v2.2.18.exe	126 kB	f07500cb51f4a5f166642993664f0a7a	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections
2023-07-04 12:33	winbox64v3.38.exe	2.3 MB	74753834bb2808b26473249d0ace96fa	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 12 sections
2023-07-18 15:01	WinSCP.exe	5.8 MB	6a23c5cde0ed74de4ea01c8ba6f825b6	PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 12/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET www.morkoskhalaf.com/ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/NetworkTools.exe

104.21.90.214

200 OK

20 MB

URL

www.morkoskhalaf.com/ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/NetworkTools.exe

IP / ASN

104.21.90.214

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File type7-zip archive data, version 0.4

First Seen2025-01-14

Last Seen2025-02-10

Times Seen6

Size20 MB (20447124 bytes)

MD50c9a89127a974b9ece9fe827b6aabf1d

SHA10ea6f238b2c7d25de144463f79d2f08a2544014e

SHA2568807b8e5b0b1f79c6a09e0391ba40055212c2dfa03ba23effe8ac0ba22773296

Certificate Info

IssuerGoogle Trust Services

Subjectwww.morkoskhalaf.com

Fingerprint56:10:D2:FC:4F:09:BA:8D:E6:FB:C3:CF:C9:C2:D7:49:EA:4F:DE:8A

ValidityMon, 30 Dec 2024 21:55:03 GMT - Sun, 30 Mar 2025 22:55:01 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 12/61

HTTP Headers

GET /ankhtech/Toolbox/ATToolbox/Temp/Portable/compressed/NetworkTools.exe HTTP/1.1
Host: www.morkoskhalaf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 17:20:32 GMT
content-type: application/octet-stream
content-length: 20447124
cache-control: max-age=31536000
last-modified: Thu, 19 Dec 2024 15:03:00 GMT
etag: "06a27182752db1:0"
x-powered-by: ASP.NET
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdAZQxZnVYmJzdM9ib32Tg%2BN8egCfgnvr4KquZ%2BO3kJ2ujmwG%2BAsPND3KCKW2oxBL19ZBo0dIF7NwZd%2FBbe8H9xaJNOg%2BlVyYfIbRuutY0tj0yXUdW07cqh5cFJt9VvIGzg9Lkm%2BWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 906137152e72712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=589&min_rtt=487&rtt_var=127&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3275&recv_bytes=1303&delivery_rate=6473919&cwnd=254&unsent_bytes=0&cid=be13f2cc45bdf605&ts=876&x=0"
X-Firefox-Spdy: h2