Report Overview
Visitedpublic
2025-09-28 18:56:09
Tags
Submit Tags
URL
loader.oxy.st/get/62a913ab571f953e4723ff8902b147c1/
Finishing URL
about:privatebrowsing
IP / ASN
104.21.17.251
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
loader.oxy.st 2 alert(s) on this Host | unknown | 2019-11-03 | 2022-10-19 | 2025-09-25 | 519 B | 653 kB | 172.67.178.243 |   |
s1.oxy.st 2 alert(s) on this Host | unknown | 2019-11-03 | 2022-06-04 | 2025-09-24 | 770 B | 653 kB | 172.67.178.243 | |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.PHP (Programming languages)
PHP is a general-purpose scripting language used for web development.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| DNS4EU | s1.oxy.st | malicious | Sinkholed |
| DNS0 Zero | loader.oxy.st | malicious | Sinkholed |
| Hagezi Threat Feed | loader.oxy.st | malicious | Sinkholed |
File detected
URL
s1.oxy.st/get.php?cg=czozMjoiMDY3ZmY2ZWQ1ZDMxMjk0ZDhmNjg5YTk0M2FiYTRkY2QiOw%2C%2C&n=czozMjoiU0tJTiBDSEFOR0VSIFNUQU5ET0ZGIDIgIDEuMC5hcGsiOw%2C%2C&c=czo2NDoiNjE1Mzc0ZmEyYTc2MGMzMjZkNTYzYThlYWY0ZmZkZDE1MDgzMzIxMDcxYTg4NmFjODE4NjQyYjRiZWMwYzNiZSI7&t=1759085742
IP / ASN
172.67.178.243
File Overview
File TypeZip archive data, at least v0.0 to extract, compression method=deflate
Size652 kB (652039 bytes)
MD530e1ffd00009c3b9e853202e9d319449
SHA18d809809247e9cdf7e50b2750a25f1cfdd1f2ecd
Archive (10)
| Filename | MD5 | File type |
|---|---|---|
| MANIFEST.MF | fab6aefe1488f0f81ed94ff9bc8ee0ce | JAR Manifest, ASCII text, with CRLF line terminators |
| CERT.SF | 91c77f983b82560ae11405df5fb699aa | JAR Signature File, ASCII text, with CRLF line terminators |
| CERT.RSA | 0ca7cb4a00c6f355addd527d1a2260c5 | DER Encoded PKCS#7 Signed Data |
| AndroidManifest.xml | 485a4aa75c433c235605058e4bce5498 | Android binary XML |
| classes.dex | 0f6a1df67d3a21fa2660bdd60339faf9 | Dalvik dex file version 035 |
| app_icon.png | 50c164531a1187684f0837561dfa16be | PNG image data, 99 x 99, 8-bit/color RGBA, non-interlaced |
| default_image.png | 308587c76c89bacabada5ffbdb9320e7 | PNG image data, 96 x 96, 8-bit colormap, non-interlaced |
| main.xml | 98c0e9feebfd7632eb5196307f343e86 | Android binary XML |
| weapon.xml | e4710e7bbf9a1be5ee6dd2d1dbd09e6e | Android binary XML |
| resources.arsc | 32fa23d3e4bc8c48184891dcfeffb301 | Android package resource table (ARSC), 5 string(s), utf8 |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| VirusTotal | suspicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (2)
| URL | IP | Response | Size |
|---|