Report - royalcs.pw/src/app/win/Vulkan-Royal.zip

Report Overview

Visited public
2024-12-31 00:43:21
Tags
URL
royalcs.pw/src/app/win/Vulkan-Royal.zip
Finishing URL
royalcs.pw/src/app/win/Vulkan-Royal.zip
IP / ASN
78.24.180.7
#49505 JSC Selectel
Title
Path Finder

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
royalcs.pw	unknown	2024-04-05	2024-04-05	2024-10-07	2.4 kB	394 kB	78.24.180.7
vulkan-royal-official.ru	unknown	2024-11-14	2024-12-31	2024-12-31	537 B	823 kB	79.133.42.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
vulkan-royal-official.ru/src/app/win/Vulkan-Royal.zip
IP
79.133.42.234
ASN
#44066 firstcolo GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
823 kB (822622 bytes)
Hash
80e5d14ef91d0082ad9e6b3de951f701
46383bb75160827a0fb3c31bbca31d33360c29ae
38b2da386f74fec6af5acae46ea132e842c0c897c6f5200fc0b3668526fac26b

Archive (13)

Filename

Md5

File type

logo.ico.deploy

8c9c81280db3b2b6ccad65bfd4ac9fb7

MS Windows icon resource - 1 icon, 256x-80, 32 bits/pixel

Microsoft.Web.WebView2.Core.dll.deploy

cafa990293dca180d2ea806bfa479d40

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.WinForms.dll.deploy

9eefa6ed07611e40bc0fc4e5416fa64d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Wpf.dll.deploy

00aa666a483be7696bae355652287871

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll.deploy

195ffb7167db3219b217c4fd439eedd6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

WebView2Loader.dll.deploy

b8b62fcf0a2f220660dddb310e7e3e0f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 7 sections

System.Diagnostics.DiagnosticSource.dll.deploy

8d9df432109f1cfdd86723b5f171e3d7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Vulkan Casino.application

f858a5ae4a17b67062f99160a86d92ec

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3769)

Vulkan Casino.exe.config.deploy

9dbad5517b46f41dbb0d8780b20ab87e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Vulkan Casino.exe.deploy

95f51675c713445331f8c2f4e894ff9c

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Vulkan Casino.exe.manifest

04e5ee488bd1d9dfe6c80936d1273e24

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3733)

setup.exe

0796aaa6e6b306043139d84c1f79cf64

PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Vulkan Casino.application

f858a5ae4a17b67062f99160a86d92ec

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3769)

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	royalcs.pw/dist/bundle.js	ScriptElement	328 kB	2024-12-31	2024-12-31
Pretty URL royalcs.pw/dist/bundle.js IP 78.24.180.7 ASN #49505 OOO Network of data-centers Selectel Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-31 00:43 Last Seen2024-12-31 00:43 Times Seen1 Hash 5bb92f861b2c02a3b96f70bac31fad00 82930103746c638da748feacc9c9ae7a899ba0de 6d3b472bc5f89c5659f3055d919c2e466c2f4f58693e138db79087fd2aa1648c Loading...

		Size	First Seen	Last Seen
	#1 Eval - 99e2c21efba10555d152ddb88fc1eeca	1.5 kB	2024-12-31 00:43	2024-12-31 00:43
Pretty Observations First Seen2024-12-31 00:43 Last Seen2024-12-31 00:43 Times Seen1 Hash 99e2c21efba10555d152ddb88fc1eeca b8395070da52ecfcf963e5f0ce588c62225d1092 efc9e42002a659a98dde4b5daccabe414a4b8e0096946be7aab3b746f53303c0 Loading...

	#2 Eval - 5576178abe1e80064f198fcb6ec7f808	286 kB	2024-12-31 00:43	2024-12-31 00:43
Pretty Observations First Seen2024-12-31 00:43 Last Seen2024-12-31 00:43 Times Seen1 Hash 5576178abe1e80064f198fcb6ec7f808 765b57d828c0215b7132a6963199804ad0b75c62 05e5012d8838f241691d6fdab9b7b20af25e05ae902a08c5a09520783c3d751a Loading...

HTTP Transactions (6)

	URL	IP	Response	Size
	royalcs.pw/src/app/win/Vulkan-Royal.zip	78.24.180.7	200 OK	636 B
URL royalcs.pw/src/app/win/Vulkan-Royal.zip IP 78.24.180.7:0 ASN #49505 OOO Network of data-centers Selectel File type gzip compressed data, max speed, from Unix Size 636 B (636 bytes) Hash 49a6705b49e44b564415d242d19ac8e9 76044186dd60b8feaf404cf512d59a6371af99c0 f1a5ff6844bd774d4f07e35b6453f0304882a3acfea066f0bcee67412a7e5bab HTTP Headers `GET /src/app/win/Vulkan-Royal.zip HTTP/1.1 Host: royalcs.pw User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Tue, 31 Dec 2024 00:42:55 GMT content-type: text/html; charset=UTF-8 content-encoding: gzip X-Firefox-Spdy: h2`

	royalcs.pw/src/assets/img/vulkanroyal.gif	78.24.180.7	200 OK	63 kB
URL GET HTTP/2 royalcs.pw/src/assets/img/vulkanroyal.gif IP 78.24.180.7:443 ASN #49505 OOO Network of data-centers Selectel Requested by https://royalcs.pw/src/app/win/Vulkan-Royal.zip Certificate IssuerLet's Encrypt Subjectroyalcs.pw FingerprintF8:E9:D7:B3:B7:75:58:76:48:95:02:0E:19:DA:99:40:27:E9:BA:26 ValidityMon, 07 Oct 2024 13:40:08 GMT - Sun, 05 Jan 2025 13:40:07 GMT File type GIF image data, version 89a, 1920 x 1080 Size 63 kB (63321 bytes) Hash e5c586c2e7df68964d06df605f530b15 e3b8c97f3e4080af31ce57799db80f207ab28bcc b596403de45d1914d4fcd5380e95bbb73584f19feab9a5a66f53853622072fdf HTTP Headers `GET /src/assets/img/vulkanroyal.gif HTTP/1.1 Host: royalcs.pw User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://royalcs.pw/src/css/css.css Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Tue, 31 Dec 2024 00:42:55 GMT content-type: image/gif content-length: 63321 last-modified: Thu, 19 Sep 2024 03:02:55 GMT etag: "66eb945f-f759" accept-ranges: bytes X-Firefox-Spdy: h2`

	royalcs.pw/dist/bundle.js	78.24.180.7	200 OK	328 kB
URL GET HTTP/2 royalcs.pw/dist/bundle.js IP 78.24.180.7:443 ASN #49505 OOO Network of data-centers Selectel Requested by https://royalcs.pw/src/app/win/Vulkan-Royal.zip Certificate IssuerLet's Encrypt Subjectroyalcs.pw FingerprintF8:E9:D7:B3:B7:75:58:76:48:95:02:0E:19:DA:99:40:27:E9:BA:26 ValidityMon, 07 Oct 2024 13:40:08 GMT - Sun, 05 Jan 2025 13:40:07 GMT File type JavaScript source, ASCII text, with very long lines (64664) Size 328 kB (328019 bytes) Hash 5bb92f861b2c02a3b96f70bac31fad00 82930103746c638da748feacc9c9ae7a899ba0de 6d3b472bc5f89c5659f3055d919c2e466c2f4f58693e138db79087fd2aa1648c HTTP Headers `GET /dist/bundle.js HTTP/1.1 Host: royalcs.pw User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://royalcs.pw/src/app/win/Vulkan-Royal.zip Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Tue, 31 Dec 2024 00:42:55 GMT content-type: application/javascript content-length: 328019 last-modified: Tue, 29 Oct 2024 05:55:06 GMT etag: "672078ba-50153" accept-ranges: bytes X-Firefox-Spdy: h2`

	royalcs.pw/src/back/b	78.24.180.7	200 OK	582 B
URL POST HTTP/2 royalcs.pw/src/back/b IP 78.24.180.7:443 ASN #49505 OOO Network of data-centers Selectel Requested by https://royalcs.pw/src/app/win/Vulkan-Royal.zip Certificate IssuerLet's Encrypt Subjectroyalcs.pw FingerprintF8:E9:D7:B3:B7:75:58:76:48:95:02:0E:19:DA:99:40:27:E9:BA:26 ValidityMon, 07 Oct 2024 13:40:08 GMT - Sun, 05 Jan 2025 13:40:07 GMT File type gzip compressed data, max speed, from Unix Size 582 B (582 bytes) Hash e41b853577b5fe3bc97ce5885a138081 574a1a7a02c2ff56d8cf9a272479b1852ea68090 dfe86494ed6d0600ab01309af9f1271243c7cc7a052e95c3ff55c48acca5b8fb HTTP Headers `POST /src/back/b HTTP/1.1 Host: royalcs.pw User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://royalcs.pw/src/app/win/Vulkan-Royal.zip Content-Type: text/plain;charset=UTF-8 Content-Length: 35 Origin: https://royalcs.pw DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Tue, 31 Dec 2024 00:42:56 GMT content-type: text/html; charset=UTF-8 content-encoding: gzip X-Firefox-Spdy: h2`

	vulkan-royal-official.ru/src/app/win/Vulkan-Royal.zip	79.133.42.234	200 OK	823 kB
URL User Request GET HTTP/2 vulkan-royal-official.ru/src/app/win/Vulkan-Royal.zip IP 79.133.42.234:443 ASN #44066 firstcolo GmbH Certificate IssuerLet's Encrypt Subjectvulkan-royal-official.ru Fingerprint78:F7:18:60:A0:41:FE:8D:53:0C:55:E9:5E:95:23:09:93:4D:E6:3C ValidityThu, 28 Nov 2024 06:11:18 GMT - Wed, 26 Feb 2025 06:11:17 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 823 kB (822622 bytes) Hash 80e5d14ef91d0082ad9e6b3de951f701 46383bb75160827a0fb3c31bbca31d33360c29ae 38b2da386f74fec6af5acae46ea132e842c0c897c6f5200fc0b3668526fac26b HTTP Headers GET /src/app/win/Vulkan-Royal.zip HTTP/1.1 Host: vulkan-royal-official.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://royalcs.pw/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Tue, 31 Dec 2024 00:42:57 GMT content-type: application/zip content-length: 822622 last-modified: Thu, 28 Nov 2024 07:05:39 GMT etag: "67481643-c8d5e" accept-ranges: bytes X-Firefox-Spdy: h2`

	royalcs.pw/favicon.ico	78.24.180.7	200 OK	272 B
URL GET HTTP/2 royalcs.pw/favicon.ico IP 78.24.180.7:443 ASN #49505 OOO Network of data-centers Selectel Requested by https://royalcs.pw/src/app/win/Vulkan-Royal.zip Certificate IssuerLet's Encrypt Subjectroyalcs.pw FingerprintF8:E9:D7:B3:B7:75:58:76:48:95:02:0E:19:DA:99:40:27:E9:BA:26 ValidityMon, 07 Oct 2024 13:40:08 GMT - Sun, 05 Jan 2025 13:40:07 GMT File type HTML document, ASCII text, with no line terminators Size 272 B (272 bytes) Hash 0f0db92589cd9ec8467d690166604185 0212ed6ca54e12ac11f3153c4db7a10713a8835a 04f69f8f72db93c3c2b6c8132ca8eca07ddb9f59dc3ea9a2ef2a98129e916364 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: royalcs.pw User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://royalcs.pw/src/app/win/Vulkan-Royal.zip Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Tue, 31 Dec 2024 00:42:56 GMT content-type: text/html; charset=UTF-8 content-encoding: gzip X-Firefox-Spdy: h2`