Report - xakep.ru/wp-content/uploads/2008/04/361949/sources.zip

Report Overview

Visited public
2024-10-24 12:50:43
Tags
URL
xakep.ru/wp-content/uploads/2008/04/361949/sources.zip
Finishing URL
about:privatebrowsing
IP / ASN
178.248.232.27
#51115 HLL LLC
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xakep.ru	94245	1998-10-09	2014-10-25	2024-10-22	508 B	12 kB	178.248.232.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
xakep.ru/wp-content/uploads/2008/04/361949/sources.zip
IP
178.248.232.27
ASN
#51115 HLL LLC

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
12 kB (12278 bytes)
Hash
948ff26e48d60e7ac3fcad09e9ec0aa4
308ae4901b2e9a37b34b5c73b167bc677c214317
440680ac2809bd04bc1f2dc86e6b6d935025c151860e5aaca22ee88c77f07e10

Archive (27)

Filename

Md5

File type

._Sources

4f1a618439f68950eb748274e2a5a1ff

AppleDouble encoded Macintosh file

TF-0x0-simple.exe

4ea6c2565e43bc280c3d7fd861d66864

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

._TF-0x0-simple.exe

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x0-simple.bat

6d1cefdd7e83d13ce75962e5db9cbf7f

DOS batch file, ASCII text, with CRLF line terminators

._TF-0x0-simple.bat

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x3-crackme.c

c9830d2ece003343a0193d9b3b1f928f

C source, ASCII text, with CRLF line terminators

._TF-0x3-crackme.c

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x1-prefix.exe

2ff6207044d50ceea27ada38dc6eb036

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

._TF-0x1-prefix.exe

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x1-prefix.c

3e654f049472006d0477a588b2f06a54

C source, ISO-8859 text, with CRLF line terminators

._TF-0x1-prefix.c

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x1-prefix.bat

6c2817d0a3b21e29c159f351dff40f74

DOS batch file, ASCII text, with CRLF line terminators

._TF-0x1-prefix.bat

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x0-simple.obj

ff4279548923bf41faba08d03a88140c

Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x15c, 13 symbols, created Thu Feb 14 21:43:21 2008, 1st section name ".drectve"

._TF-0x0-simple.obj

e379258e423af623aee8166687689b9f

AppleDouble encoded Macintosh file

TF-0x3-crackme.exe

565a5d069120f340a9c414fc9c91cd0e

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

._TF-0x3-crackme.exe

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x0-simple.c

c7def1061b34d0739c01f313efb8c44f

C source, ISO-8859 text, with CRLF line terminators

._TF-0x0-simple.c

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x3-crackme.bat

472430a48f38dfedbd55ced7d24688e5

DOS batch file, ASCII text, with CRLF line terminators

._TF-0x3-crackme.bat

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x2-SS-change.bat

6bad292acc06ada46117cf4a55683ed2

DOS batch file, ASCII text, with CRLF line terminators

._TF-0x2-SS-change.bat

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x2-SS-change.exe

6c02b6eb4af115224e30f7ad5c0f9311

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

._TF-0x2-SS-change.exe

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

TF-0x2-SS-change.c

eb86191cbb4d8b5ee07dcc3a4bc954fd

C source, ISO-8859 text, with CRLF line terminators

._TF-0x2-SS-change.c

3f98179cd13240f7aac006a354c8a8bb

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 13/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

xakep.ru/wp-content/uploads/2008/04/361949/sources.zip

178.248.232.27

200 OK

12 kB

URL User Request GET HTTP/1.1
xakep.ru/wp-content/uploads/2008/04/361949/sources.zip
IP
178.248.232.27:443
ASN
#51115 HLL LLC

Certificate
IssuerLet's Encrypt
Subjectxakep.ru
Fingerprint1B:DB:52:DD:39:61:3D:CB:89:3B:0F:96:C6:53:3D:6A:32:F8:67:DE
ValiditySun, 22 Sep 2024 11:05:48 GMT - Sat, 21 Dec 2024 11:05:47 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
12 kB (12278 bytes)
Hash
948ff26e48d60e7ac3fcad09e9ec0aa4
308ae4901b2e9a37b34b5c73b167bc677c214317
440680ac2809bd04bc1f2dc86e6b6d935025c151860e5aaca22ee88c77f07e10

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 13/67

HTTP Headers

GET /wp-content/uploads/2008/04/361949/sources.zip HTTP/1.1
Host: xakep.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: QRATOR
Date: Thu, 24 Oct 2024 12:50:17 GMT
Content-Type: application/zip
Content-Length: 12278
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Sat, 30 Oct 2021 15:33:16 GMT
ETag: "617d65bc-2ff6"
Accept-Ranges: bytes