Report - pjkbdjuw.onlinedirectsportalspool.top/Redirect%202022.zip

Report Overview

Submitted URL
pjkbdjuw.onlinedirectsportalspool.top/Redirect%202022.zip
IP
94.156.68.129
ASN
#394711 LIMENET
Submitted
2024-03-28 14:36:43
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pjkbdjuw.onlinedirectsportalspool.top	unknown	unknown	No data	No data	511 B	56 kB	94.156.68.129

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pjkbdjuw.onlinedirectsportalspool.top/Redirect%202022.zip
IP
94.156.68.129
ASN
#394711 LIMENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
56 kB (55762 bytes)
Hash
1f5816d40c3931c3650ed6092b209f89
9cdcdba211a9787c2f6ee7cc81c4a43e8516a25e
5b49d7fef5db578f5367f54584a568fc62aa24c2839d59603a438a28f078c3e6

Archive (6)

Filename

Md5

File type

.htaccess

b8a554058995f6da3902aa72ed1e0c5f

ASCII text

.htaccess2

3dc3f334efadb4579e804a5c3cb99089

ASCII text

blocker.php

1da9a77412b09629dd8c3a9db1181d18

PHP script, ASCII text, with very long lines (2158), with no line terminators

config.php

9f3e70ca82edcaabc4c597ca15b4d6dd

PHP script, ASCII text

htaccess

fc9b50156df8ecd8e8c135f22b37e2fa

ASCII text

index.php

8e614f1c29ef723a7353c8f3174144e9

PHP script, ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
VirusTotal	suspicious	VirusTotal - Scan result 1/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

pjkbdjuw.onlinedirectsportalspool.top/Redirect%202022.zip

94.156.68.129

200 OK

56 kB

URL User Request GET HTTP/2
pjkbdjuw.onlinedirectsportalspool.top/Redirect%202022.zip
IP
94.156.68.129:443
ASN
#394711 LIMENET

Certificate
IssuerLet's Encrypt
Subject*.onlinedirectsportalspool.top
FingerprintE0:C7:C0:A7:31:7C:ED:B5:29:98:85:32:45:C5:00:93:94:D1:95:A1
ValidityWed, 13 Mar 2024 14:29:59 GMT - Tue, 11 Jun 2024 14:29:58 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
56 kB (55762 bytes)
Hash
1f5816d40c3931c3650ed6092b209f89
9cdcdba211a9787c2f6ee7cc81c4a43e8516a25e
5b49d7fef5db578f5367f54584a568fc62aa24c2839d59603a438a28f078c3e6

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

HTTP Headers

GET /Redirect%202022.zip HTTP/1.1
Host: pjkbdjuw.onlinedirectsportalspool.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Thu, 28 Mar 2024 14:36:19 GMT
content-type: application/zip
content-length: 55762
last-modified: Thu, 07 Mar 2024 16:37:54 GMT
etag: "d9d2-61314b2714299"
accept-ranges: bytes
strict-transport-security: max-age=63072000;includeSubDomains; preload
x-served-by: pjkbdjuw.onlinedirectsportalspool.top
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers