Report - 54.37.137.44:8200/advance-mobile/uploads/samp.zip

Report Overview

Submitted URL
54.37.137.44:8200/advance-mobile/uploads/samp.zip
IP
54.37.137.44
ASN
#16276 OVH SAS
Submitted
2024-05-07 06:54:28
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
54.37.137.44:8200	unknown	unknown	No data	No data	419 B	797 kB	54.37.137.44

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	54.37.137.44	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
54.37.137.44:8200/advance-mobile/uploads/samp.zip
IP
54.37.137.44
ASN
#16276 OVH SAS

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
797 kB (797106 bytes)
Hash
db6b92403e9cec02609ec4e16b465365
f313a681a0f89158be290678fefcb5bd7aca6dde
33c60f4c44144d0df2ba1bcc73353c3599b6d71334c46a203758886529519461

Archive (25)

Modified	Filename	Size	Md5	File type
2023-03-12 16:16	SAMP.ide	89 kB	5a36a5df8dfcab05900c38d75acaf594	ASCII text, with CRLF line terminators
2023-03-12 16:16	TIMECYC.DAT	40 kB	d66a121bc8f17a5b69e34b841744956c	ASCII text, with CRLF line terminators
2023-03-12 16:16	carmods.dat	35 kB	bbe0736b39a3545c82c76400b5bfddcf	ASCII text, with CRLF line terminators
2023-03-12 16:16	arial.ttf	367 kB	5995c725ca5a13be62d3dc75c2fc59fc	TrueType Font data, digitally signed, 23 tables, 1st "DSIG", 70 names, Unicode, Typeface � The Monotype Corporation plc. Data � The Monotype Corporation plc/Type Solutions Inc.
2023-03-12 16:16	arial_bold.ttf	352 kB	ce4244a1fb311a47a5949948b2dc4eab	TrueType Font data, digitally signed, 23 tables, 1st "DSIG", 95 names, Unicode, Typeface � The Monotype Corporation plc. Data � The Monotype Corporation plc/Type Solutions Inc.
2023-03-12 16:16	sampaux3.ttf	12 kB	6a03a32076e76f6c1720cad6c6ea6915	TrueType Font data, 10 tables, 1st "OS/2", 8 names, Macintosh, type 1 string, SampAux3RegularSampAux3SampAux3
2023-03-12 16:16	gta.dat	3.8 kB	d8caaaa7f4fff9e5c2703d6690f43771	ASCII text, with CRLF line terminators
2023-03-12 16:16	handling.cfg	64 kB	6868accef933f1855ec28ce193a78159	ASCII text, with CRLF line terminators
2023-03-12 16:16	main.scm	104 kB	ab72a2f3d2ec5cc7a6fa9454e323e289	GTA script (SCM), used in GTA III/VC/SA
2023-03-12 16:16	props.ide	26 kB	d6830d3574873b8f24d863387cf5ebd9	ASCII text, with CRLF line terminators
2023-03-12 16:16	lan2.ide	9.6 kB	23ba133dbaccbb1ccdaea06e6160a287	ASCII text, with CRLF line terminators
2023-03-12 16:16	law2.ide	11 kB	7f8ce49ae5de62ecf760d3c02f42db35	ASCII text, with CRLF line terminators
2023-03-12 16:16	laxref.ide	10 kB	b27d4a1286c65bc724ada913fe7cf7df	ASCII text, with CRLF line terminators
2023-03-12 16:16	peds.ide	36 kB	f13254938c94b045ac8ca95d40837424	ASCII text
2023-03-12 16:16	samp_log.txt	1.7 MB	bce453008ecc08cce4c763292881d846	ASCII text
2023-03-12 16:16	script.img	195 kB	6e142bb5dd5ec20af8fbd63f9ad4b457	GTA archive (IMG), version 2, used in GTA SA, 18 items
2023-03-12 16:16	settings.ini	439 B	1e3cf7eb8bb35dcb7ff01d219ed56573	Unicode text, UTF-8 (with BOM) text
2023-03-15 11:36	gbutton.png	7.8 kB	49c68c56ba23a40e48d7d2fe1dc42643	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
2023-03-15 11:36	voice.png	6.9 kB	d31f0ce8d8b170cfa0f7bb1a9e744a5f	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
2023-03-15 11:36	voice_on.png	7.3 kB	369a54a5a156acc754cd3020e7272360	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
2023-03-12 16:16	tracks2.dat	3 B	b0da173b6bf0d0d34e35103f30fc4b69	ASCII text
2023-03-12 16:16	tracks4.dat	3 B	b0da173b6bf0d0d34e35103f30fc4b69	ASCII text
2023-03-12 16:16	vehicleAudioSettings.cfg	25 kB	6de68011de9cafd19f8a133cb34a58a0	ASCII text, with CRLF line terminators
2023-03-12 16:16	vehicles.ide	21 kB	bdc3a0fced2402c5bc61585714457d4b	ASCII text, with CRLF line terminators
2023-03-12 16:16	water12.dat	171 B	78ff3827b83b67a1f5326d158b12101b	ASCII text, with CRLF line terminators

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

54.37.137.44:8200/advance-mobile/uploads/samp.zip

54.37.137.44

200 OK

797 kB

URL User Request GET HTTP/1.1
54.37.137.44:8200/advance-mobile/uploads/samp.zip
IP
54.37.137.44:8200
ASN
#16276 OVH SAS

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
797 kB (797106 bytes)
Hash
db6b92403e9cec02609ec4e16b465365
f313a681a0f89158be290678fefcb5bd7aca6dde
33c60f4c44144d0df2ba1bcc73353c3599b6d71334c46a203758886529519461

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advance-mobile/uploads/samp.zip HTTP/1.1
Host: 54.37.137.44:8200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 06:54:01 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Mon, 20 Mar 2023 04:34:32 GMT
ETag: "c29b2-5f74d71818a8b"
Accept-Ranges: bytes
Content-Length: 797106
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers