Report - www.geotel.cz/clanky/18/data/EasySURV_1_0_0

Report Overview

Submitted URL
www.geotel.cz/clanky/18/data/EasySURV_1_0_0_5.zip
IP
185.66.36.136
ASN
#59925 Seonet Multimedia s.r.o.
Submitted
2024-05-07 11:51:11
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.geotel.cz	unknown	unknown	No data	No data	419 B	1.8 MB	185.66.36.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.geotel.cz/clanky/18/data/EasySURV_1_0_0_5.zip
IP
185.66.36.136
ASN
#59925 Seonet Multimedia s.r.o.

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.8 MB (1765944 bytes)
Hash
eae62a3e75c68ac8d9f9a5e0e96779dc
806d4d8b11fda0b776bcbcd81d6890004782ed67
0a2366f698417f2292be61bfac9096585fbdcd39808ce606028104dd21fdd269

Archive (28)

Filename

Md5

File type

EasySURV.ini

8d2133480cd843730b01c26c54e3f93f

ASCII text, with CRLF line terminators

CODES.txt

ac2549e01863ce759f4b7d27e403be39

ASCII text, with CRLF line terminators

EasySURV.exe

7f37c41c4a47dd2c56eff4fa0e447383

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

HEIGHT.txt

d9bac8abe5077a4be2bb5f4cf10ae0f4

ASCII text, with CRLF line terminators

LANG.lng

69712a85765ee2a1548294d3feb05f2e

Unicode text, UTF-16, little-endian text, with CRLF line terminators

LANG_CZ.lng

d5312fb36d3d5bd80b6eb398c913b52c

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Resco.AdvancedComboBox.CF2.dll

186e8de5c8e6556ad09045fc24f7c62b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.AdvancedList.CF2.dll

10fcfe1c4743c2f3811a90d9c573c7ad

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.AdvancedTree.CF2.dll

fc5ee66eacf508c9a8331d66d594040f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.CommonControls.CF2.dll

88f3f359dc2590dbada412c0367e2bae

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.Core.CF2.dll

95199a3bbcd9aee0c6d088ef1e3fb837

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.DetailView.CF2.dll

577de7370d297fc047c0a28d9246b39d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.ImageBox.CF2.dll

8e3782d555cbc223d89f110a95d236e5

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.KeyboardPro.CF2.dll

90984edfed9d7ec62a779535c584cf07

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.KeyboardPro.Native.dll

e23926f75290b1a15c07fb73c6974850

PE32 executable (DLL) (Windows CE) ARM Thumb, for MS Windows, 6 sections

Resco.OutlookControls.CF2.dll

bedbc1026de6536288e8fd5a8202d09d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.ProgressBar.CF2.dll

95caf459563889e9e94f6d4a83e493ac

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.SmartGrid.CF2.dll

7b1fb2d1de51a03d4b11bf06d76e754e

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Resco.UIElements.CF2.dll

b5e65abc86240e5d60673fd243bee1a1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Default.rpk

f776c58019eff56d05b8b55b9e7d1174

data

Default.VGA.rpk

a52f28cad8a0bbaa82a00fa1aa8858ec

data

Gray.rpk

5668d483ddf6f3266d2047283bce5415

data

SQLite.Interop.065.DLL

f0740f740e8ff651725ba85cf67823b5

PE32 executable (DLL) (Windows CE) ARM, for MS Windows, 6 sections

System.Data.SQLite.dll

3b8f12cc2b079b1ec6dba5c5155ea9d3

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SETUP.dat

69e942eb546506a9c4522b2d2aa86713

data

SETUP.exe

70b9a27b12ec0649afb786c26dd49a71

PE32 executable (Windows CE) ARM Thumb, for MS Windows, 6 sections

Setup.ini

bf61edbcb0b06d43bc4eeac026f74d07

ASCII text, with CRLF line terminators

SETUP_RC.dll

a76b480c9978b11f9eccb00673fd5558

PE32 executable (DLL) (Windows CE) ARM Thumb, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.geotel.cz/clanky/18/data/EasySURV_1_0_0_5.zip

185.66.36.136

200 OK

1.8 MB

URL User Request GET HTTP/1.1
www.geotel.cz/clanky/18/data/EasySURV_1_0_0_5.zip
IP
185.66.36.136:80
ASN
#59925 Seonet Multimedia s.r.o.

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.8 MB (1765944 bytes)
Hash
eae62a3e75c68ac8d9f9a5e0e96779dc
806d4d8b11fda0b776bcbcd81d6890004782ed67
0a2366f698417f2292be61bfac9096585fbdcd39808ce606028104dd21fdd269

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

HTTP Headers

GET /clanky/18/data/EasySURV_1_0_0_5.zip HTTP/1.1
Host: www.geotel.cz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 11:50:45 GMT
Server: Apache
Upgrade: h2c,h2
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 11 Dec 2014 10:30:35 GMT
ETag: "1b01a5-509ee443f95d8-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Thu, 06 Jun 2024 11:50:45 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=1, max=100
Transfer-Encoding: chunked
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (28)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers