Report - www.wwwalker.net/bathtub/bathtub

Report Overview

Submitted URL
www.wwwalker.net/bathtub/bathtub_install.zip
IP
66.96.146.129
ASN
#29873 BIZLAND-SD
Submitted
2024-04-18 19:19:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.wwwalker.net	unknown	2001-07-27	2014-11-23	2023-12-11	498 B	14 MB	66.96.146.129

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.wwwalker.net/bathtub/bathtub_install.zip
IP
66.96.146.129
ASN
#29873 BIZLAND-SD

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (13533621 bytes)
Hash
0081dbbe542d5ffc15f57eee24f38871
b9cb30a5e67aa070af0ecf58f5f460db9e8e4c22
927c29725e062d50fde83088352e06c23a3197fb54df1cab69293b3092c688cf

Archive (8)

Filename

Md5

File type

bath.xla

324acab5efa77bf58f7a27ff3301deb6

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Author: William W. Walker, Jr., Last Saved By: Anonymous, Name of Creating Application: Microsoft Excel, Last Printed: Thu Dec 12 20:11:02 2002, Create Time/Date: Mon Oct 21 01:05:50 2002, Last Saved Time/Date: Fri Aug 8 18:04:43 2008, Security: 0

Bathtub_Excel_Issues.txt

576fde15fd0e01c9c8c47adc1a0d8d5f

ASCII text, with very long lines (471), with CRLF line terminators

Comdlg32.ocx

6785b09fc2d286f88944718acee94b52

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

MSCOMCTL.OCX

766f501b61c22723536af696a74133d4

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

MSSTDFMT.DLL

719e0f4d1114f700f564e9ae47f0e3ee

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

readme.txt

579543c026b13df99b7a07202640e53a

ASCII text, with CRLF line terminators

Setup.ex_

72da042a68f27ea18d1121880a2e84fd

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

TabCtl32.ocx

dc925b6d77ba9ecb532e2f6750be943b

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/59

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.wwwalker.net/bathtub/bathtub_install.zip

66.96.146.129

14 MB

URL
www.wwwalker.net/bathtub/bathtub_install.zip
IP
66.96.146.129:0
ASN
#29873 BIZLAND-SD

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (13533621 bytes)
Hash
0081dbbe542d5ffc15f57eee24f38871
b9cb30a5e67aa070af0ecf58f5f460db9e8e4c22
927c29725e062d50fde83088352e06c23a3197fb54df1cab69293b3092c688cf

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/59

HTTP Headers

GET /bathtub/bathtub_install.zip HTTP/1.1
Host: www.wwwalker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 19:18:52 GMT
Content-Type: application/zip
Content-Length: 13533621
Connection: keep-alive
Server: Apache
Last-Modified: Mon, 05 Aug 2019 13:24:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=14400
Etag: "ce81b5-58f5ea0ed439c"
Expires: Thu, 18 Apr 2024 23:18:52 GMT
Age: 0

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers