Report - twsugarmeet.org/wp-includes/WinDirStat

Report Overview

Submitted URL
twsugarmeet.org/wp-includes/WinDirStat_v.1.1.2.zip
IP
173.233.82.60
ASN
#40244 TURNKEY-INTERNET
Submitted
2024-05-09 19:28:32
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
twsugarmeet.org	unknown	2024-03-04	2024-03-04	2024-03-05	504 B	3.7 MB	173.233.82.60

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
twsugarmeet.org/wp-includes/WinDirStat_v.1.1.2.zip
IP
173.233.82.60
ASN
#40244 TURNKEY-INTERNET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.7 MB (3694929 bytes)
Hash
824e3dac1b24baa03cb78200e4d106a5
1a5a85f1a1a66e409138167ca96f86fc6c327f99
95e892aa666166d1fe67a0835be69d33ec1c234cd3b3b2706b8142d8e16c46a8

Archive (7)

Filename

Md5

File type

help.chm

1bddb8a0e0f9cd90a5b3936ec2c2c4cf

MS Windows HtmlHelp Data

python3.dll

e2bd5ae53427f193b42d64b8e9bf1943

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

python311.dll

abff95de4ecf606839103cd271cf2097

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections

setup.exe

542d1a85dfc9d47d2ce73c885aaf2b5e

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

vcruntime140.dll

699dd61122d91e80abdfcc396ce0ec10

PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections

windirstat_en_us.qm

fa3064e9270b3ce8d90ef2c4e00277c5

Qt Translation file

windirstat_uk_ua.qm

ee64bc556d9e554e5122531bba368240

Qt Translation file

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	twsugarmeet.org/wp-includes/WinDirStat_v.1.1.2.zip	173.233.82.60	200 OK	3.7 MB
URL User Request GET HTTP/2 twsugarmeet.org/wp-includes/WinDirStat_v.1.1.2.zip IP 173.233.82.60:443 ASN #40244 TURNKEY-INTERNET Certificate IssuercPanel, Inc. Subjecttwsugarmeet.org Fingerprint40:93:29:84:12:90:B1:FF:67:EB:24:90:D6:EE:43:6E:3A:FC:72:3D ValidityTue, 05 Mar 2024 00:00:00 GMT - Mon, 03 Jun 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 3.7 MB (3694929 bytes) Hash 824e3dac1b24baa03cb78200e4d106a5 1a5a85f1a1a66e409138167ca96f86fc6c327f99 95e892aa666166d1fe67a0835be69d33ec1c234cd3b3b2706b8142d8e16c46a8 HTTP Headers `GET /wp-includes/WinDirStat_v.1.1.2.zip HTTP/1.1 Host: twsugarmeet.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK last-modified: Tue, 07 May 2024 20:39:47 GMT accept-ranges: bytes content-length: 3694929 content-type: application/zip date: Thu, 09 May 2024 19:28:05 GMT server: Apache X-Firefox-Spdy: h2`

twsugarmeet.org/wp-includes/WinDirStat_v.1.1.2.zip

173.233.82.60

200 OK

3.7 MB

URL User Request GET HTTP/2
twsugarmeet.org/wp-includes/WinDirStat_v.1.1.2.zip
IP
173.233.82.60:443
ASN
#40244 TURNKEY-INTERNET

Certificate
IssuercPanel, Inc.
Subjecttwsugarmeet.org
Fingerprint40:93:29:84:12:90:B1:FF:67:EB:24:90:D6:EE:43:6E:3A:FC:72:3D
ValidityTue, 05 Mar 2024 00:00:00 GMT - Mon, 03 Jun 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.7 MB (3694929 bytes)
Hash
824e3dac1b24baa03cb78200e4d106a5
1a5a85f1a1a66e409138167ca96f86fc6c327f99
95e892aa666166d1fe67a0835be69d33ec1c234cd3b3b2706b8142d8e16c46a8

HTTP Headers

GET /wp-includes/WinDirStat_v.1.1.2.zip HTTP/1.1
Host: twsugarmeet.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 07 May 2024 20:39:47 GMT
accept-ranges: bytes
content-length: 3694929
content-type: application/zip
date: Thu, 09 May 2024 19:28:05 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers