Report - www.taoeffect.com/cloak/Cloak.zip

Report Overview

Submitted URL
www.taoeffect.com/cloak/Cloak.zip
IP
168.235.105.28
ASN
#3842 RAMNODE
Submitted
2024-05-07 12:23:16
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.taoeffect.com	unknown	2008-03-26	2014-05-27	2024-01-20	487 B	626 kB	168.235.105.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.taoeffect.com/cloak/Cloak.zip
IP
168.235.105.28
ASN
#3842 RAMNODE

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
625 kB (625323 bytes)
Hash
927d8082b5a7bba969902952931adc7f
ed05b811a8b2ceff7724d201f4e2925152f2db4a
3c88386042495e8480186eb068d28ef2dfe6d5203d137d1b7eefdcb434745a8a

Archive (110)

Filename

Md5

File type

Headers

86c63de7bd8775780ac77380b5c049c4

ASCII text, with no line terminators

Resources

e58c4cf10cc7c8ef7d7167ccb641aeb4

ASCII text, with no line terminators

Sparkle

078cd5564ff6fd5418ddc4d9179fca8c

ASCII text, with no line terminators

Sparkle.strings

11323fc1d8dbbbd73753134baadde7f7

Unicode text, UTF-16, big-endian text

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

097ae7513ad9af56036272adb5d8c694

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

f2cdeb25ac446b9365414b0ea7a837a6

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

8f5f4684234fc53cf2abffc0a13a66a9

Apple binary property list

Sparkle.strings

c8310a6a61c3da7348afe30fc822121b

Unicode text, UTF-16, big-endian text, with very long lines (368)

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

95c17a87b57873d9888a97231d0c18e1

XML 1.0 document, ASCII text

keyedobjects.nib

ee303bb6f990b556dcd84060df93c07f

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

cd718d7588fcdb442eb2f25edb0ffe6c

XML 1.0 document, ASCII text

keyedobjects.nib

9ec4d1f38e1016863838664f8a537cd6

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

c43fc1c5b5710ba09288aba30cc91e6f

XML 1.0 document, ASCII text

keyedobjects.nib

f68ea826bf866a9be1f213c4b6e2b520

Apple binary property list

Sparkle.strings

7b3c8f808d4deed9145658782a1d858a

Unicode text, UTF-16, big-endian text, with very long lines (333)

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

cfd325795733d11dea071a140deaa2a0

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

2172087708b20b03e19cfd53be0af99d

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

287baa4fff98907951246d77665f769e

XML 1.0 document, ASCII text

keyedobjects.nib

1416017ee5589e7f000450addf896898

Apple binary property list

fr.lproj

19d8a783d0afaaa20c0de2d90ec0ee82

ASCII text, with no line terminators

Sparkle.strings

2758a1a7dad1625f0260c8edeaac81ed

Unicode text, UTF-16, big-endian text

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

3fc6ff7c1408ca2e6b64183aafe13e54

XML 1.0 document, ASCII text

keyedobjects.nib

699c45b7a82ebea1ab2430e144055737

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

5f84307d764ddcd250e0f47f7f0ebc0f

XML 1.0 document, ASCII text

keyedobjects.nib

e51f7975610f0716e246041f83944a8c

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

5f84307d764ddcd250e0f47f7f0ebc0f

XML 1.0 document, ASCII text

keyedobjects.nib

63396ea8521ecd92d82e429a0e633b69

Apple binary property list

fr_CA.lproj

19d8a783d0afaaa20c0de2d90ec0ee82

ASCII text, with no line terminators

Info.plist

13ffb6413a0fbc36342ccb6b6f1bfa40

XML 1.0 document, ASCII text

Sparkle.strings

6a120e9ba7268f50852777e4abd7d92b

Unicode text, UTF-16, big-endian text

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

c05044618c143838ded625cd510a10f1

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

8bc2cc6e967aab8b40f1626c7868d439

XML 1.0 document, ASCII text

keyedobjects.nib

831fcc87598aa2ad32b7082f61b4ce08

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

3183cd754412072250438c0b7dd65744

XML 1.0 document, ASCII text

keyedobjects.nib

afa1a0c02bc2a5036cf5510019f1ae5b

Apple binary property list

License.txt

29284fe742e0698808c766d3384bf6c1

ASCII text, with very long lines (460)

Sparkle.strings

51a6aac1c72fb8dd56461d6c01f0650b

Unicode text, UTF-16, big-endian text, with very long lines (376)

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

597a0c9ef9bc4ac6b51bde163c984787

XML 1.0 document, ASCII text

keyedobjects.nib

37592a585232db89f7d2d6f1bbcc9c03

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

5f84307d764ddcd250e0f47f7f0ebc0f

XML 1.0 document, ASCII text

keyedobjects.nib

30e821ab036f43784d1b74330c9917a5

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

5f84307d764ddcd250e0f47f7f0ebc0f

XML 1.0 document, ASCII text

keyedobjects.nib

c32fc14dccead2035afffbe0e16bb2bc

Apple binary property list

relaunch

698ff24fb0c8d55ad7af3475ceee6fdc

Sparkle.strings

79abdbab6dfea63c89ee1e2e79aefc6b

Unicode text, UTF-16, big-endian text, with very long lines (379)

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

618a529117019d26a5ffedf9892e103f

XML 1.0 document, ASCII text

keyedobjects.nib

d3bc255d773faad287a0190578727b1c

Apple binary property list

classes.nib

c137beae670f04fa9f87968d627d2a23

XML 1.0 document, ASCII text

info.nib

618a529117019d26a5ffedf9892e103f

XML 1.0 document, ASCII text

keyedobjects.nib

a2a8ef990cb86e5370f330bfd32aeb2d

Apple binary property list

classes.nib

188946c26e73f1c22e43ca5589b78eb4

XML 1.0 document, ASCII text

info.nib

52f1ae9150f55fc75ddb7377e12fbc9d

XML 1.0 document, ASCII text

keyedobjects.nib

a38cb355eb1d7f9161096b7a34a15423

Apple binary property list

SUModelTranslation.plist

f1ea04fe15a18d331dd1cde62aee3953

XML 1.0 document, ASCII text

classes.nib

f549ec7c9d48cf0940b33c63feb55429

XML 1.0 document, ASCII text

info.nib

e36a13c27ce71939ad81e1e0a162618c

XML 1.0 document, ASCII text

keyedobjects.nib

6ceb5d9320a931354362b208b5240536

Apple binary property list

Sparkle.strings

c7ae1d2930896287406fd47a99818391

Unicode text, UTF-16, big-endian text

classes.nib

fb99a49b19c34f97f77a81e5eecbb184

XML 1.0 document, ASCII text

info.nib

c8dbbecd84b3ae1863cb30622e12a4fb

XML 1.0 document, ASCII text

keyedobjects.nib

58c785c9ecf057ba02a5b16022ce29c9

Apple binary property list

classes.nib

5eb2ed529d7b56eb799b417480a5ae2f

ASCII text

info.nib

dd869dd66b77ff58f65210b7e4048377

XML 1.0 document, ASCII text

keyedobjects.nib

4c63ee7f61f87193389cc0c7dc9fc4cc

Apple binary property list

classes.nib

b9c3d0c2670efd8f5e1fba7c969ab20f

XML 1.0 document, ASCII text

info.nib

c8dbbecd84b3ae1863cb30622e12a4fb

XML 1.0 document, ASCII text

keyedobjects.nib

6be8007157bb29592c313a7d1ff1c09c

Apple binary property list

Sparkle

4377a54582b39d07462ffcd46d6b7fa2

Current

7fc56270e7a70fa81a5935b72eacbe29

very short file (no magic)

Info.plist

4c45a4918fd06873bd00fad12f8dd209

XML 1.0 document, ASCII text

Cloak

560d7cba016a96c5bfa3002b46c332a0

Mach-O universal binary with 2 architectures: [i386: - Mach-O i386 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>] [ - ppc: - Mach-O ppc executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>]

PkgInfo

23b7d7d024abb0f558420e098800bf27

ASCII text, with no line terminators

Cloak.icns

bf51e7d2e178428ab181438b7adb5026

Mac OS X icon, 151849 bytes, "ics#" type

InfoPlist.strings

8c60ab6f2107d062dd111361c37b53bb

Unicode text, UTF-16, big-endian text

MainMenu.nib

6c3840aff43d4e63605921cd6c3d1a93

Apple binary property list

FSIconImage-LinkArrow.icns

290dbce1c369c21a661c6ef83d3a6e5b

Mac OS X icon, 24195 bytes, "ics#" type

Preferences.nib

7dccbd1a8a0c85aa2f2e312c1b1866e5

Apple binary property list

TransparentCheckboxOffN.tiff

07fdd184942197d9728459ded917f2e2

TIFF image data, big-endian, direntries=18, height=15, bps=0, compression=LZW, PhotometricInterpretation=RGB, orientation=upper-left, width=14

._TransparentCheckboxOffN.tiff

23b9e01932b4d03756238cfe8a05b124

AppleDouble encoded Macintosh file

TransparentCheckboxOffP.tiff

218f502b5c53da1cf4773ab7d39d3f8c

TIFF image data, big-endian, direntries=18, height=15, bps=0, compression=LZW, PhotometricInterpretation=RGB, orientation=upper-left, width=14

._TransparentCheckboxOffP.tiff

8c4b22445b62e133e810d100dae76d50

AppleDouble encoded Macintosh file

TransparentCheckboxOnN.tiff

9db11cb1ca97a67561f8ad0ce5fe0793

TIFF image data, big-endian, direntries=18, height=15, bps=0, compression=LZW, PhotometricInterpretation=RGB, orientation=upper-left, width=14

._TransparentCheckboxOnN.tiff

6d6ba51a1c9ad3ef324669c90a72f4e5

AppleDouble encoded Macintosh file

TransparentCheckboxOnP.tiff

f534a9e568658cd9502c696563daca20

TIFF image data, big-endian, direntries=18, height=15, bps=0, compression=LZW, PhotometricInterpretation=RGB, orientation=upper-left, width=14

._TransparentCheckboxOnP.tiff

bcdd869e368c663a4e76f38400c1fb49

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Size
	www.taoeffect.com/cloak/Cloak.zip	168.235.105.28	625 kB
URL www.taoeffect.com/cloak/Cloak.zip IP 168.235.105.28:0 ASN #3842 RAMNODE File type Zip archive data, at least v1.0 to extract, compression method=store Size 625 kB (625323 bytes) Hash 927d8082b5a7bba969902952931adc7f ed05b811a8b2ceff7724d201f4e2925152f2db4a 3c88386042495e8480186eb068d28ef2dfe6d5203d137d1b7eefdcb434745a8a HTTP Headers `GET /cloak/Cloak.zip HTTP/1.1 Host: www.taoeffect.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Tue, 07 May 2024 12:22:49 GMT Content-Type: application/zip Content-Length: 625323 Last-Modified: Mon, 10 Dec 2018 06:19:52 GMT Connection: keep-alive ETag: "5c0e0588-98aab" Cache-Control: private, max-age=0, no-cache Accept-Ranges: bytes`

www.taoeffect.com/cloak/Cloak.zip

168.235.105.28

625 kB

URL
www.taoeffect.com/cloak/Cloak.zip
IP
168.235.105.28:0
ASN
#3842 RAMNODE

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
625 kB (625323 bytes)
Hash
927d8082b5a7bba969902952931adc7f
ed05b811a8b2ceff7724d201f4e2925152f2db4a
3c88386042495e8480186eb068d28ef2dfe6d5203d137d1b7eefdcb434745a8a

HTTP Headers

GET /cloak/Cloak.zip HTTP/1.1
Host: www.taoeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 12:22:49 GMT
Content-Type: application/zip
Content-Length: 625323
Last-Modified: Mon, 10 Dec 2018 06:19:52 GMT
Connection: keep-alive
ETag: "5c0e0588-98aab"
Cache-Control: private, max-age=0, no-cache
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (110)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

HTTP Headers