Report - ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip

Report Overview

Submitted URL
ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip
IP
51.81.56.113
ASN
#16276 OVH SAS
Submitted
2024-04-18 14:52:54
Access
public
Website Title
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ava2.androidfilehost.com	unknown	unknown	2020-09-04	2024-04-18	552 B	5.3 MB	51.81.56.113

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip
IP
51.81.56.113
ASN
#16276 OVH SAS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.3 MB (5348187 bytes)
Hash
fd988114f753a4c530839a2b28f052c1
45eafb9e95ae5c79a74687499ba18474d6aa1cbd
1f37997cf1e5c203b844ee73486fa2aa5372e039261addfba6d8304cf9eb076d

Archive (18)

Filename

Md5

File type

update-binary

616c5c5f93b73d090f472506a979e80d

a /sbin/sh script executable (binary data)

updater-script

63d9d93d0f4bd6e6e1f5d76b7eb425ed

ASCII text

magiskboot

9ee56d1e5c47e6da982354f0d5d0f1db

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV)

magiskinit

64aa4789eec007d734c0312e2a889d6d

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV)

magiskinit64

7886d2419e685e7d2d8b4e69a67bfaed

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV)

futility

03e93f99bbf7f29993b2ce6e533eea20

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV)

kernel.keyblock

61c5ff73c136ed07a7aadbf58db3d96a

data

kernel_data_key.vbprivk

584777ae88bce2c5659960151b64c7d8

data

addon.d.sh

10a22f2c5a8a0ff7c8809e98e3eec347

ASCII text

boot_patch.sh

05455b21ce3ea71c7d7b5c041023d392

a /system/bin/sh script, ASCII text executable

magisk.apk

a545113edccb4903a4fa8d6fe24f5e28

Android package (APK), with AndroidManifest.xml Java archive data (JAR)

util_functions.sh

2ff861322d405544771060f1e5a17bf2

ASCII text

magiskboot

d671864bd0e2d8ffed9c303839aeeec6

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

magiskinit

78cf19cd94787d99a01363dd96b2caad

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

magiskinit64

137fac1885e1be3bcafcf29483b5545f

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

MANIFEST.MF

647ce9afdd98c18a69faa53d057214b4

JAR Manifest, ASCII text, with CRLF line terminators

CERT.SF

e4456eba2426e984d1b63dce0f6c6fcf

JAR Signature File, ASCII text, with CRLF line terminators

CERT.RSA

3442cfc50ba613474a3d9db2edc63842

DER Encoded PKCS#7 Signed Data

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Size
	ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip	51.81.56.113	5.3 MB
URL ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip IP 51.81.56.113:0 ASN #16276 OVH SAS File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 5.3 MB (5348187 bytes) Hash fd988114f753a4c530839a2b28f052c1 45eafb9e95ae5c79a74687499ba18474d6aa1cbd 1f37997cf1e5c203b844ee73486fa2aa5372e039261addfba6d8304cf9eb076d HTTP Headers GET /dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip HTTP/1.1 Host: ava2.androidfilehost.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK server: nginx/1.14.0 date: Thu, 18 Apr 2024 14:52:20 GMT content-type: application/zip content-length: 5348187 last-modified: Sun, 17 Nov 2019 17:29:01 GMT etag: "5dd1835d-519b5b" content-disposition: attachment; filename=Magisk-v19.3.zip accept-ranges: bytes set-cookie: 443_aVA2_androidfilehost_com_=f7b1897ba19f5e5b85ce7daec81c363caafc32f6; path=/`

ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip

51.81.56.113

5.3 MB

URL
ava2.androidfilehost.com/dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip
IP
51.81.56.113:0
ASN
#16276 OVH SAS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.3 MB (5348187 bytes)
Hash
fd988114f753a4c530839a2b28f052c1
45eafb9e95ae5c79a74687499ba18474d6aa1cbd
1f37997cf1e5c203b844ee73486fa2aa5372e039261addfba6d8304cf9eb076d

HTTP Headers

GET /dl/zcQzLdORcamzquvU-O4qFg/1713538298/4349826312261634775/Magisk-v19.3.zip HTTP/1.1
Host: ava2.androidfilehost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: nginx/1.14.0
date: Thu, 18 Apr 2024 14:52:20 GMT
content-type: application/zip
content-length: 5348187
last-modified: Sun, 17 Nov 2019 17:29:01 GMT
etag: "5dd1835d-519b5b"
content-disposition: attachment; filename=Magisk-v19.3.zip
accept-ranges: bytes
set-cookie: 443_aVA2_androidfilehost_com_=f7b1897ba19f5e5b85ce7daec81c363caafc32f6; path=/

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (18)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

HTTP Headers