Report - loader.oxy.st/get/115829f64104ee350013f615d9cf02f3/AndxArtZ.zip

Report Overview

Submitted URL
loader.oxy.st/get/115829f64104ee350013f615d9cf02f3/AndxArtZ.zip
IP
104.21.234.183
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-19 06:12:46
Access
public
Website Title
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
loader.oxy.st	unknown	2019-11-03	2022-10-19	2024-04-17	517 B	1.5 kB	104.21.234.183
s1.oxy.st	unknown	2019-11-03	2022-06-04	2024-04-18	740 B	728 kB	104.21.234.183

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s1.oxy.st/get.php?cg=czozMjoiMDc3Mzk0ODY2ZTZhYzcyMTA2Y2FlNmUxNDg4NWUyYmQiOw%2C%2C&n=czoxMjoiQW5keEFydFouemlwIjs%2C&c=czo2NDoiNjQ4OTYyZjY2NThiMWMxM2IzZTk3MGMyOTI2MzhjMDIzNGIxODE5ZGI5YzBlYmFmYjgyOWRhZDdiOGQ2ZjU0ZiI7&t=1713507128
IP
104.21.234.183
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
727 kB (727178 bytes)
Hash
3c0c6837d70b19111f490cb7a0aa85a7
1b05c0de1d24817dee526b988389e7abb4bb08c3
648962f6658b1c13b3e970c292638c0234b1819db9c0ebafb829dad7b8d6f54f

Archive (57)

Filename

Md5

File type

config.xbot

0ba9b0ddb30653fa4f2cb5fbf24cce86

ASCII text, with CRLF line terminators

Blast Processing

76572e718041d74db29463e0ff1af006

ASCII text, with CRLF line terminators

finger dash all 3 coins

ddfac98e22a96542710c6747bde5774f

ASCII text, with CRLF line terminators

Stereo Madness

5475ee16691b9a9dc5b42d7b07660da3

ASCII text, with CRLF line terminators

uninst_xbot_pro_ui.dat

bae17d39c5e1e6fda611f3a6d4f77d26

JSON text data

uninst_xbot_pro_ui.exe

431858876a2fb09d6bf8d0ce9628ed15

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

uninst_xbot_pro_ui_lang.ifl

2922d0c758d9c3c10cbdc59f91979d0c

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

mouse_hard_down_01.wav

b8c5c84bfc2cddd53645ce7ec53cdfba

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_down_02.wav

40946d4224e27aa2373493969f44a2fa

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_down_03.wav

a04086f3205ffa8d59d8fe2310f9e2f0

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_down_04.wav

f4e6da30b65540547e92e52e954fe419

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_release_01.wav

5c36b31273ebcf84ad448f09bd9c652d

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_release_02.wav

c1ec83c253e68a09dc88c4e6ac508db1

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_release_03.wav

67f2c9ff77e4676b8f546f3c3fc9b345

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_hard_release_04.wav

1658f46d049b717f83c63cc34d4b6234

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_down_01.wav

6b047592644948f16bfc741eac12d60c

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_down_02.wav

51c062c41c6ccf507d45d816da3baf4b

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_down_03.wav

7ad06d7b3271c9b0d3c8e22de7c732ee

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_down_04.wav

787c518ab5e31e3b3b3c85b3fcc985d6

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_release_01.wav

ecf86f2b766900bc506e61f35ca015d7

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_release_02.wav

3cf880696243b45c71063302cf306902

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_release_03.wav

b411e8c2437ede659a4b5831017a2b65

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

mouse_soft_release_04.wav

9a0bfc2182ebe82f9334eef22a83e8ee

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_press_01.wav

be321d0b6fe5e8e14e1a07a3aadb76a3

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_press_02.wav

8e7f364b52ed7be6654e70dfe8f00826

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_press_03.wav

5a46dbb11f253275f9445664464b76a9

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_press_04.wav

44f7ca0aae8d9e6451cc83054ec19dae

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_release_01.wav

80df280d7ffa2885b873b167a5af6a93

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_release_02.wav

ad9af4855758a2bb4fb23b29b1072b09

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_release_03.wav

ca53b2710415d0c41488a0052691ed2e

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_hard_release_04.wav

4e0c9840f5f1ce0f6c954e3f6f4e19fe

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_press_01.wav

1f116b5249b4526669f389c815e0ef4d

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_press_02.wav

96ad478a0017c489e93493848df163ca

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_press_03.wav

64fc1396d1d2a3f181756b8610fa3912

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_press_04.wav

c7850e3db7185ae77cf4af5307828a0a

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_release_01.wav

2e1a08ed5c4569d27274c614d497b7d6

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_release_02.wav

3ef6981597216aef759fdd7d8f47e05b

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_release_03.wav

1d9ce47dc56dc92bae869151035407d2

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

space_soft_release_04.wav

46a03aad5678bc2e7c1716ce477531da

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_press_01.wav

c485ddc3cd104c1460e40886da7f5aa1

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_press_02.wav

b16877502b8b8e4aa91720a9c813ac35

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_press_03.wav

67eac8b28afe9208970331c0601c047d

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_press_04.wav

e7e9957963ac638166c2897911eafb1d

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_release_01.wav

bb8e8bdbece108a9ac795cf396b1ae61

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_release_02.wav

8845e7ec2bbf2a9b798054de8b9f4abc

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_release_03.wav

fe4e5e2b3e15ab50ad3fe36724d9eefa

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_hard_release_04.wav

ce5c9a1f90229b8ee35a0a3c90d4d698

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_press_01.wav

9495620054808b4fc973322e00c21c58

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_press_02.wav

d0dcf24c7290d19acb9e455107605af5

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_press_03.wav

a621ce25f1f553faf25edb34dfce908b

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_press_04.wav

7687b1bc5fc427c62f57f06da0b902ce

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_release_01.wav

4223f0f67e7b4267ed21dadc885f2256

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_release_02.wav

799fe77b0b79c49859289cc3afca6250

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_release_03.wav

9c76053459d25ac363e3bd4cde3ac1e9

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

up_soft_release_04.wav

57533b42e076ad0a17aaf1e596a8fa8b

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

xBot Pro UI_deobfus_patched.exe

a998685d537e7d133ead5f522914da9f

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

xbot_3_0_beta.dll

395d3e8804f449416f6ec37b21d94922

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 26/64

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

loader.oxy.st/get/115829f64104ee350013f615d9cf02f3/AndxArtZ.zip

104.21.234.183

503 B

URL
loader.oxy.st/get/115829f64104ee350013f615d9cf02f3/AndxArtZ.zip
IP
104.21.234.183:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
503 B (503 bytes)
Hash
b783dbf8e8b197ac5412b574d33d41b0
3c75451796e6da725dea392eff62208ef4c10ef6
a95d9d093aaca83f5f90b619bc1ac724a1fd9955855254ba9f36daca1519c0b5

HTTP Headers

GET /get/115829f64104ee350013f615d9cf02f3/AndxArtZ.zip HTTP/1.1
Host: loader.oxy.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 19 Apr 2024 06:12:08 GMT
content-type: text/html; charset=UTF-8
location: https://s1.oxy.st/get.php?cg=czozMjoiMDc3Mzk0ODY2ZTZhYzcyMTA2Y2FlNmUxNDg4NWUyYmQiOw%2C%2C&n=czoxMjoiQW5keEFydFouemlwIjs%2C&c=czo2NDoiNjQ4OTYyZjY2NThiMWMxM2IzZTk3MGMyOTI2MzhjMDIzNGIxODE5ZGI5YzBlYmFmYjgyOWRhZDdiOGQ2ZjU0ZiI7&t=1713507128
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: PHPSESSID=k1j57g9amh4b2g18do8ink65h1; path=/; domain=.oxy.st
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VmxFe59QwI3xhlz%2BTDvAtyX8JkpEXMvpo6lQQjgy%2F2XKuJ0GzvJ9UNZbj7bmpsYwIiDCYFEDJ20mFcJTlNsKwD%2F6lYxV8qjzOc3I6tLTQegovj4VQVn747rlWo1%2By3K4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876abdc19a18d93f-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s1.oxy.st/get.php?cg=czozMjoiMDc3Mzk0ODY2ZTZhYzcyMTA2Y2FlNmUxNDg4NWUyYmQiOw%2C%2C&n=czoxMjoiQW5keEFydFouemlwIjs%2C&c=czo2NDoiNjQ4OTYyZjY2NThiMWMxM2IzZTk3MGMyOTI2MzhjMDIzNGIxODE5ZGI5YzBlYmFmYjgyOWRhZDdiOGQ2ZjU0ZiI7&t=1713507128

104.21.234.183

727 kB

URL
s1.oxy.st/get.php?cg=czozMjoiMDc3Mzk0ODY2ZTZhYzcyMTA2Y2FlNmUxNDg4NWUyYmQiOw%2C%2C&n=czoxMjoiQW5keEFydFouemlwIjs%2C&c=czo2NDoiNjQ4OTYyZjY2NThiMWMxM2IzZTk3MGMyOTI2MzhjMDIzNGIxODE5ZGI5YzBlYmFmYjgyOWRhZDdiOGQ2ZjU0ZiI7&t=1713507128
IP
104.21.234.183:0
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
727 kB (727178 bytes)
Hash
3c0c6837d70b19111f490cb7a0aa85a7
1b05c0de1d24817dee526b988389e7abb4bb08c3
648962f6658b1c13b3e970c292638c0234b1819db9c0ebafb829dad7b8d6f54f

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 26/64

HTTP Headers

GET /get.php?cg=czozMjoiMDc3Mzk0ODY2ZTZhYzcyMTA2Y2FlNmUxNDg4NWUyYmQiOw%2C%2C&n=czoxMjoiQW5keEFydFouemlwIjs%2C&c=czo2NDoiNjQ4OTYyZjY2NThiMWMxM2IzZTk3MGMyOTI2MzhjMDIzNGIxODE5ZGI5YzBlYmFmYjgyOWRhZDdiOGQ2ZjU0ZiI7&t=1713507128 HTTP/1.1
Host: s1.oxy.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=k1j57g9amh4b2g18do8ink65h1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 06:12:08 GMT
content-type: application/octet-stream
content-length: 727178
content-description: File Transfer
content-disposition: attachment; filename=AndxArtZ.zip
content-transfer-encoding: binary
expires: 0
cache-control: must-revalidate, post-check=0, pre-check=0
pragma: public
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsR83Btz%2Byiq4EbBUsDBZQVRFlPrXWI8l6KY2zhEL7KomWpGCf6hsYqooJpX%2FArKAFyOGj5wS5LWP7H38g5oGFKXCiu8azrU13LiGDWcFk9C6WO0loq7YC6G9CI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876abdc28f338ddb-HEL
alt-svc: h3=":443"; ma=86400