Report Overview
Submitted URL
s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip
IP
52.218.98.139
ASN
#16509 AMAZON-02
Submitted
2024-04-19 07:48:18
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
s3-eu-west-1.amazonaws.com | unknown | 2005-08-18 | 2017-03-24 | 2024-03-26 | 544 B | 146 kB | 52.218.101.139 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip
IP
52.218.101.139
ASN
#16509 AMAZON-02
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
146 kB (145932 bytes)
Hash
6dd9fc220b4400c205ec2be1dc44576c
690c8cfcda4abf150215adb100fff58d7814dc8d
Archive (94)
Filename | Md5 | File type | |||
---|---|---|---|---|---|
hacking-index.html | 6d5c92943e7ea484a1687442aba94fdb | HTML document, ASCII text, with CR line terminators | |||
dbconfig.inc | 276ce031ca34252187b6b61efe83db4c | PHP script, ASCII text | |||
mysqlfunktionen.inc | 91807939b9790997efbecde80e1fad68 | PHP script, ASCII text | |||
config.inc | fb127004f35779ebb07ac6c60c7b8adb | PHP script, ASCII text | |||
en.inc | 87f8253a32c1f52aa87d96c0808b1ad1 | PHP script, ASCII text, with very long lines (333) | |||
de.inc | 85ae6082093411cae1e0c17c093cc575 | PHP script, ASCII text, with very long lines (361) | |||
config.txt | 75ad005ebd5927bfcd7f8ab3ae224944 | PHP script, ASCII text | |||
avatar.inc | fef872fedea30c12843f4ce81b827f73 | PHP script, ASCII text | |||
mail.txt | d41d8cd98f00b204e9800998ecf8427e | ||||
kontakt.php | bcd3d609e6b918fcc312ed3614d4efbc | HTML document, ASCII text | |||
index.php | 92ec8776f362c154c406ca8097454b81 | JavaScript source, Unicode text, UTF-8 text | |||
plugin2.php | c26cb32650851cc5620f25796fa9b021 | HTML document, ASCII text | |||
plugin.php | f5876fe2be2c9eac8d7853dea623fa57 | PHP script, ASCII text | |||
lfi.php | e409cef0eff7afbc98aa6e986b40aec0 | HTML document, ASCII text | |||
empfehle.php | 1151bd07da3de24eeed150e0d27d0948 | HTML document, ASCII text | |||
1.gif | 3c9ecdfc1ba136aea20beee1767ed819 | GIF image data, version 89a, 219 x 59 | |||
2.gif | 5f82f703a16eb18d81584d4dc7d7069d | GIF image data, version 89a, 82 x 85 | |||
index.php | bda1f379b2dc058e1a238a61a02763f2 | JavaScript source, ASCII text | |||
htaccess-Backup | 8d49dc49d7a600bf947514dc1dc0bd22 | ASCII text | |||
index.php | 7708a171d49f5fb35d1cb4ecc3609d7b | JavaScript source, Unicode text, UTF-8 text | |||
.htaccess | 8d49dc49d7a600bf947514dc1dc0bd22 | ASCII text | |||
ping.php | 60048505e141004a0b087a1f49cdb96e
| HTML document, ASCII text | |||
.htpasswd | e57d9077d7d79a3b5b7905be08ed7049 | ASCII text | |||
htpasswd-Backup | e57d9077d7d79a3b5b7905be08ed7049 | ASCII text | |||
htaccess-Backup | 8d49dc49d7a600bf947514dc1dc0bd22 | ASCII text | |||
htpasswd-Backup | e57d9077d7d79a3b5b7905be08ed7049 | ASCII text | |||
install.php | 808b024551d33f076a0cf86d5cc3b6aa | JavaScript source, ASCII text | |||
style.css | 786c182b8db31b0eb36709609fbe5e1a | ASCII text | |||
kontakt-html5.php | fab408c3ac211c736da9f2822fe9bfab | HTML document, ASCII text | |||
config.inc | 49b163c9f8c9f47e4c7f94bd4b7a5b21 | PHP script, ASCII text | |||
en.inc | 87f8253a32c1f52aa87d96c0808b1ad1 | PHP script, ASCII text, with very long lines (333) | |||
de.inc | 947cae79f03b031ff468e5015fa12f29 | PHP script, ASCII text, with very long lines (363) | |||
config.txt | fc0ddf741021b96cdaec30b700b2be1a | PHP script, ASCII text | |||
avatar.inc | 3334288aa98a88a92846d53e5604460e | PHP script, ASCII text | |||
mail.txt | 2ae2c241c028318c6e6052656a7ae593 | ASCII text, with CRLF, LF line terminators | |||
kontakt.php | daa1013f81f77191bf700a3cd87911eb | HTML document, ASCII text | |||
index.php | ab524b7048c876c928b546a50eb2e7a5 | JavaScript source, Unicode text, UTF-8 text | |||
plugin2.php | 3b75d6aa8cdc0f05421d746c02ef5b62 | HTML document, ASCII text | |||
plugin.php | 018ce54b65573cdf1061e8e61bf32aac | PHP script, ASCII text | |||
lfi.php | 49fbb2cb4856835f3771a1ea1d02d7e2 | HTML document, ASCII text | |||
empfehle.php | 9fb617af4b0081e9bf4a191f3b7eccc8 | HTML document, ASCII text | |||
1.gif | fb0139ad8411e688044daacc92db05fe | GIF image data, version 89a, 74 x 56 | |||
2.gif | 5f82f703a16eb18d81584d4dc7d7069d | GIF image data, version 89a, 82 x 85 | |||
index.php | 3267970bf7317e48fd703bf473121218 | JavaScript source, ASCII text | |||
htaccess-Backup | f74c75a672dee4da8cc38830c3089a9c | ASCII text | |||
index.php | 48489d4194d491b2b3891fac7caac2a6 | JavaScript source, Unicode text, UTF-8 text | |||
.htaccess | f74c75a672dee4da8cc38830c3089a9c | ASCII text | |||
ping.php | 9145fc2b03f726daaa6e1d1a05d613be | HTML document, ASCII text | |||
.htpasswd | 771e06ef3848d3ec0e78d022a5a2d11d | ASCII text | |||
htpasswd-Backup | 771e06ef3848d3ec0e78d022a5a2d11d | ASCII text | |||
.htaccess | f74c75a672dee4da8cc38830c3089a9c | ASCII text | |||
.htpasswd | 771e06ef3848d3ec0e78d022a5a2d11d | ASCII text | |||
install.php | f2b4898bf703cfae0ed92f1c66d80575 | JavaScript source, ASCII text | |||
kontakt-html5.php | 81b7c9a7321032364f3dccc2efd7111e | HTML document, ASCII text | |||
beta.png | c37cb14b1e78586cf62f553e075ecc30 | PNG image data, 900 x 300, 8-bit/color RGB, non-interlaced | |||
error.php | 4bf8c74419a30ebc1616796729f99d14 | PHP script, Unicode text, UTF-8 text | |||
kapitel8.html | 8007f71c8878fe65b22683b32688f73f | HTML document, ASCII text | |||
kapitel4.html | b8fb82482f0f0add649a12a7853c7d94 | HTML document, ASCII text | |||
kapitel9.html | 8ed46f2c644bb3c01cf2971a917eb050 | HTML document, ASCII text, with very long lines (316) | |||
kapitel11.html | 009c2e8348dc85d89095d9d52a061f40 | HTML document, ASCII text | |||
kapitel5.html | f9e471370359c6348e1db8589748ecef | HTML document, ASCII text | |||
kapitel1.html | 36ba6fbf71b41acf1bb2c73d26ff4060 | HTML document, ASCII text, with CR line terminators | |||
kapitel3.html | f096efbc305dc0085e45867f91fff452 | HTML document, ASCII text | |||
csrf-formular.html | 1fe2a7c7078dc0f0313cd30cad8b29d6 | HTML document, ASCII text, with CR line terminators | |||
ziel.html | 77b6dfd2dc55193b1b63d94db0d42a71 | HTML document, ASCII text, with CR line terminators | |||
demo.html | 00bbe122621f157b53651537db924609 | HTML document, ASCII text | |||
demo2.html | b731e29ae671d918bca9883c9b386b2a | HTML document, ASCII text | |||
formular-angriff.html | b4b4c987075a01e0650edfe05da3dc5c | HTML document, ASCII text, with CR line terminators | |||
csrf-img-tag.html | 3f96f96eda397f51f3b581088abe436a | HTML document, ASCII text, with CR line terminators | |||
kapitel10.html | db1a3da6c42c38ae31d8cb5630dae5f4 | HTML document, ASCII text | |||
orkut-code.html | fd64558cc1762b037437957039424790 | HTML document, ASCII text | |||
yamanner.html | 94ec0164572ff01e3146ab086251f15c | HTML document, ASCII text, with CR line terminators | |||
onload.svg | 675c4719021bb185a7c7cbc308a49a24 | SVG Scalable Vector Graphics image | |||
valides-xss-mit-Bild.svg | 9066e6c1ba5c282b2bce3fa9a543a689 | SVG Scalable Vector Graphics image | |||
yamanner-code.html | 0b33ff634d1df34b438daf5d81365686 | HTML document, ASCII text, with CR line terminators | |||
samy-code.html | dd4ed155e8c40f1464eeeda179cff2c6 | HTML document, ASCII text, with very long lines (343) | |||
onclick.svg | 06c33a47c8b354dfb75f267bfd182db9 | SVG Scalable Vector Graphics image | |||
cookie-sammler.php.txt | da8eb44fbb85da7c46cf690458b4671e | PHP script, ASCII text | |||
scanner2.html | 656cf68c26d5b2ac4bb3810528dcdcc1 | HTML document, Non-ISO extended-ASCII text, with CR line terminators | |||
valides-xss.svg | 825f192cb29dc67944e4bcdc8070044b | SVG Scalable Vector Graphics image | |||
samy.html | cdc851eb01325c230cd4c036578f694e | HTML document, ASCII text | |||
scanner.html | b180c576cb3a4df076ed537ea6a64358 | HTML document, ASCII text, with CR line terminators | |||
orkut.html | edcfd05b9621726bc27bdb8dbaebb003 | HTML document, ASCII text, with CR line terminators | |||
kapitel6.html | 5ad1e961364fe111fc84cd171a78e3be
| HTML document, ASCII text, with very long lines (321), with CR line terminators | |||
kapitel7.html | ed1cd0afc2accbd16df413a9b713dad5 | HTML document, ASCII text | |||
kapitel2.html | d58f12a0280ff8bd00458943ad2f2d5e | HTML document, ASCII text, with CR line terminators | |||
app-tar-gz-hier-rein.txt | 7b69f2bce5a6f7cb465502c39e22d46e | ASCII text, with no line terminators | |||
index-php.txt | 04c6f8aba441974065a0007c2beaa6fa | exported SGML document, ASCII text | |||
backend-index-php.txt | ca6e6cff159ca8f23d588978348c8e47 | exported SGML document, ASCII text | |||
lustig.gif | fb0139ad8411e688044daacc92db05fe | GIF image data, version 89a, 74 x 56 | |||
pwnedinfo.gif | 3c9ecdfc1ba136aea20beee1767ed819 | GIF image data, version 89a, 219 x 59 | |||
traurig.gif | 5f82f703a16eb18d81584d4dc7d7069d | GIF image data, version 89a, 82 x 85 | |||
ironisch.gif | 2a75988096d1e0ce36e9d406472d58ca | GIF image data, version 89a, 101 x 133 | |||
Avatar-Bilder.tar.gz | 54ab711d92bb0bbe8f16bee12e659b73 | gzip compressed data, last modified: Tue Oct 9 08:41:11 2018, from Unix |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | |||||||
---|---|---|---|---|---|---|---|---|---|---|
s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip | 52.218.101.139 | 200 OK | 146 kB | |||||||
Detections
HTTP Headers
| ||||||||||