Report - s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip

Report Overview

Submitted URL
s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip
IP
52.218.98.139
ASN
#16509 AMAZON-02
Submitted
2024-04-19 07:48:18
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s3-eu-west-1.amazonaws.com	unknown	2005-08-18	2017-03-24	2024-03-26	544 B	146 kB	52.218.101.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip
IP
52.218.101.139
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
146 kB (145932 bytes)
Hash
6dd9fc220b4400c205ec2be1dc44576c
690c8cfcda4abf150215adb100fff58d7814dc8d
c5dd2b67d85a07a1857119821f758083b028cdc3f9a5fcc4ccb453a09c1bc85d

Archive (94)

Filename

Md5

File type

hacking-index.html

6d5c92943e7ea484a1687442aba94fdb

HTML document, ASCII text, with CR line terminators

dbconfig.inc

276ce031ca34252187b6b61efe83db4c

PHP script, ASCII text

mysqlfunktionen.inc

91807939b9790997efbecde80e1fad68

PHP script, ASCII text

config.inc

fb127004f35779ebb07ac6c60c7b8adb

PHP script, ASCII text

en.inc

87f8253a32c1f52aa87d96c0808b1ad1

PHP script, ASCII text, with very long lines (333)

de.inc

85ae6082093411cae1e0c17c093cc575

PHP script, ASCII text, with very long lines (361)

config.txt

75ad005ebd5927bfcd7f8ab3ae224944

PHP script, ASCII text

avatar.inc

fef872fedea30c12843f4ce81b827f73

PHP script, ASCII text

mail.txt

d41d8cd98f00b204e9800998ecf8427e

kontakt.php

bcd3d609e6b918fcc312ed3614d4efbc

HTML document, ASCII text

index.php

92ec8776f362c154c406ca8097454b81

JavaScript source, Unicode text, UTF-8 text

plugin2.php

c26cb32650851cc5620f25796fa9b021

HTML document, ASCII text

plugin.php

f5876fe2be2c9eac8d7853dea623fa57

PHP script, ASCII text

lfi.php

e409cef0eff7afbc98aa6e986b40aec0

HTML document, ASCII text

empfehle.php

1151bd07da3de24eeed150e0d27d0948

HTML document, ASCII text

1.gif

3c9ecdfc1ba136aea20beee1767ed819

GIF image data, version 89a, 219 x 59

2.gif

5f82f703a16eb18d81584d4dc7d7069d

GIF image data, version 89a, 82 x 85

index.php

bda1f379b2dc058e1a238a61a02763f2

JavaScript source, ASCII text

htaccess-Backup

8d49dc49d7a600bf947514dc1dc0bd22

ASCII text

index.php

7708a171d49f5fb35d1cb4ecc3609d7b

JavaScript source, Unicode text, UTF-8 text

.htaccess

8d49dc49d7a600bf947514dc1dc0bd22

ASCII text

ping.php

60048505e141004a0b087a1f49cdb96e

HTML document, ASCII text

.htpasswd

e57d9077d7d79a3b5b7905be08ed7049

ASCII text

htpasswd-Backup

e57d9077d7d79a3b5b7905be08ed7049

ASCII text

htaccess-Backup

8d49dc49d7a600bf947514dc1dc0bd22

ASCII text

htpasswd-Backup

e57d9077d7d79a3b5b7905be08ed7049

ASCII text

install.php

808b024551d33f076a0cf86d5cc3b6aa

JavaScript source, ASCII text

style.css

786c182b8db31b0eb36709609fbe5e1a

ASCII text

kontakt-html5.php

fab408c3ac211c736da9f2822fe9bfab

HTML document, ASCII text

config.inc

49b163c9f8c9f47e4c7f94bd4b7a5b21

PHP script, ASCII text

en.inc

87f8253a32c1f52aa87d96c0808b1ad1

PHP script, ASCII text, with very long lines (333)

de.inc

947cae79f03b031ff468e5015fa12f29

PHP script, ASCII text, with very long lines (363)

config.txt

fc0ddf741021b96cdaec30b700b2be1a

PHP script, ASCII text

avatar.inc

3334288aa98a88a92846d53e5604460e

PHP script, ASCII text

mail.txt

2ae2c241c028318c6e6052656a7ae593

ASCII text, with CRLF, LF line terminators

kontakt.php

daa1013f81f77191bf700a3cd87911eb

HTML document, ASCII text

index.php

ab524b7048c876c928b546a50eb2e7a5

JavaScript source, Unicode text, UTF-8 text

plugin2.php

3b75d6aa8cdc0f05421d746c02ef5b62

HTML document, ASCII text

plugin.php

018ce54b65573cdf1061e8e61bf32aac

PHP script, ASCII text

lfi.php

49fbb2cb4856835f3771a1ea1d02d7e2

HTML document, ASCII text

empfehle.php

9fb617af4b0081e9bf4a191f3b7eccc8

HTML document, ASCII text

1.gif

fb0139ad8411e688044daacc92db05fe

GIF image data, version 89a, 74 x 56

2.gif

5f82f703a16eb18d81584d4dc7d7069d

GIF image data, version 89a, 82 x 85

index.php

3267970bf7317e48fd703bf473121218

JavaScript source, ASCII text

htaccess-Backup

f74c75a672dee4da8cc38830c3089a9c

ASCII text

index.php

48489d4194d491b2b3891fac7caac2a6

JavaScript source, Unicode text, UTF-8 text

.htaccess

f74c75a672dee4da8cc38830c3089a9c

ASCII text

ping.php

9145fc2b03f726daaa6e1d1a05d613be

HTML document, ASCII text

.htpasswd

771e06ef3848d3ec0e78d022a5a2d11d

ASCII text

htpasswd-Backup

771e06ef3848d3ec0e78d022a5a2d11d

ASCII text

.htaccess

f74c75a672dee4da8cc38830c3089a9c

ASCII text

.htpasswd

771e06ef3848d3ec0e78d022a5a2d11d

ASCII text

install.php

f2b4898bf703cfae0ed92f1c66d80575

JavaScript source, ASCII text

kontakt-html5.php

81b7c9a7321032364f3dccc2efd7111e

HTML document, ASCII text

beta.png

c37cb14b1e78586cf62f553e075ecc30

PNG image data, 900 x 300, 8-bit/color RGB, non-interlaced

error.php

4bf8c74419a30ebc1616796729f99d14

PHP script, Unicode text, UTF-8 text

kapitel8.html

8007f71c8878fe65b22683b32688f73f

HTML document, ASCII text

kapitel4.html

b8fb82482f0f0add649a12a7853c7d94

HTML document, ASCII text

kapitel9.html

8ed46f2c644bb3c01cf2971a917eb050

HTML document, ASCII text, with very long lines (316)

kapitel11.html

009c2e8348dc85d89095d9d52a061f40

HTML document, ASCII text

kapitel5.html

f9e471370359c6348e1db8589748ecef

HTML document, ASCII text

kapitel1.html

36ba6fbf71b41acf1bb2c73d26ff4060

HTML document, ASCII text, with CR line terminators

kapitel3.html

f096efbc305dc0085e45867f91fff452

HTML document, ASCII text

csrf-formular.html

1fe2a7c7078dc0f0313cd30cad8b29d6

HTML document, ASCII text, with CR line terminators

ziel.html

77b6dfd2dc55193b1b63d94db0d42a71

HTML document, ASCII text, with CR line terminators

demo.html

00bbe122621f157b53651537db924609

HTML document, ASCII text

demo2.html

b731e29ae671d918bca9883c9b386b2a

HTML document, ASCII text

formular-angriff.html

b4b4c987075a01e0650edfe05da3dc5c

HTML document, ASCII text, with CR line terminators

csrf-img-tag.html

3f96f96eda397f51f3b581088abe436a

HTML document, ASCII text, with CR line terminators

kapitel10.html

db1a3da6c42c38ae31d8cb5630dae5f4

HTML document, ASCII text

orkut-code.html

fd64558cc1762b037437957039424790

HTML document, ASCII text

yamanner.html

94ec0164572ff01e3146ab086251f15c

HTML document, ASCII text, with CR line terminators

onload.svg

675c4719021bb185a7c7cbc308a49a24

SVG Scalable Vector Graphics image

valides-xss-mit-Bild.svg

9066e6c1ba5c282b2bce3fa9a543a689

SVG Scalable Vector Graphics image

yamanner-code.html

0b33ff634d1df34b438daf5d81365686

HTML document, ASCII text, with CR line terminators

samy-code.html

dd4ed155e8c40f1464eeeda179cff2c6

HTML document, ASCII text, with very long lines (343)

onclick.svg

06c33a47c8b354dfb75f267bfd182db9

SVG Scalable Vector Graphics image

cookie-sammler.php.txt

da8eb44fbb85da7c46cf690458b4671e

PHP script, ASCII text

scanner2.html

656cf68c26d5b2ac4bb3810528dcdcc1

HTML document, Non-ISO extended-ASCII text, with CR line terminators

valides-xss.svg

825f192cb29dc67944e4bcdc8070044b

SVG Scalable Vector Graphics image

samy.html

cdc851eb01325c230cd4c036578f694e

HTML document, ASCII text

scanner.html

b180c576cb3a4df076ed537ea6a64358

HTML document, ASCII text, with CR line terminators

orkut.html

edcfd05b9621726bc27bdb8dbaebb003

HTML document, ASCII text, with CR line terminators

kapitel6.html

5ad1e961364fe111fc84cd171a78e3be

HTML document, ASCII text, with very long lines (321), with CR line terminators

kapitel7.html

ed1cd0afc2accbd16df413a9b713dad5

HTML document, ASCII text

kapitel2.html

d58f12a0280ff8bd00458943ad2f2d5e

HTML document, ASCII text, with CR line terminators

app-tar-gz-hier-rein.txt

7b69f2bce5a6f7cb465502c39e22d46e

ASCII text, with no line terminators

index-php.txt

04c6f8aba441974065a0007c2beaa6fa

exported SGML document, ASCII text

backend-index-php.txt

ca6e6cff159ca8f23d588978348c8e47

exported SGML document, ASCII text

lustig.gif

fb0139ad8411e688044daacc92db05fe

GIF image data, version 89a, 74 x 56

pwnedinfo.gif

3c9ecdfc1ba136aea20beee1767ed819

GIF image data, version 89a, 219 x 59

traurig.gif

5f82f703a16eb18d81584d4dc7d7069d

GIF image data, version 89a, 82 x 85

ironisch.gif

2a75988096d1e0ce36e9d406472d58ca

GIF image data, version 89a, 101 x 133

Avatar-Bilder.tar.gz

54ab711d92bb0bbe8f16bee12e659b73

gzip compressed data, last modified: Tue Oct 9 08:41:11 2018, from Unix

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
VirusTotal	suspicious	VirusTotal - Scan result 10/60

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip

52.218.101.139

200 OK

146 kB

URL User Request GET HTTP/1.1
s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip
IP
52.218.101.139:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.s3-eu-west-1.amazonaws.com
Fingerprint49:42:4E:99:9B:99:CB:89:18:03:B0:67:44:1E:3F:5D:9A:CD:21:1C
ValidityWed, 31 Jan 2024 00:00:00 GMT - Wed, 15 Jan 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
146 kB (145932 bytes)
Hash
6dd9fc220b4400c205ec2be1dc44576c
690c8cfcda4abf150215adb100fff58d7814dc8d
c5dd2b67d85a07a1857119821f758083b028cdc3f9a5fcc4ccb453a09c1bc85d

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 10/60

HTTP Headers

GET /gxmedia.galileo-press.de/supplements/4306/978-3-8362-4460-2.zip HTTP/1.1
Host: s3-eu-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: WGS1lQZZetRpt9gCNulr7/vlwd2LMTRHJ3WfZRqOSffd3ltYTZC8+Y7rViCktI6PC8AwPoHmKtU=
x-amz-request-id: HDJVYY9QN6YV8HKD
Date: Fri, 19 Apr 2024 07:47:53 GMT
Last-Modified: Fri, 14 Dec 2018 08:06:19 GMT
ETag: "6dd9fc220b4400c205ec2be1dc44576c"
Accept-Ranges: bytes
Content-Type: application/x-zip-compressed
Server: AmazonS3
Content-Length: 145932

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (94)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers