Report - foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip

Report Overview

Submitted URL
foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip
IP
95.216.102.230
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-05 07:08:32
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
foxlap.com	unknown	2023-03-13	2019-07-04	2021-02-01	523 B	7.4 MB	95.216.102.230

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip
IP
95.216.102.230
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.3 MB (7349829 bytes)
Hash
094dfb4953f422768a468bd716092036
eec199c0f7fa4a8f81d709f7ff6d02db43906e6b
9c0712867b2a23dbf85af321012119a5ff6518bb81c088a9e14b9e98e44ba0a0

Archive (8)

Filename

Md5

File type

boot_app0.bin

e6327541e2dc394ca2c3b3280ac0f39f

data

esptool.exe

1efd03ea3cba3849df48a6143b810f22

PE32+ executable (console) x86-64, for MS Windows, 7 sections

flash_firmware.bat

ec111ba99d28ccb3b70c6f0c364fa1cf

DOS batch file, ASCII text, with CRLF line terminators

foxlap.DIY.bootloader.bin

33cdbb00ef06d04b5973d759f6473e06

DOS executable (COM), start instruction 0xe903022f f0050840

foxlap.DIY.partitions.bin

2ddc2d5f85b2c5288013adbe45d9cb7b

data

license.txt

45fec0acfb312264d1869a97dd052e39

ASCII text, with CRLF line terminators

version.txt

a2daed94462b4c994ad1c312643ebcb2

ASCII text, with CRLF line terminators

foxlap.DIY.bin

c27a6aab172d22249a3f14a373ef7efc

DOS executable (COM), start instruction 0xe906022f 94300840

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Size
	foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip	95.216.102.230	7.3 MB
URL foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip IP 95.216.102.230:0 ASN #24940 Hetzner Online GmbH File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 7.3 MB (7349829 bytes) Hash 094dfb4953f422768a468bd716092036 eec199c0f7fa4a8f81d709f7ff6d02db43906e6b 9c0712867b2a23dbf85af321012119a5ff6518bb81c088a9e14b9e98e44ba0a0 HTTP Headers GET /tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip HTTP/1.1 Host: foxlap.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Sun, 05 May 2024 07:08:06 GMT Server: Apache/2.4.25 (Debian) Last-Modified: Wed, 17 Apr 2024 14:51:05 GMT ETag: "702645-6164bfbf1047d" Accept-Ranges: bytes Content-Length: 7349829 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/zip`

foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip

95.216.102.230

7.3 MB

URL
foxlap.com/tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip
IP
95.216.102.230:0
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.3 MB (7349829 bytes)
Hash
094dfb4953f422768a468bd716092036
eec199c0f7fa4a8f81d709f7ff6d02db43906e6b
9c0712867b2a23dbf85af321012119a5ff6518bb81c088a9e14b9e98e44ba0a0

HTTP Headers

GET /tutorials/wp-content/uploads/2024/01/foxlap-DIY-v1.1-1.zip HTTP/1.1
Host: foxlap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 07:08:06 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Wed, 17 Apr 2024 14:51:05 GMT
ETag: "702645-6164bfbf1047d"
Accept-Ranges: bytes
Content-Length: 7349829
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

HTTP Headers