Report - phoenixminer.info/downloads/PhoenixMiner_6.1b

Report Overview

Submitted URL
phoenixminer.info/downloads/PhoenixMiner_6.1b_Windows.zip
IP
185.66.89.249
ASN
#30860 Virtual Systems LLC
Submitted
2024-05-08 01:12:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
phoenixminer.info	467184	2021-03-10	2021-03-10	2024-04-12	511 B	5.4 MB	185.66.89.249

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
phoenixminer.info/downloads/PhoenixMiner_6.1b_Windows.zip
IP
185.66.89.249
ASN
#30860 Virtual Systems LLC

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.4 MB (5406401 bytes)
Hash
6b169bd36d30535bce1ce6c1d21d7093
193c795a6b99dcc9a6cb7abd9594c551d8ad771b
2d262b61e1dcf8d00f66390def6b835265bc44f71d26ac5dfa21cd140fa0ddd4

Archive (44)

Filename

Md5

File type

config.txt

7be2dbfa0ea8411903f9da88b6f32317

ASCII text, with CRLF line terminators

API.html

aeb6d4e435b5ace46bb5ea1102b5ab9d

HTML document, Unicode text, UTF-8 text, with very long lines (1055), with CRLF line terminators

arguments.html

d00b30183558b764fa3ba27fa08c1453

HTML document, Unicode text, UTF-8 text, with very long lines (2007), with CRLF line terminators

config-files.html

0d65eb7f4f9077d934a72b05a88b2717

HTML document, Unicode text, UTF-8 text, with very long lines (394), with CRLF line terminators

faq.html

50b36d5ccd49360cb07b0f43c3001c60

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

features.html

71f2ac49b15fad246485920917433ca2

HTML document, Unicode text, UTF-8 text, with very long lines (403), with CRLF line terminators

genindex.html

aaba63547676427a93c3265f2db8b2a8

JavaScript source, ASCII text, with CRLF line terminators

hw-control.html

30e1c5124c0fec080b5b4ab9181c0e61

HTML document, Unicode text, UTF-8 text, with very long lines (478), with CRLF line terminators

index.html

6fab1554c8e20c9e9e5ecdcc9d82dea3

HTML document, ASCII text, with CRLF line terminators

interactive.html

45b2d0770d7abb845715dd8f4a7d46c9

HTML document, Unicode text, UTF-8 text, with very long lines (869), with CRLF line terminators

intro.html

1ac302c5d8e64ca86de6ef1fd4aa53b0

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

quick-start.html

25679633a34d12f1d96fe2b081d8f75c

HTML document, Unicode text, UTF-8 text, with very long lines (476), with CRLF line terminators

remote.html

0a7df40f3a6a1b6b12cac959610214db

JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators

search.html

f6b295e2faf904e7ba7453df6e6ad4ef

JavaScript source, ASCII text, with CRLF line terminators

searchindex.js

935d45d486382e5429da0638a03856d6

ASCII text, with very long lines (14241), with no line terminators

troubleshooting.html

3c85b5b9888efbadd3be652f10885985

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

basic.css

74959365a001bef5b1784c3028654536

ASCII text, with CRLF line terminators

badge_only.css

73352185a4fadd4d3b6990d42aded2a7

Unicode text, UTF-8 (with BOM) text, with very long lines (3367)

theme.css

5181601063f49bf210d1e544fbed09de

Unicode text, UTF-8 text, with very long lines (58598)

doctools.js

226eae3f0a364b5cacb1c083ce19c262

JavaScript source, ASCII text

documentation_options.js

83f4da8a5c94cf9cc7061a8754f66e83

ASCII text, with CRLF line terminators

file.png

ba0c95766a77a6c598a7ca542f1db738

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

fontawesome-webfont.ttf

b06871f281fee6b241d60582ae9369b9

TrueType Font data, 13 tables, 1st "FFTM", 24 names, Macintosh

jquery-3.4.1.js

11c05eb286ed576526bf4543760785b9

JavaScript source, ASCII text

jquery.js

220afd743d9e9643852e31a135a9f3ae

JavaScript source, ASCII text, with very long lines (65451)

modernizr.min.js

42306a279a9e831515347ae319181cd1

JavaScript source, ASCII text, with very long lines (14756)

theme.js

2ed16d9d17fd262dbb5e37d2357761be

JavaScript source, ASCII text, with very long lines (4336)

language_data.js

7cc2ab7bf8d84cd775fb2655b5c1c5c9

JavaScript source, ASCII text, with CRLF line terminators

minus.png

36b1a4b05451c7acde7ced60b2f6bc21

PNG image data, 11 x 11, 8-bit grayscale, non-interlaced

plus.png

0d7849fd4d4148b7f78cab60a087633a

PNG image data, 11 x 11, 8-bit grayscale, non-interlaced

pygments.css

aef7931044a13463a2bb487ac680bc33

ASCII text, with CRLF line terminators

searchtools.js

f98c7c175b3a76034fb2b8d0039729c8

JavaScript source, ASCII text

underscore-1.3.1.js

4eb64db36175fefa3e36b9e57606512c

JavaScript source, ASCII text

underscore.js

b538b8a3ed2c5519b19409eace25c38b

JavaScript source, ASCII text, with very long lines (522)

dpools.txt

25c2e29ae4ec60560cf9f43a2f46f91d

ASCII text, with CRLF line terminators

EIO.dll

535d726e60039ab367310081ba9dc8ff

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

EIO.exe

2d9d28d2c05d9057fb3d6549230a7f40

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

epools_example.txt

350238cf337366c8e2c64f956bc6b609

ASCII text, with CRLF line terminators

IOMap64.sys

58f3637bd3affa7e55d6b9796f0fc6a8

PE32+ executable (native) x86-64, for MS Windows, 6 sections

PhoenixMiner.exe

e9beb81af6df8bd725ef6cf2d4e478d2

PE32+ executable (console) x86-64, for MS Windows, 8 sections

Readme.txt

d2a86db81360bfe23a586f957ac34331

Unicode text, UTF-8 text, with CRLF line terminators

ReleaseNotes.txt

c6118aab1ee179f872db8bf9f9e7775a

ASCII text, with very long lines (335), with CRLF line terminators

start_miner.bat

729053729653980b816e7d7ef9ad113f

ASCII text, with CRLF line terminators

start_miner_etc.bat

8d49113df3b146156114662cef624061

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
VirusTotal	malicious	VirusTotal - Scan result 50/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

phoenixminer.info/downloads/PhoenixMiner_6.1b_Windows.zip

185.66.89.249

200 OK

5.4 MB

URL User Request GET HTTP/1.1
phoenixminer.info/downloads/PhoenixMiner_6.1b_Windows.zip
IP
185.66.89.249:443
ASN
#30860 Virtual Systems LLC

Certificate
IssuerLet's Encrypt
Subject*.phoenixminer.info
Fingerprint60:2E:5A:58:74:4A:4F:7B:A2:78:F6:F8:DF:48:BE:5B:A3:14:F4:86
ValidityWed, 17 Apr 2024 02:19:42 GMT - Tue, 16 Jul 2024 02:19:41 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.4 MB (5406401 bytes)
Hash
6b169bd36d30535bce1ce6c1d21d7093
193c795a6b99dcc9a6cb7abd9594c551d8ad771b
2d262b61e1dcf8d00f66390def6b835265bc44f71d26ac5dfa21cd140fa0ddd4

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 50/67

HTTP Headers

GET /downloads/PhoenixMiner_6.1b_Windows.zip HTTP/1.1
Host: phoenixminer.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 May 2024 01:12:04 GMT
Content-Type: application/zip
Content-Length: 5406401
Connection: keep-alive
Last-Modified: Mon, 11 Apr 2022 01:57:34 GMT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (44)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers