Report - www.sibrax.com.br/atualiza/backup.zip?r=

Report Overview

Submitted URL
www.sibrax.com.br/atualiza/backup.zip?r=
IP
18.231.36.74
ASN
#16509 AMAZON-02
Submitted
2024-04-18 00:26:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
7

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.sibrax.com.br	unknown	2004-06-17	2013-11-14	2024-04-16	410 B	7.1 MB	18.231.36.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.sibrax.com.br/atualiza/backup.zip?r=
IP
18.231.36.74
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.1 MB (7085081 bytes)
Hash
159d0b7c4646632eadd6c47ea39fecbc
65b6cead9bf21ee540cc7c63413daba3496e8840
6f707255a46659809da18f40709407f0ff9f4963008a3fe98d8956760641af14

Archive (24)

Filename

Md5

File type

backup.exe

bb055186c34f683776978a3e7e734f3e

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

bz2.pyd

a95c5057677f782fbb84735f75237e22

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

cwrsync.cmd

97b61991e9c607afd9205fae30dfd8a9

DOS batch file, ASCII text, with CRLF line terminators

cygcrypto-1.0.0.dll

d3aa5c72d3447befc0d1c9b6d126d450

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

cyggcc_s-1.dll

72900043b2a4bcd3c4bc945c451ea9d1

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

cygiconv-2.dll

87f2a8774017f22bc04026031f241054

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

cygssp-0.dll

d228c266f9b7b53f5b439aab184dbb1e

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

cygwin1.dll

227af1af3dfa1b0fa8dc28e196318083

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 13 sections

cygz.dll

fa05af55d93012dbd920fc5f29f23d32

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 9 sections

gbak-1.5.exe

88f7b0d206834d10e057341de10d5555

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

gbak-2.5.exe

2049e0068515b46cedeeb14516d4aefc

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

know_hosts

49d1e840151f31b153e25cf23dfa9879

ASCII text

library.zip

a61ce891535fd7bfe17ca0328da3ec2d

Zip archive data, at least v2.0 to extract, compression method=store

MSVCR71.dll

ca2f560921b7b8be1cf555a5a18d54c3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

python25.dll

5d3aae05ae3101b161331ae5d8cf8b13

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

rsync.exe

33f86945ce1ad2070c2950382d904063

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 5 sections

select.pyd

bb404bd0e12162369fdcda668f99d722

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

ssh-keygen.exe

7b8e272399ab5dbf9a53c267fe2dbde7

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

ssh.exe

5b8644f7bc301d5ce8cfcf631b8c8f03

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

unicodedata.pyd

7791a75b16fc346ac2299dae94123d54

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

w9xpopen.exe

cb59224ec3079a895b7f60cce0374677

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

_hashlib.pyd

763b7fddd748d67a1e9d2b7e52bb41de

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_socket.pyd

9b3d4e11d48fac49051af8aca44af5cc

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

_ssl.pyd

dd2444f0dfe1cfbce561652bd4ba77f3

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.sibrax.com.br/atualiza/backup.zip?r=	18.231.36.74	200 OK	7.1 MB
URL User Request GET HTTP/1.1 www.sibrax.com.br/atualiza/backup.zip?r= IP 18.231.36.74:80 ASN #16509 AMAZON-02 File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 7.1 MB (7085081 bytes) Hash 159d0b7c4646632eadd6c47ea39fecbc 65b6cead9bf21ee540cc7c63413daba3496e8840 6f707255a46659809da18f40709407f0ff9f4963008a3fe98d8956760641af14 HTTP Headers `GET /atualiza/backup.zip?r= HTTP/1.1 Host: www.sibrax.com.br User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 00:26:02 GMT Content-Type: application/zip Content-Length: 7085081 Connection: keep-alive Server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 Last-Modified: Thu, 19 Sep 2019 18:46:57 GMT ETag: "6c1c19-592ec60c53dd9" Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT`

www.sibrax.com.br/atualiza/backup.zip?r=

18.231.36.74

200 OK

7.1 MB

URL User Request GET HTTP/1.1
www.sibrax.com.br/atualiza/backup.zip?r=
IP
18.231.36.74:80
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.1 MB (7085081 bytes)
Hash
159d0b7c4646632eadd6c47ea39fecbc
65b6cead9bf21ee540cc7c63413daba3496e8840
6f707255a46659809da18f40709407f0ff9f4963008a3fe98d8956760641af14

HTTP Headers

GET /atualiza/backup.zip?r= HTTP/1.1
Host: www.sibrax.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 00:26:02 GMT
Content-Type: application/zip
Content-Length: 7085081
Connection: keep-alive
Server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40
Last-Modified: Thu, 19 Sep 2019 18:46:57 GMT
ETag: "6c1c19-592ec60c53dd9"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers