Report - webtronix.pages.dev/files/kiddions-LinkvertiseDownloader.zip

Report Overview

Submitted URL
webtronix.pages.dev/files/kiddions-LinkvertiseDownloader.zip
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 02:20:43
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webtronix.pages.dev	unknown	2020-09-02	2023-01-01	2024-04-16	514 B	2.1 MB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
webtronix.pages.dev/files/kiddions-LinkvertiseDownloader.zip
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
2.1 MB (2103015 bytes)
Hash
5201006de5dff34f97bdb40461b6038e
565b61285f6af18ffbef573efdee4c067ecc5e3d
da90aa139b0c4994ee1d862e827f23a36ba175335967f2efe3e778c34cddfc41

Archive (11)

Filename

Md5

File type

run_ca.bat

0d09b103bfdd942902418c76d12878df

DOS batch file, ASCII text, with CRLF line terminators

run_de.bat

2343c924740361598b5e719da474f967

DOS batch file, ASCII text, with CRLF line terminators

run_en.bat

bb4c5c5379610f8f99b400f67852f21b

DOS batch file, ASCII text, with CRLF line terminators

run_es.bat

bf13d224b72fda6e81ecece36f5700d4

DOS batch file, ASCII text, with CRLF line terminators

run_gb.bat

0f99a1400a1c269e7c5130e8092ca378

DOS batch file, ASCII text, with CRLF line terminators

run_it.bat

deb79115d2848c37fe08e37711797775

DOS batch file, ASCII text, with CRLF line terminators

run_ko.bat

1363340d6bfb7be813d7c1b02e4fbf65

DOS batch file, ASCII text, with CRLF line terminators

run_no.bat

0b1c18f75be8a7888c34c9cc3e6f4361

DOS batch file, ASCII text, with CRLF line terminators

run_pt.bat

d354b2b7d5ecd8a7275cdd0b0a83697a

DOS batch file, ASCII text, with CRLF line terminators

run_ru.bat

1363340d6bfb7be813d7c1b02e4fbf65

DOS batch file, ASCII text, with CRLF line terminators

kiddions - Linkvertise Downloader_GMM-Nn1.exe

0dc385fcb33ce4c34e7e045b4ed1c9b8

PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 41/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

webtronix.pages.dev/files/kiddions-LinkvertiseDownloader.zip

188.114.97.1

200 OK

2.1 MB

URL User Request GET HTTP/2
webtronix.pages.dev/files/kiddions-LinkvertiseDownloader.zip
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwebtronix.pages.dev
Fingerprint52:9D:6E:77:BC:13:6C:CF:20:71:44:E1:ED:23:0B:46:83:96:B5:99
ValidityTue, 16 Apr 2024 18:52:50 GMT - Mon, 15 Jul 2024 18:52:49 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
2.1 MB (2103015 bytes)
Hash
5201006de5dff34f97bdb40461b6038e
565b61285f6af18ffbef573efdee4c067ecc5e3d
da90aa139b0c4994ee1d862e827f23a36ba175335967f2efe3e778c34cddfc41

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 41/67

HTTP Headers

GET /files/kiddions-LinkvertiseDownloader.zip HTTP/1.1
Host: webtronix.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 02:20:17 GMT
content-type: application/zip
content-length: 2103015
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b0ec8c0b46c46d34c3f1eadfce96a1da"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FbWo95UVsX%2FUsB7AbvNhWTmfmFLx77ssnz6px9kMF84uVwAbYQmAcIh7png6IXU2yaPAJUp%2Focplx4m4m%2BL3QJ6pfi7hin%2BapCgOglsmXhOG4bUlX7OQS8eBYNZAUiqKtlUGWXx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a317bf3ba7b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2