Report - lilith.halfmoon.jp/obake.zip

Report Overview

Submitted URL
lilith.halfmoon.jp/obake.zip
IP
112.78.112.179
ASN
#9371 SAKURA Internet Inc.
Submitted
2024-04-23 12:30:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lilith.halfmoon.jp	unknown	2004-06-28	2013-07-21	2023-09-15	482 B	15 MB	112.78.112.179

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
lilith.halfmoon.jp/obake.zip
IP
112.78.112.179
ASN
#9371 SAKURA Internet Inc.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (15011167 bytes)
Hash
ec4a0ccb6a9389d6305a21c2975037ac
e007b138da3967f8b33bb20bc6bbfc3f254f5a2d
1b99d320bc9e2ea0665636842ff7c50bef9d09c7580d64cd5f92f0df5d9aa21d

Archive (6)

Filename

Md5

File type

Config.exe

cb9844bc9490edaf4571e1f04c2033c9

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Game.exe

3230c0ad9d8e83bd4967c2f57bc34559

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

GuruguruSMF4.dll

536ad3b38076056e0c4803e42c291b3f

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Game.ini

b6bbee5d3249a66a6af0d34c6d4395f9

Non-ISO extended-ASCII text, with CRLF line terminators

Data.wolf

81df7dc2d1ace3744c1774cf2cd49fe8

data

��상��.txt

beb84223374bee32a08de81349f6de22

Non-ISO extended-ASCII text, with CRLF, NEL line terminators

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	lilith.halfmoon.jp/obake.zip	112.78.112.179	200 OK	15 MB
URL User Request GET HTTP/2 lilith.halfmoon.jp/obake.zip IP 112.78.112.179:443 ASN #9371 SAKURA Internet Inc. Certificate IssuerGehirn Inc. Subject.sakura.ne.jp FingerprintEE:67:85:3C:D1:34:80:35:6D:55:A8:7A:45:D5:55:E6:18:05:BA:F4 ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 29 May 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 15 MB (15011167 bytes) Hash ec4a0ccb6a9389d6305a21c2975037ac e007b138da3967f8b33bb20bc6bbfc3f254f5a2d 1b99d320bc9e2ea0665636842ff7c50bef9d09c7580d64cd5f92f0df5d9aa21d HTTP Headers `GET /obake.zip HTTP/1.1 Host: lilith.halfmoon.jp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Tue, 23 Apr 2024 12:29:52 GMT content-type: application/zip content-length: 15011167 last-modified: Fri, 11 Mar 2016 05:57:54 GMT etag: "e50d5f-52dbf9caadc80" accept-ranges: bytes X-Firefox-Spdy: h2`

lilith.halfmoon.jp/obake.zip

112.78.112.179

200 OK

15 MB

URL User Request GET HTTP/2
lilith.halfmoon.jp/obake.zip
IP
112.78.112.179:443
ASN
#9371 SAKURA Internet Inc.

Certificate
IssuerGehirn Inc.
Subject*.sakura.ne.jp
FingerprintEE:67:85:3C:D1:34:80:35:6D:55:A8:7A:45:D5:55:E6:18:05:BA:F4
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 29 May 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
15 MB (15011167 bytes)
Hash
ec4a0ccb6a9389d6305a21c2975037ac
e007b138da3967f8b33bb20bc6bbfc3f254f5a2d
1b99d320bc9e2ea0665636842ff7c50bef9d09c7580d64cd5f92f0df5d9aa21d

HTTP Headers

GET /obake.zip HTTP/1.1
Host: lilith.halfmoon.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 23 Apr 2024 12:29:52 GMT
content-type: application/zip
content-length: 15011167
last-modified: Fri, 11 Mar 2016 05:57:54 GMT
etag: "e50d5f-52dbf9caadc80"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers