Report - s3.amazonaws.com/scriptbase/bin/sbase.zip

Report Overview

Submitted URL
s3.amazonaws.com/scriptbase/bin/sbase.zip
IP
52.217.46.206
ASN
#16509 AMAZON-02
Submitted
2024-04-24 11:38:46
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s3.amazonaws.com	unknown	2005-08-18	2020-05-13	2024-03-23	495 B	7.9 MB	52.217.140.176

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s3.amazonaws.com/scriptbase/bin/sbase.zip
IP
52.217.140.176
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.9 MB (7896692 bytes)
Hash
274e2fc16e919101b0cda3a6548e90cc
088a0709adb47ae4cab1d3d934337b56d7f16ee3
e7263802bc1d927054003a2a0e7c58c270c6d2098a32df3fc1784d759afbbee4

Archive (7)

Filename

Md5

File type

LearnReportBuilder.pdf

7496ac902e4e6bf64181f64461e47fe1

PDF document, version 1.4, 19 pages

LocalSettings.ini

9ce40fe426335f8abb5bfcf8d8be40f4

ASCII text, with no line terminators

sbase.chm

69447d2d61d30e886bdb7903340c91f5

MS Windows HtmlHelp Data

sbase.chw

abc75162d93fb14d8377d107410fd429

MS Windows HtmlHelp Data

sbase.cnt

4093956717c006b766755ac02ccf33d8

ASCII text, with CRLF line terminators

sbase.exe

767b22af40f679ab31595719640c4c57

PE32 executable (GUI) Intel 80386, for MS Windows, 9 sections

sbase.hlp

2aa1edeec8e62cd926c7a965fbc5ccb0

MS Windows 3.1 help, Tue Nov 30 14:50:04 2021, 151197 bytes

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	s3.amazonaws.com/scriptbase/bin/sbase.zip	52.217.140.176	200 OK	7.9 MB
URL User Request GET HTTP/1.1 s3.amazonaws.com/scriptbase/bin/sbase.zip IP 52.217.140.176:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subjects3.amazonaws.com Fingerprint82:A2:80:27:89:C3:32:0E:1E:77:2D:6F:F3:3D:19:D3:97:36:BC:7C ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 11 Jan 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 7.9 MB (7896692 bytes) Hash 274e2fc16e919101b0cda3a6548e90cc 088a0709adb47ae4cab1d3d934337b56d7f16ee3 e7263802bc1d927054003a2a0e7c58c270c6d2098a32df3fc1784d759afbbee4 HTTP Headers `GET /scriptbase/bin/sbase.zip HTTP/1.1 Host: s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: NuSj21XsVTbDPdKn4OUJWPxtVQ0zJAMujFPyD14Ka6Y0IMEoIFGBXSa85wog6eIkX7URJ7vAgus= x-amz-request-id: DC3J2EW2ZJDB11QT Date: Wed, 24 Apr 2024 11:38:17 GMT Last-Modified: Fri, 24 Mar 2023 11:56:32 GMT ETag: "274e2fc16e919101b0cda3a6548e90cc" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/zip Server: AmazonS3 Content-Length: 7896692`

s3.amazonaws.com/scriptbase/bin/sbase.zip

52.217.140.176

200 OK

7.9 MB

URL User Request GET HTTP/1.1
s3.amazonaws.com/scriptbase/bin/sbase.zip
IP
52.217.140.176:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjects3.amazonaws.com
Fingerprint82:A2:80:27:89:C3:32:0E:1E:77:2D:6F:F3:3D:19:D3:97:36:BC:7C
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 11 Jan 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.9 MB (7896692 bytes)
Hash
274e2fc16e919101b0cda3a6548e90cc
088a0709adb47ae4cab1d3d934337b56d7f16ee3
e7263802bc1d927054003a2a0e7c58c270c6d2098a32df3fc1784d759afbbee4

HTTP Headers

GET /scriptbase/bin/sbase.zip HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: NuSj21XsVTbDPdKn4OUJWPxtVQ0zJAMujFPyD14Ka6Y0IMEoIFGBXSa85wog6eIkX7URJ7vAgus=
x-amz-request-id: DC3J2EW2ZJDB11QT
Date: Wed, 24 Apr 2024 11:38:17 GMT
Last-Modified: Fri, 24 Mar 2023 11:56:32 GMT
ETag: "274e2fc16e919101b0cda3a6548e90cc"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/zip
Server: AmazonS3
Content-Length: 7896692

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers