Report - eblugh-ir-my.sbs/TNT.zip

Report Overview

Submitted URL
eblugh-ir-my.sbs/TNT.zip
IP
170.64.190.229
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-05-10 01:20:05
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eblugh-ir-my.sbs	unknown	unknown	No data	No data	478 B	3.2 MB	170.64.190.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
eblugh-ir-my.sbs/TNT.zip
IP
170.64.190.229
ASN
#14061 DIGITALOCEAN-ASN

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.2 MB (3199555 bytes)
Hash
03000af7281bc76a3dd95e70873e47d7
40e4943590c27a8376cacebd162063bc8bb4d184
ea2d14e40c5d5d4c07a42ebf71cde5ffcf8d9fc474dfd5e32a606b59b255dca3

Archive (19)

Filename

Md5

File type

JTOJzKPTGoO7nqQXGwpNk1TSpWOXfvghskFaCwAQHlo

e7ff2f2624ea3295972d5d6417ee1957

ASCII text, with no line terminators

J5iiMR2yepDagjZdXUNaMkojnC1BzOg4dBowbjF3nzg

860495550c327f767da6281c613167e8

ASCII text, with no line terminators

_wzzrykl81fh4yiW6KB2UVZk9fMWpXD_UFeqtE7aURU

154a1ada42c801d9d42b551f4e84384d

ASCII text, with no line terminators

jvLlA3SKZs6rjTdtAAWE5kzAOWhGp4MW2P_QFzwGI3M

f3590998c328f55a1062525c1da06d52

ASCII text, with no line terminators

L6Tc9VjpQ2ZrlyuirCO03hUuUpwimNL4Feb43Thn1ok

00b68a0c8ec8bcf40d9a74f67dcbbf1b

ASCII text, with no line terminators

XyBNWFitd9zfcXkSGNuQDS278_XFis_I5NTBJVdBntQ

20d20025bc97acbe55c5cea5ccf11e73

ASCII text, with no line terminators

adl.apk

88f91e05c3a68af9f9470249a09ffc9e

Android package (APK), with gradle app-metadata.properties Zip archive data, at least v0.0 to extract, compression method=deflate

app.php

88f478c569241955e464f99ab3ad938b

JavaScript source, Unicode text, UTF-8 text

appV.php

735ad0c6fc85a9f98cc1b96b9432abbe

PHP script, Unicode text, UTF-8 text

Byekan.ttf

860ad172ae5c052dea861911dc17b92a

TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 15 names, Microsoft, language 0x409, Copyright (c) 2019 by www.fontiran.com (Moslem Ebrahimi). All rights reserved.RegularIRANSans:Ve

cart.php

3fbb63bcbbf9a2779c0dd67aeb040d3b

JavaScript source, Unicode text, UTF-8 text

cartV.php

bd63a3ee92f5c5dc4930fe94ebe88230

PHP script, Unicode text, UTF-8 text

config.php

198b8062e4c3cf2d92769d5eaf30e101

PHP script, ASCII text

end.php

3dadfff6c4d02d8e66472c2d861d961f

PHP script, Unicode text, UTF-8 text

formV.php

bc0e27809129790e3cf3fd99bb5ca548

PHP script, Unicode text, UTF-8 text

image1.jpg

cda4d1bfd3945a81f07e516826223f14

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 610x458, components 3

index.php

c2ad159010b887260676f4bcaab75902

JavaScript source, Unicode text, UTF-8 text

otpV.php

2a28e5822df39f52e12f673fa50a731f

PHP script, Unicode text, UTF-8 text

sha.jpg

86e6f0ce318021ed680635df7e543855

JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=511, orientation=upper-left, width=1024], baseline, precision 8, 1024x511, components 3

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	malicious	VirusTotal - Scan result 12/35

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

eblugh-ir-my.sbs/TNT.zip

170.64.190.229

200 OK

3.2 MB

URL User Request GET HTTP/1.1
eblugh-ir-my.sbs/TNT.zip
IP
170.64.190.229:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjecteblugh-ir-my.sbs
Fingerprint32:5E:60:86:78:4A:D9:11:79:D4:BF:73:85:E6:FC:54:AA:75:B0:27
ValidityWed, 08 May 2024 08:05:22 GMT - Tue, 06 Aug 2024 08:05:21 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.2 MB (3199555 bytes)
Hash
03000af7281bc76a3dd95e70873e47d7
40e4943590c27a8376cacebd162063bc8bb4d184
ea2d14e40c5d5d4c07a42ebf71cde5ffcf8d9fc474dfd5e32a606b59b255dca3

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 12/35

HTTP Headers

GET /TNT.zip HTTP/1.1
Host: eblugh-ir-my.sbs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 01:19:40 GMT
Server: Apache
Last-Modified: Thu, 09 May 2024 07:46:41 GMT
Accept-Ranges: bytes
Content-Length: 3199555
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip