Report Overview
Visitedpublic
2025-03-09 12:48:57
Tags
Submit Tags
URL
exmapi.onrender.com/static/free/v5.0/v5.0_free_resources.zip
Finishing URL
about:privatebrowsing
IP / ASN
216.24.57.4
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
exmapi.onrender.com | unknown | 2015-03-28 | 2024-08-20 | 2025-03-06 | 528 B | 1.2 MB | 216.24.57.4 |
Related reports
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
exmapi.onrender.com/static/free/v5.0/v5.0_free_resources.zip
IP / ASN
216.24.57.4
File Overview
File TypeZip archive data, at least v2.0 to extract, compression method=deflate
Size1.2 MB (1238971 bytes)
MD5db0e9e1953431cc977c3e95bd3d36ab6
SHA14f34027bfd24a54e269721e07f3fedceb7841e70
Archive (7)
| Filename | MD5 | File type |
|---|---|---|
| Autoruns.exe | 17bd13edd536269c417ba8e1b4534fbe | PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections |
| EXM Free Power Plan V5.pow | 5280e5a8aa1b9121f75d1701e5274b84 | MS Windows registry file, NT/2000 or above |
| Free NVPI EXM Profile V6.nip | 0b41dcb5ec08c22610e092f97e139c78 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators |
| nvidiaProfileInspector.exe | ff5f39370b67a274cb58ba7e2039d2e2 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections |
| nvidiaProfileInspector.exe.config | ce6d0bc7328b0fab08de80f292c1eaa4 | XML 1.0 document, ASCII text |
| Windows_Update_Blocker.exe | 585c5000d1a851b295ff295389d7aa1a | PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections |
| Windows_Update_Blocker.ini | 1720757a9f95ad43f0c994f7b7b0f922 | Unicode text, UTF-16, little-endian text, with CRLF line terminators |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| Public InfoSec YARA rules | malware | Identifies compiled AutoIT script (as EXE). |
JavaScript (0)
No JavaScripts
HTTP Transactions (1)
| URL | IP | Response | Size |
|---|