Report - antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip

Report Overview

Submitted URL
antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip
IP
104.21.60.237
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-23 08:47:01
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
antiseretbosanjaisokab.efile.biz.id	unknown	unknown	No data	No data	547 B	2.2 MB	104.21.60.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip
IP
104.21.60.237
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.2 MB (2222159 bytes)
Hash
50ed411831bc0cdd0b33848553f8a44e
422631b42d3ca0c9fd46a64a895df2ba064c5f4f
8954ebd24e063dcf11ad10bce6a7ed9cc259f9ae5c563be21f4f49c0afa70fed

Archive (19)

Filename

Md5

File type

apiii.php

1c646754bb1eb29298db58dc5eca386f

PHP script, ASCII text

085640775825.php

f89df5c1193a1d46afe70250037ed6bb

JavaScript source, ASCII text

add.php

6c7df1ee2a4ea517564758014de6932b

PHP script, ASCII text, with CRLF line terminators

data.json

a2b18eb40394f1fca1bec0205a6db0e5

JSON text data

data.php

9aaeb95887dc0524ef496cdb792be6e5

PHP script, ASCII text

delete.php

271637d7f749ef7ac3cab5d8e255834e

PHP script, ASCII text, with CRLF line terminators

ganti.php

30c0a44a8765e8e9e075b0fa636f5e5d

PHP script, ASCII text, with CRLF line terminators

index.php

70108388c92dfa32673db505a659893b

HTML document, ASCII text, with very long lines (706)

script.js

ac2cf6af18e38908934a3804eb11f5bd

JavaScript source, ASCII text

style.css

1718b9c01b40832f36f05b05b4f5a9a1

ASCII text

index.php

6793526b0355090ee60f01f739eb2223

HTML document, ASCII text, with very long lines (55615)

index2.php

9ed5bc9eec261a5dec3256bed5149872

PHP script, ASCII text

log-cpr.php

f591c03bc28af6e96eaacd5b70aebf3d

PHP script, ASCII text, with very long lines (2787)

log-gen.php

9d297d59664d0780618a9aa6552b7fbb

PHP script, ASCII text, with very long lines (53022)

log-ip.php

995be493d35a279f5693dbea6ba6c7bc

PHP script, ASCII text, with very long lines (986)

logo.gif

c4795a824cb2af554bd0aa533ed2ace1

ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]

logo.png

c755667d140888501b9902a21c714e0d

PNG image data, 2452 x 2560, 8-bit/color RGBA, non-interlaced

send.php

74abb82fa3e4f9cd091c1a9a6fd3102c

PHP script, Unicode text, UTF-8 text

a1.mp3

88e944a60d45a517756d1a918ebe0115

Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	PHP webshell which only writes an uploaded file to disk
Public Nextron YARA rules	malware	PHP webshell which only writes an uploaded file to disk

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip	104.21.60.237	200 OK	2.2 MB
URL User Request GET HTTP/2 antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip IP 104.21.60.237:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectefile.biz.id FingerprintD4:13:48:9C:28:4E:FD:E0:6C:71:82:AF:F1:14:DF:7A:BA:5C:DC:D4 ValiditySun, 24 Mar 2024 16:03:20 GMT - Sat, 22 Jun 2024 16:03:19 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 2.2 MB (2222159 bytes) Hash 50ed411831bc0cdd0b33848553f8a44e 422631b42d3ca0c9fd46a64a895df2ba064c5f4f 8954ebd24e063dcf11ad10bce6a7ed9cc259f9ae5c563be21f4f49c0afa70fed HTTP Headers GET /SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip HTTP/1.1 Host: antiseretbosanjaisokab.efile.biz.id User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Tue, 23 Apr 2024 08:46:36 GMT content-type: application/zip content-length: 2222159 last-modified: Sat, 20 Apr 2024 14:01:34 GMT cache-control: max-age=14400 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vdZJnvdiZsi3HIiZRHsLr7UH8inbqc3CKQMAhAHTucWoJYW8exaGtN3ooBREFIx3FsHXF5PVgFE1%2BgDfDKrKL0pXGWk0Be5zWG30N6JRJ2WRU%2FAi29bsRMKxjMbUgxLlL0nz%2FbHG4qoZIv4x6TPjdi8x520bag%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 878c9580ea41b4ed-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip

104.21.60.237

200 OK

2.2 MB

URL User Request GET HTTP/2
antiseretbosanjaisokab.efile.biz.id/SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip
IP
104.21.60.237:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectefile.biz.id
FingerprintD4:13:48:9C:28:4E:FD:E0:6C:71:82:AF:F1:14:DF:7A:BA:5C:DC:D4
ValiditySun, 24 Mar 2024 16:03:20 GMT - Sat, 22 Jun 2024 16:03:19 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.2 MB (2222159 bytes)
Hash
50ed411831bc0cdd0b33848553f8a44e
422631b42d3ca0c9fd46a64a895df2ba064c5f4f
8954ebd24e063dcf11ad10bce6a7ed9cc259f9ae5c563be21f4f49c0afa70fed

HTTP Headers

GET /SC%20PANEL%20JASTEB%20ROHYS%20STORE%20AUTO%20RESS%202.zip HTTP/1.1
Host: antiseretbosanjaisokab.efile.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 Apr 2024 08:46:36 GMT
content-type: application/zip
content-length: 2222159
last-modified: Sat, 20 Apr 2024 14:01:34 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vdZJnvdiZsi3HIiZRHsLr7UH8inbqc3CKQMAhAHTucWoJYW8exaGtN3ooBREFIx3FsHXF5PVgFE1%2BgDfDKrKL0pXGWk0Be5zWG30N6JRJ2WRU%2FAi29bsRMKxjMbUgxLlL0nz%2FbHG4qoZIv4x6TPjdi8x520bag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878c9580ea41b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers