Report - gatoxscript.tripod.com/sitebuildercontent/sitebuilderfiles/PinpolloScript.zip

Report Overview

Visited public
2024-04-03 21:46:15
Tags
URL
gatoxscript.tripod.com/sitebuildercontent/sitebuilderfiles/PinpolloScript.zip
Finishing URL
about:privatebrowsing
IP / ASN
209.202.252.105
#6354 LYCOS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gatoxscript.tripod.com	unknown	1994-09-29	2022-06-13 14:27:32	2024-01-30 03:58:07	531 B	1.6 MB	209.202.252.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gatoxscript.tripod.com/sitebuildercontent/sitebuilderfiles/PinpolloScript.zip
IP
209.202.252.105
ASN
#6354 LYCOS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1577662 bytes)
Hash
4914de00f348f045906f9df99b6f0c85
45c8518fd749471f47c4ac81faef12fba0f9c932
7f32168128edd5ae3092714a4529ae0b1ac636607e3c29f11159bc9b2b13546a

Archive (32)

Filename

Md5

File type

aliases.ini

b691acab8c3643492a33e35af20134d5

ASCII text, with CRLF line terminators

ircintro.hlp

4321f64b3b302788845785fa711e23b1

MS Windows 3.0 help, Fri Aug 16 17:47:06 2002, 69246 bytes

mirc.hlp

640d37cbba70a823eb079b1d9b810950

MS Windows 3.0 help, Thu Aug 15 21:26:41 2002, 220959 bytes

mirc.ini

943906a6d86b9f56e66ec16fe15aadce

Generic INItialization configuration [text]

popups.ini

dd2be674a1bbc1a8498aadc9eb134ebc

Generic INItialization configuration [qpopup]

readme.txt

041e4bcd88b388a319fc49024e31683d

ASCII text, with CRLF line terminators

remote.ini

33f6e5fd715e2b99faa307224677684e

Generic INItialization configuration [variables]

servers.ini

dc3c30c567daaaea385cbec388e8bfd4

ASCII text, with CRLF line terminators

urls.ini

2d9a0407114ed4bcc2d5b297eb157fc1

ASCII text, with CRLF line terminators

versions.txt

2940e92fb74dd799b25b74f6f74402e3

ASCII text, with CRLF line terminators

registry.dll

87bc9fe8b85c0ef2893de77cf2d9ce37

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

nHTMLn_2.92.dll

8381b6f4fcdc6e53e1c7f48f57e7a097

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

vincula.mrc

bcc5637723394d9028e69e2a204d193d

data

vincula.txt

96bfcc38cece3c3385ed491a9a499370

Non-ISO extended-ASCII text, with CRLF line terminators

vincula.ini

98ef43859b2e82405b858a276ef80297

ASCII text, with CRLF line terminators

vfcache.dat

f116b4d6147f1e63fb12fb5763d4edee

ASCII text

007

3cc3bb2c453f51890b6abdd6dcbe1216

ASCII text, with CRLF line terminators

About

683268857d089ec99b9c98d49698f6da

ASCII text, with CRLF line terminators

alias2.ini

1779b02873a4e571d7326d5e6989a05b

ASCII text, with CRLF line terminators

Background.bmp

a180d0fdd5c221cbf07008c943ccbd71

PC bitmap, Windows 3.x format, 963 x 1000 x 24, image size 2892000, resolution 2834 x 2834 px/m, cbSize 2892054, bits offset 54

bg2.jpg

e8ca7f9b3d6fd85bb50f8165caec5387

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1024x768, components 3

cloneconn.txt

8a889efc2260bced4e51e0565c9eb70e

ASCII text, with CRLF line terminators

cloner.txt

4182f2ad7b09a602730f06b1a22fde09

ASCII text, with CRLF line terminators

commands.mrc

bfff90b62eb5df784dfc29764b6e6081

data

Commands.txt

617d4607e032bcdd7ac4c3ba22fdf6a5

data

Ie.ico

ac5613468452636b1453c1d26504f262

MS Windows icon resource - 6 icons, 16x16, 8 bits/pixel, 16x16, 32 bits/pixel

MSN.jpg

a6d050ba8d86800b04fe015faf74cd73

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 250x250, components 3

Pinpollo 007.exe

b766003f431cad186bd115f5761592d1

PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections

Pinpollo007.jpg

660766fd97abff407a4aa338b0b5afe2

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 391x600, components 3

Start.mrc

918154ee22c54fac888e6cfd233b11c6

data

status.jpg

62bc95287ec25becf4ea7e54df05c73f

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 600x22, components 3

tgbanner.bmp

de547915d55f83e0bb50dff86a39df45

PC bitmap, Windows 3.x format, 100 x 35 x 24, image size 10500, resolution 2834 x 2834 px/m, cbSize 10554, bits offset 54

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 34/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

gatoxscript.tripod.com/sitebuildercontent/sitebuilderfiles/PinpolloScript.zip

209.202.252.105

1.6 MB

URL
gatoxscript.tripod.com/sitebuildercontent/sitebuilderfiles/PinpolloScript.zip
IP
209.202.252.105:0
ASN
#6354 LYCOS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1577662 bytes)
Hash
4914de00f348f045906f9df99b6f0c85
45c8518fd749471f47c4ac81faef12fba0f9c932
7f32168128edd5ae3092714a4529ae0b1ac636607e3c29f11159bc9b2b13546a

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 34/61

HTTP Headers

GET /sitebuildercontent/sitebuilderfiles/PinpolloScript.zip HTTP/1.1
Host: gatoxscript.tripod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 03 Apr 2024 21:45:49 GMT
content-type: application/zip
content-length: 1577662
set-cookie: CookieStatus=COOKIE_OK; path=/; domain=.tripod.com; expires=Thu, 03-Apr-2025 21:45:49 GMT
vary: *
x-server-ip: 209.202.244.199
p3p: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
last-modified: Thu, 24 Oct 2002 01:19:44 GMT
etag: "1812be-3db74ab0"
accept-ranges: bytes
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (32)

Detections

JavaScript (0)

HTTP Transactions (1)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers