Report - www.sh-23.ru/images/sveden/education/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B5_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%8B_%D0%92%D0%94_%D0%9D%D0%9E%D0%9E.zip

Report Overview

Submitted URL
www.sh-23.ru/images/sveden/education/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B5_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%8B_%D0%92%D0%94_%D0%9D%D0%9E%D0%9E.zip
IP
31.31.196.230
ASN
#197695 Domain names registrar REG.RU, Ltd
Submitted
2024-05-05 08:59:13
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.sh-23.ru	unknown	2020-12-10	2023-08-18	2024-04-15	624 B	2.7 MB	31.31.196.230

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.sh-23.ru/images/sveden/education/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B5_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%8B_%D0%92%D0%94_%D0%9D%D0%9E%D0%9E.zip
IP
31.31.196.230
ASN
#197695 Domain names registrar REG.RU, Ltd

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.7 MB (2665176 bytes)
Hash
b7498e86b91cc01d28bf23a0163abc2a
3728fbda400b3adc9ed04429633dd5c82eb9cf94
d809d255f45635a3573deda254d8d5642a64d7caa75c7495ece243866cf52dfd

Archive (16)

Filename

Md5

File type

�� ⥫�� ᨩ.pdf

eea8a455caeae220886970d94018c418

PDF document, version 1.5 (zip deflate encoded)

�� 㬭��+.pdf

057ee9196ae1e443b5a63dbb567c1ec1

PDF document, version 1.5 (zip deflate encoded)

�� த�+.pdf

f005c88c9b713da5d64e8d76299b0722

PDF document, version 1.5 (zip deflate encoded)

�� ᮢ�� +.pdf

9608a3825820c159e524eaf94d15074f

PDF document, version 1.5 (zip deflate encoded)

�� 㬠��, �� +.pdf

7f88219b767215c8c2a1cd6fb68cafd4

PDF document, version 1.5 (zip deflate encoded)

�� ⥫쭠� ��⥬�⨪�+.pdf

2b68e1906be60e22bba29dd324ec8cb8

PDF document, version 1.5 (zip deflate encoded)

�� ன ᮢ�+.pdf

c0fe3c7c26a01c526423a009da535d7d

PDF document, version 1.5 (zip deflate encoded)

�� 㬥�� 窨+.pdf

cbd4c778818c63c6fce4145c6b2b1895

PDF document, version 1.5 (zip deflate encoded)

�� +.pdf

a9c9534b81cb5e70a53bde90cf0df16f

PDF document, version 1.5 (zip deflate encoded)

�� ࠢ��쭮� ��⠭��+.pdf

83f8b34510b3727a1dd0bc83984450d5

PDF document, version 1.5 (zip deflate encoded)

�� ᮢ�� ࠬ�⭮��+.pdf

12cdfcea68cae931d61667e0ed50b9f1

PDF document, version 1.5 (zip deflate encoded)

�� 襥 �६� ��+.pdf

bbaf8aca0405fe3f4f701947f031fc9e

PDF document, version 1.5 (zip deflate encoded)

�� 嬠��-誮��+.pdf

160562d14e6075007117b20c6b956d7b

PDF document, version 1.5 (zip deflate encoded)

�� 筮� ��⥫쭮�� +.pdf

b17c1cfb83addceffeb790d509a25188

PDF document, version 1.5 (zip deflate encoded)

�� ⡮�+.pdf

9729fe42fba6e43b8a88b5ab55293088

PDF document, version 1.5 (zip deflate encoded)

�� 㤨�+.pdf

41d66fce579316e6918268afa7be946e

PDF document, version 1.5 (zip deflate encoded)

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies Office documents created by a cracked Office version, SPecialiST RePack.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.sh-23.ru/images/sveden/education/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B5_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%8B_%D0%92%D0%94_%D0%9D%D0%9E%D0%9E.zip

31.31.196.230

200 OK

2.7 MB

URL User Request GET HTTP/2
www.sh-23.ru/images/sveden/education/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B5_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%8B_%D0%92%D0%94_%D0%9D%D0%9E%D0%9E.zip
IP
31.31.196.230:443
ASN
#197695 Domain names registrar REG.RU, Ltd

Certificate
IssuerLet's Encrypt
Subjectsh-23.ru
Fingerprint1D:93:DD:97:48:33:F8:AE:A0:64:8C:A6:77:83:68:A6:6B:63:3F:4E
ValiditySun, 14 Apr 2024 23:48:21 GMT - Sat, 13 Jul 2024 23:48:20 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.7 MB (2665176 bytes)
Hash
b7498e86b91cc01d28bf23a0163abc2a
3728fbda400b3adc9ed04429633dd5c82eb9cf94
d809d255f45635a3573deda254d8d5642a64d7caa75c7495ece243866cf52dfd

HTTP Headers

GET /images/sveden/education/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B5_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%8B_%D0%92%D0%94_%D0%9D%D0%9E%D0%9E.zip HTTP/1.1
Host: www.sh-23.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 08:58:47 GMT
content-type: application/zip
content-length: 2665176
last-modified: Mon, 07 Nov 2022 10:02:21 GMT
etag: "6368d7ad-28aad8"
expires: Wed, 19 Jun 2024 08:58:47 GMT
cache-control: max-age=3888000
strict-transport-security: max-age=31536000;
accept-ranges: bytes
X-Firefox-Spdy: h2