Report - www.brentozar.com/wp-content/uploads/2022/08/SqlQueryStress.zip

Report Overview

Submitted URL
www.brentozar.com/wp-content/uploads/2022/08/SqlQueryStress.zip
IP
199.16.173.218
ASN
#2635 AUTOMATTIC
Submitted
2024-04-25 20:43:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.brentozar.com	582160	2001-05-18	2012-09-01	2023-07-01	517 B	3.3 MB	199.16.172.55

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.brentozar.com/wp-content/uploads/2022/08/SqlQueryStress.zip
IP
199.16.172.55
ASN
#2635 AUTOMATTIC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.3 MB (3291591 bytes)
Hash
491cc404d489ed82cff7aafb72792202
d8f5206ae5305c664bea74dbd0c21f5aad70baf6
624d7d98274d0648c7a1287d0eef81e5d058494c5536305bfd074520244347ca

Archive (25)

Filename

Md5

File type

CommandLine.dll

3654f4e4c0858a9388c383b1225b8384

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ICSharpCode.AvalonEdit.dll

ef55969a9a326d9854390108d2ede67e

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Data.SqlClient.dll

9a99b432e95ca1c588631418fde7d688

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Identity.Client.dll

d4fab3d6d4ecbd270b9eaf733e6beeb1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.JsonWebTokens.dll

78fdf239b72ab7d4387f3005bb887f28

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Logging.dll

8fcd60cac6ba05215e39a72d40802b2d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Protocols.dll

b5d92c6d11fe28bcd8ec9cce044b5d50

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Protocols.OpenIdConnect.dll

38e5a14697832f8c936ed05bbb35d470

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Tokens.dll

e31acdfafd0f640d2986a218c1302cd7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Data.SqlClient.dll

6ca0c618bfe4b8e007eb9e2442ff7130

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Data.SqlClient.SNI.dll

6f2512acc5a596a63fdb11e5743fe238

PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections

Microsoft.Data.SqlClient.SNI.dll

38fcb8dc36fc8f5ca7e30d9fdbac35f4

PE32 executable (DLL) (GUI) ARMv7 Thumb, for MS Windows, 6 sections

Microsoft.Data.SqlClient.SNI.dll

0a382258603e4bd35ec831358d9f2ada

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Microsoft.Data.SqlClient.SNI.dll

50905f4823f91cea9b7a6c94ca96007e

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Microsoft.Data.SqlClient.dll

015c17af9b4afb7fca7958bf29aceaef

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Runtime.Caching.dll

3eaa18e5ce69e4d01cfb31d9afab384a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SQLQueryStress.deps.json

a048b2de8072da49a887988631c38884

JSON text data

SQLQueryStress.dll

8cecfb4b623049c45ea88d4fa9344739

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SQLQueryStress.dll.config

210e9c074cf56e59c61b6de9c2195091

XML 1.0 document, ASCII text, with CRLF line terminators

SQLQueryStress.exe

d96a08debad9a43932a69df1c718555b

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

SQLQueryStress.pdb

9ced9be56d2c9238aed1b2e5723feb76

Microsoft Roslyn C# debugging symbols version 1.0

SQLQueryStress.runtimeconfig.dev.json

76a938af909077e0e05639e760768b22

JSON text data

SQLQueryStress.runtimeconfig.json

a07927da8710284c49870652cdf7e7ed

JSON text data

System.IdentityModel.Tokens.Jwt.dll

00d9c802d5972149649e676b426aa145

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Runtime.Caching.dll

6915f3eba6fddc980655a55dca980929

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.brentozar.com/wp-content/uploads/2022/08/SqlQueryStress.zip

199.16.172.55

200 OK

3.3 MB

URL User Request GET HTTP/2
www.brentozar.com/wp-content/uploads/2022/08/SqlQueryStress.zip
IP
199.16.172.55:443
ASN
#2635 AUTOMATTIC

Certificate
IssuerLet's Encrypt
Subjecttls.automattic.com
FingerprintDF:D6:CD:0C:2B:E6:17:12:CE:59:47:C5:D2:A7:06:41:78:51:81:98
ValidityThu, 11 Apr 2024 10:09:35 GMT - Wed, 10 Jul 2024 10:09:34 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.3 MB (3291591 bytes)
Hash
491cc404d489ed82cff7aafb72792202
d8f5206ae5305c664bea74dbd0c21f5aad70baf6
624d7d98274d0648c7a1287d0eef81e5d058494c5536305bfd074520244347ca

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

HTTP Headers

GET /wp-content/uploads/2022/08/SqlQueryStress.zip HTTP/1.1
Host: www.brentozar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 20:43:03 GMT
content-type: application/zip
content-length: 3291591
strict-transport-security: max-age=31536000
last-modified: Sat, 09 Dec 2023 12:02:14 GMT
etag: "65745746-3239c7"
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
x-ac: 2.arn _atomic_ams MISS
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers