Report - www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip

Report Overview

Submitted URL
www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip
IP
77.37.87.109
ASN
#31400 firstcolo GmbH
Submitted
2024-04-18 01:55:34
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.mercier-ganady.name	unknown	unknown	2020-02-08	2024-04-17	517 B	1.1 MB	77.37.87.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip
IP
77.37.87.109
ASN
#31400 firstcolo GmbH

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.1 MB (1109981 bytes)
Hash
edbf51b5409c9d9beed05531c9ac493e
373bf7d29f53ef2733ed6a6fb047a4e2c23347c5
0c49774a2c905f32529c4bcf4a683989ad8c190e37dcb65a3eb8232dfa33076d

Archive (34)

Filename

Md5

File type

serverwiper.vdf

d372cb0de4a1dc4f4ba287a82482a9bb

ASCII text, with CRLF line terminators

server_wiper_mm.dll

af83680b863994774b095e21f5880892

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

server_wiper_mm_i486.so

bee0b8c46469c306635e105f953ca618

ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)

sm_sw_ban_detection.smx

5f1547c3f3fb86e1827569fe82803302

data

insert_post.php

7ee5c433801b6916e113c5022fecd3ff

PHP script, ASCII text, with CRLF line terminators

sw.cfg

9176151394f8aba89f92357981b7e0e4

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

admins.txt

d41d8cd98f00b204e9800998ecf8427e

fr.txt

842b2b377a1f49e6781dc67bc5815b5e

Unicode text, UTF-8 text, with CRLF line terminators

apologies.txt

647526890fced468dcb4ab9258b7a341

Unicode text, UTF-8 text, with CRLF line terminators

greetings.txt

600bb223c7ccdaa00d5997ef586b5eb4

ASCII text, with CRLF line terminators

help.txt

2157ee3916cf8ed2a4ec83eec4bbbbd0

ASCII text, with CRLF line terminators

help_fr.txt

a44ddbc59a1e3f288eb318d1bb63e07b

Unicode text, UTF-8 text, with CRLF line terminators

insults1.txt

ffe47209ad491762ff6194c5100df3b7

Unicode text, UTF-8 text, with CRLF line terminators

insults2.txt

51b2939fb87d44a06241dbad84bac6a7

Unicode text, UTF-8 text, with CRLF line terminators

insults3.txt

cfc7ff2a3ccadaa3fedbd21f78bf3b7a

Unicode text, UTF-8 text, with CRLF line terminators

team.txt

d41d8cd98f00b204e9800998ecf8427e

sw_fr.cfg

9a642453f1d85d469e390df13d9e78ed

Unicode text, UTF-8 text, with CRLF line terminators

COPYING.txt

467be35f1abe5388c295f26480eb9e36

ASCII text, with CRLF line terminators

AdminActions.txt

874b79274bfde3616c33d0fc20a51250

ASCII text, with CRLF line terminators

AdminActions_fr.txt

f40130db32831c4e721b333fa639e7a7

ISO-8859 text, with CRLF line terminators

BanPosting.txt

8619d13d3074f87bcc8e8f4236b79aec

ASCII text, with CRLF line terminators

BanPosting_fr.txt

d78540e0f3fb456ba3f390c4922aac3d

ISO-8859 text, with CRLF line terminators

Changelog.txt

f59f78b46f1f863ac0c38f9928e838b2

ASCII text, with CRLF line terminators

Changelog_fr.txt

5df2651c69728dbcea57178b479a4701

ISO-8859 text, with CRLF line terminators

HelpMessages.txt

85dd6147cb6e1fb00b1338ab585a019e

ASCII text, with CRLF line terminators

HelpMessages_fr.txt

ff9f5e63f8e05043c5fa5d2aadd2083b

Unicode text, UTF-8 text, with CRLF line terminators

Insults.txt

3aa697845c380cf4e7a08c4593e804bc

ASCII text, with CRLF line terminators

Insults_fr.txt

7b7364dbd8a4b1805ce20bf4544e31c3

Unicode text, UTF-8 text, with CRLF line terminators

Languages.txt

08c136c93fc160243f1e60ee18215b9e

ASCII text, with CRLF line terminators

Languages_fr.txt

bfb84dca4388825dd88b495b3cda26b7

Unicode text, UTF-8 text, with CRLF line terminators

TeamMembersCheck.txt

e42deaede631acd99e242225e3824257

ASCII text, with CRLF line terminators

TeamMembersCheck_fr.txt

9208aadbbc3a233bb91e1e85ef6beccb

ISO-8859 text, with CRLF line terminators

README.txt

8890f2d9894f68dd0ffb9a8907a742da

ASCII text, with very long lines (405), with CRLF line terminators

README_fr.txt

a7f3779f5899c372ab9a2de6a6ea18ba

ISO-8859 text, with very long lines (415), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip	77.37.87.109	200 OK	1.1 MB
URL User Request GET HTTP/2 www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip IP 77.37.87.109:443 ASN #31400 firstcolo GmbH Certificate IssuerLet's Encrypt Subjectmercier-ganady.name Fingerprint0E:92:84:4B:CF:72:AC:BD:FF:0F:17:A0:10:6D:B4:37:94:DC:40:29 ValidityMon, 19 Feb 2024 16:41:19 GMT - Sun, 19 May 2024 16:41:18 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 1.1 MB (1109981 bytes) Hash edbf51b5409c9d9beed05531c9ac493e 373bf7d29f53ef2733ed6a6fb047a4e2c23347c5 0c49774a2c905f32529c4bcf4a683989ad8c190e37dcb65a3eb8232dfa33076d HTTP Headers GET /download/29/serverwiper1.16a-binary.zip HTTP/1.1 Host: www.mercier-ganady.name User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: nginx/1.22.1 date: Thu, 18 Apr 2024 01:55:07 GMT content-type: application/octet-stream content-length: 1109981 last-modified: Fri, 31 Oct 2014 11:59:56 GMT content-disposition: attachement; filename="serverwiper1.16a-binary.zip" etag: "545379bc-10efdd" x-permitted-cross-domain-policies: master-only accept-ranges: bytes strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: “DENY”, SAMEORIGIN x-content-type-options: nosniff, nosniff x-xss-protection: 1; mode=block, 1; mode=block x-robots-tag: none X-Firefox-Spdy: h2

www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip

77.37.87.109

200 OK

1.1 MB

URL User Request GET HTTP/2
www.mercier-ganady.name/download/29/serverwiper1.16a-binary.zip
IP
77.37.87.109:443
ASN
#31400 firstcolo GmbH

Certificate
IssuerLet's Encrypt
Subjectmercier-ganady.name
Fingerprint0E:92:84:4B:CF:72:AC:BD:FF:0F:17:A0:10:6D:B4:37:94:DC:40:29
ValidityMon, 19 Feb 2024 16:41:19 GMT - Sun, 19 May 2024 16:41:18 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.1 MB (1109981 bytes)
Hash
edbf51b5409c9d9beed05531c9ac493e
373bf7d29f53ef2733ed6a6fb047a4e2c23347c5
0c49774a2c905f32529c4bcf4a683989ad8c190e37dcb65a3eb8232dfa33076d

HTTP Headers

GET /download/29/serverwiper1.16a-binary.zip HTTP/1.1
Host: www.mercier-ganady.name
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.22.1
date: Thu, 18 Apr 2024 01:55:07 GMT
content-type: application/octet-stream
content-length: 1109981
last-modified: Fri, 31 Oct 2014 11:59:56 GMT
content-disposition: attachement; filename="serverwiper1.16a-binary.zip"
etag: "545379bc-10efdd"
x-permitted-cross-domain-policies: master-only
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: “DENY”, SAMEORIGIN
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
x-robots-tag: none
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (34)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers