Report - www.greatchief.plus.com/chfzip26.zip

Report Overview

Submitted URL
www.greatchief.plus.com/chfzip26.zip
IP
212.159.9.91
ASN
#6871 British Telecommunications PLC
Submitted
2024-03-28 12:28:38
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.greatchief.plus.com	unknown	1994-12-16	2015-09-06	2024-01-08	406 B	458 B	212.159.8.91
www.foyeh.org	unknown	2007-07-17	2015-03-10	2023-12-01	396 B	151 kB	92.205.6.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.foyeh.org/chfzip26.zip
IP
92.205.6.33
ASN
#21499 Host Europe GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
151 kB (150963 bytes)
Hash
77126f1939c84eff3cd5402b124e0ba9
22f06a51821bc7944fa1f2965d57d38b0e4fc2cc
5631061ec92e63242fd45f33a3995c6bc9b943492d0d133ea2c1d16274f1723f

Archive (30)

Filename

Md5

File type

build_dlls.bat

4d709a7da740c37e974855731663e095

ASCII text, with CRLF line terminators

chfunzip.pas

7908aac2df87cc1910ad1a4380bcd07e

awk or perl script, ASCII text, with CRLF line terminators

chiefzip.pas

80351b8ec2c6886b0603cc1b77550c7a

ASCII text, with CRLF line terminators

unzipos2.dll

db019ed0f13aaa64586c0f7ca7f35b0d

MS-DOS executable, LX for OS/2 (DLL) i80386

unzipp16.dll

063829cb90e6b17ca5999f2ee2dbdbdd

MS-DOS executable, NE for OS/2 1.x (3.0) (DLL or font)

unzipw16.dll

17aa4ad5ff84f2ba90f741064f91d7f0

MS-DOS executable, NE for MS Windows 3.x (3.0) (DLL or font)

unzipw32.dll

4b81877530b5bc51f711cf0304202d76

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

dll2lib.bat

58a0556866316ec956d87e728c14f7f8

DOS batch file, ASCII text, with CRLF line terminators

Project1.dpr

d843a7f42f9ff957481d274f4af11235

ASCII text, with CRLF line terminators

Project1.dsk

6be903db236012c20db0b08ca2263e7e

Generic INItialization configuration [ProjectManager]

Project1.res

b4359625962f3c2f61f75b7ae5df56d4

MSVC .res

Project2.dpr

2e8072bf7dd14afb13ce3a4f2fb06d22

ASCII text, with CRLF line terminators

Project2.dsk

9b7a5e8850aefd7fa2db284ba0a1abe3

Generic INItialization configuration [ProjectManager]

Project2.res

bcf6ee51dc75a300914bc84658a5f12c

MSVC .res

Unit1.dfm

e4d3c655e71e48d8e5fdbee5a0afc40d

JPEG XL codestream

Unit1.pas

e2216f229d3f1fc447ebf27ac252d3bc

ASCII text, with CRLF line terminators

Unit2.dfm

db80d926ef66af7fb49e8809b9cb5f4c

JPEG XL codestream

Unit2.pas

28ba4df43595282408c634db832019c2

ASCII text, with CRLF line terminators

chfunzip.res

45d02203801ec5cae86ed0a68727b0fa

MSVC .res

readme.txt

d3d1aa76dbf1d110c284f864d162317d

ASCII text, with CRLF line terminators

test0.pas

74ce296d4628ee8eda26fdafe0c758b6

ASCII text, with CRLF line terminators

test1.pas

cd6402f3c3305ea3699ec4f2b7b66772

awk or perl script, ASCII text, with CRLF line terminators

test2.pas

104846428091716aac18148a76ea2c66

ASCII text, with CRLF line terminators

test3.pas

222dd1b2f474f6ca8fa73078f4e40059

ASCII text, with CRLF line terminators

test4.pas

494b769b23eca7e87e87ebbd764324d2

awk or perl script, ASCII text, with CRLF line terminators

unzip.inc

6e6e5e228897e5c16d42fa9e2dec2ae0

ASCII text, with CRLF line terminators

unzip.pas

c962bfd7fdb4a32dd62350ab2b773459

ASCII text, with CRLF line terminators

unzip32.pas

b7a0599600974251fa7a3678e53dda6b

ASCII text, with CRLF line terminators

zipinter.pas

fe941ba6c9b258a62b8cbb891b963b71

ASCII text, with CRLF line terminators

ziptypes.pas

e4380a3f1d2df0fdc16be364cfc8b8a1

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	www.greatchief.plus.com/chfzip26.zip	212.159.8.91	302 Found	217 B
URL User Request GET HTTP/1.1 www.greatchief.plus.com/chfzip26.zip IP 212.159.8.91:80 ASN #6871 British Telecommunications PLC File type HTML document, ASCII text Size 217 B (217 bytes) Hash 61cc8d17598e929b9c3d8fd38b2cf7bc 0eb848fb624f4abe2415390b026aac673978bd84 e009d7d6540babaa421e79128fe724a9e02f3e3c5883293541591b5f74ecb901 HTTP Headers `GET /chfzip26.zip HTTP/1.1 Host: www.greatchief.plus.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 302 Found Date: Thu, 28 Mar 2024 12:28:12 GMT Server: Apache Location: http://www.foyeh.org/chfzip26.zip Content-Length: 217 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1`

	www.foyeh.org/chfzip26.zip	92.205.6.33	200 OK	151 kB
URL User Request GET HTTP/1.1 www.foyeh.org/chfzip26.zip IP 92.205.6.33:80 ASN #21499 Host Europe GmbH File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 151 kB (150963 bytes) Hash 77126f1939c84eff3cd5402b124e0ba9 22f06a51821bc7944fa1f2965d57d38b0e4fc2cc 5631061ec92e63242fd45f33a3995c6bc9b943492d0d133ea2c1d16274f1723f HTTP Headers `GET /chfzip26.zip HTTP/1.1 Host: www.foyeh.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 12:28:12 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 29 Apr 2016 11:30:02 GMT ETag: "3f82bd9-24db3-5319df6b16280" Accept-Ranges: bytes Content-Length: 150963 Vary: Accept-Encoding Keep-Alive: timeout=5 Content-Type: application/zip`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (30)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers