Report - nezur.io/Nezur

Report Overview

Visited public
2024-03-26 01:09:04
Tags
URL
nezur.io/Nezur_External.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.26.6.104
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nezur.io	unknown	2024-02-17	2024-02-17 17:22:53	2024-03-06 11:36:20	481 B	1.1 MB	104.26.6.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
nezur.io/Nezur_External.zip
IP
104.26.6.104
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.1 MB (1094200 bytes)
Hash
5216e330efcf090e8d032c40a03861a6
78299becada00443221a96a3f198e62d02da9b4b
10f931fa3d8e29f745150b356109c33002f45c20994c33ad2dce26b776400fc9

Archive (9)

Filename

Md5

File type

Nezur.exe

f4c75464c9082f261553822d902d84eb

PE32+ executable (console) x86-64, for MS Windows, 6 sections

arsenal.cfg

27b81d9d18eb32c2fd491c3076ec0aea

JSON text data

autosave.cfg

f201c4a94ca8d4de9e6fcba1edc9dc82

JSON text data

counterblox.cfg

bc7b801b843fb2f5fd19af34b4b88d6a

JSON text data

dahood.cfg

9489291979d19765ca4ba990df16b917

JSON text data

jailbird.cfg

2ea9fe525de145a918ac1b461f536145

JSON text data

universal.cfg

3386ac6b55f3addf304f6e1cce51e7ca

JSON text data

weaponry.cfg

579fb59d2c6b985dfd4566b8a7fe3326

JSON text data

auto_load.txt

d40890f1324388d8295afca5d41b407f

ASCII text, with no line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 40/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

nezur.io/Nezur_External.zip

104.26.6.104

200 OK

1.1 MB

URL User Request GET HTTP/2
nezur.io/Nezur_External.zip
IP
104.26.6.104:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectnezur.io
FingerprintE6:49:68:05:B9:78:1A:AF:FC:A8:61:F7:9F:44:75:24:37:47:0A:9B
ValiditySat, 17 Feb 2024 11:19:00 GMT - Fri, 17 May 2024 11:18:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.1 MB (1094200 bytes)
Hash
5216e330efcf090e8d032c40a03861a6
78299becada00443221a96a3f198e62d02da9b4b
10f931fa3d8e29f745150b356109c33002f45c20994c33ad2dce26b776400fc9

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 40/65

HTTP Headers

GET /Nezur_External.zip HTTP/1.1
Host: nezur.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 26 Mar 2024 01:08:38 GMT
content-type: application/zip
content-length: 1094200
last-modified: Thu, 21 Mar 2024 10:10:43 GMT
cache-control: max-age=120
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HLZHBEhuDBzXsooTQEPJ1oZYBfBGIeWCQWr9zMwi90NVXqGYkGNWfA4Ig8eG4DfCaMihGDgCcCdnzgj48ifnCW%2B3TjRSAMJdKr6FVMwXxPeGZUlfzuomt19"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86a34029e893b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (9)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers