Report Overview

  1. Visited public
    2025-03-04 14:40:51
    Tags
  2. URL

    links2play.com/awstats.zip

  3. Finishing URL

    about:privatebrowsing

  4. IP / ASN
    95.217.203.22

    #24940 Hetzner Online GmbH

    Title
    about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
links2play.comunknown2024-12-272025-03-032025-03-03

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
mediumlinks2play.com/awstats.zipPhishing Kit impersonating Office 365

OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    links2play.com/awstats.zip

  2. IP

    95.217.203.22

  3. ASN

    #24940 Hetzner Online GmbH

  1. File type

    Zip archive data, at least v0.0 to extract, compression method=store

    Size

    1.1 MB (1095148 bytes)

  2. Hash

    491f6ba518d128ee3ed6c0259cacf61b

    24eb33f70eae6e2461750469b6b234a0c98cc393

  1. Archive (37)

    2. FilenameMd5File type
    awstats022025.aayocompany.com.krishihimalaya.com.txt
    8167a4d3a9a03ea53a1ea97a0df72eb8
    		ASCII text
    awstats012025.aayocompany.com.krishihimalaya.com.txt
    64bb1cf9014c6db1c3d8f8e162b0b7d8
    		ASCII text
    awstats022025.bahunkokhasi.com.krishihimalaya.com.txt
    e9429b5aa18b6e19978d94e36e105e02
    		ASCII text
    wp-cron.php
    384277d2b199d6f2894d2502a8280039
    		PHP script, ASCII text, with very long lines (2787)
    awstats012025.links2play.com.krishihimalaya.com.txt
    ed16e0bd8495bec5f68c8e7538e98bd6
    		ASCII text
    awstats.links2play.com.krishihimalaya.com.conf
    048afac8be610891f7eae27fe81ac877
    		ASCII text, with very long lines (603)
    awstats022025.murraa.com.krishihimalaya.com.txt
    99aa873d9a512085dfaa6546a3a7e30c
    		ASCII text
    awstats.aayocompany.com.krishihimalaya.com.conf
    dcf284b21e78352972f02d5ede2a68b3
    		ASCII text, with very long lines (603)
    awstats022025.games.links2play.com.txt
    83eb6f22390493845f4008d5867cf9c3
    		ASCII text
    awstats012025.krishihimalaya.com.txt
    0bdbefc1255a17ea457e1424f787be46
    		ASCII text
    awstats012025.bahunkokhasi.com.krishihimalaya.com.txt
    1bc3d807582ad569e9fe5e06c36d0f0d
    		ASCII text
    awstats.murraa.com.krishihimalaya.com.conf
    910865d63f4b9078512da6a8a890a7da
    		ASCII text, with very long lines (603)
    awstats022025.aayocompany.com.krishihimalaya.com.txt
    756b4a7901dfa0c4453d4c3d8142d5ba
    		ASCII text
    awstats012025.aayocompany.com.krishihimalaya.com.txt
    0857a368722c952d73ff136eaa80b654
    		ASCII text
    awstats022025.bahunkokhasi.com.krishihimalaya.com.txt
    3183aeec8ee2735c8fdab78816cc003f
    		ASCII text
    awstats012025.links2play.com.krishihimalaya.com.txt
    e84448926488a2a22c3dc998d8a96fbc
    		ASCII text
    awstats.links2play.com.krishihimalaya.com.conf
    2f25744d428798a7613334a6de7303fd
    		ASCII text, with very long lines (603)
    awstats022025.murraa.com.krishihimalaya.com.txt
    a3cbd676d8032cda3f63fae8a1146fec
    		ASCII text
    awstats.aayocompany.com.krishihimalaya.com.conf
    53eb914bc4a0f1046c42231c79ef6876
    		ASCII text, with very long lines (603)
    awstats022025.games.links2play.com.txt
    9861e97fe0c539b19493a8a522d2f7a2
    		ASCII text
    awstats012025.krishihimalaya.com.txt
    5fcb2c91a9a54ea0b0bc65566e2fd5ff
    		ASCII text
    awstats012025.bahunkokhasi.com.krishihimalaya.com.txt
    2dda0e8f2f3fbdbbf1825c1db9354b7c
    		ASCII text
    awstats.murraa.com.krishihimalaya.com.conf
    cd684662be51261a649326153b609553
    		ASCII text, with very long lines (603)
    awstats.krishihimalaya.com.conf
    146bf1f59982ce30cf195cf4755b9bba
    		ASCII text, with very long lines (603)
    awstats.bahunkokhasi.com.krishihimalaya.com.conf
    26982a6bfffa96cceed5f97af335b247
    		ASCII text, with very long lines (603)
    awstats.games.links2play.com.conf
    4b70ce7903069b1a4227cd85e0691486
    		ASCII text, with very long lines (603)
    awstats022025.krishihimalaya.com.txt
    91e0c38757fda510c3549a8912c0ee16
    		ASCII text
    awstats022025.links2play.com.krishihimalaya.com.txt
    307cb8862d8b543da5addf3c4e4335ce
    		ASCII text
    awstats012025.murraa.com.krishihimalaya.com.txt
    2212b58ec23282573133a601ece09bfe
    		ASCII text
    awstats.krishihimalaya.com.conf
    b87a75700901b0cac35c3ab7d07ddb4c
    		ASCII text, with very long lines (603)
    awstats.bahunkokhasi.com.krishihimalaya.com.conf
    50a5a5813cbc5466adb75b1fa82150b2
    		ASCII text, with very long lines (603)
    awstats.games.links2play.com.conf
    dd0df0154189719125a84454edefc401
    		ASCII text, with very long lines (603)
    wp-blog-header.php
    384277d2b199d6f2894d2502a8280039
    		PHP script, ASCII text, with very long lines (2787)
    awstats022025.krishihimalaya.com.txt
    3030b3dab891323c350e936ef1eceabc
    		ASCII text
    awstats022025.links2play.com.krishihimalaya.com.txt
    361bc0594212bc8232eafb5d7a497cda
    		ASCII text
    .htaccess
    a145a50b0ace5cec1d7ed965805420f8
    		ASCII text
    awstats012025.murraa.com.krishihimalaya.com.txt
    e251626e61b0f79b6a08856df5e3944d
    		ASCII text

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    PHP webshell obfuscated
    Public Nextron YARA rulesmalware
    PHP webshell obfuscated by encoding of mixed hex and dec
    Public Nextron YARA rulesmalware
    PHP webshell obfuscated
    Public Nextron YARA rulesmalware
    PHP webshell obfuscated by encoding of mixed hex and dec
    Phishing Kit YARA rulesphishing
    Phishing Kit impersonating Office 365

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
links2play.com/awstats.zip
95.217.203.22200 OK1.1 MB