Report - maspethwellding.com/host[24.0].zip

Report Overview

Submitted URL
maspethwellding.com/host[24.0].zip
IP
172.67.171.177
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-23 19:50:51
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
11

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
maspethwellding.com	unknown	2024-03-18	2024-03-18	2024-04-11	488 B	1.9 MB	172.67.171.177

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
maspethwellding.com/host[24.0].zip
IP
172.67.171.177
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.9 MB (1875725 bytes)
Hash
526a605b670dac71c795bce678ce1ff7
afb9d8b6638987b2e3143e6be7b957ed516c1649
8a3893e76cff57743098d60c0a29b4ab2af9600fdc4eaf92702212f5f58a8f96

Archive (26)

Filename

Md5

File type

.htaccess

ff44c0b3d8a5f3f2149bae213266d406

ASCII text, with CRLF line terminators

404.php

cf8c58ee9a4194aef1fd52335134aa0e

PHP script, ASCII text, with very long lines (17063)

bl.txt

73e78912b8660a481af1e1fcea4acbdd

JSON text data

blank.php

f4914fc25e4c7a333000e22ee5cc76e2

PHP script, ASCII text, with very long lines (65529)

index.php

190640fa7888b364fd9c91795c70947e

PHP script, ASCII text, with very long lines (65529)

bake.php

81efedf3a2166c11e5036c30d2973e05

PHP script, ASCII text, with CRLF line terminators

custom.js

a3d0765c0964e5c1e003fda7e8f264c8

JavaScript source, ASCII text, with CRLF line terminators

aging.png

050acb25f0ca7aca71f8612c66f9a354

PNG image data, 1364 x 538, 8-bit/color RGBA, non-interlaced

excel.png

4d4094b0569a713a05190e90c67417ea

PNG image data, 1220 x 682, 8-bit/color RGB, non-interlaced

inv.png

ab4fc444fedea2d376b493e2e280bc75

PNG image data, 2517 x 996, 8-bit grayscale, non-interlaced

off.png

95eb7622c93f61c3802e5514c5eb16ec

PNG image data, 1584 x 667, 8-bit/color RGBA, non-interlaced

pdf.png

63a0908eb6d982a6dda1c94da0f66130

PNG image data, 1584 x 659, 8-bit/color RGBA, non-interlaced

word.png

bb7f4954bae5dae272721802e3fbb610

PNG image data, 1578 x 740, 8-bit/color RGBA, non-interlaced

jqr.js

9d0eee85031247518ce35b99567beb83

JavaScript source, ASCII text, with very long lines (65536), with no line terminators

mf.php

82fb428f76b049f8a08006674e6fb100

PHP script, ASCII text, with very long lines (52018), with CRLF line terminators

min_config.json

72389195e4a6c97c26abc628e203b387

JSON text data

min_configAlt.json

d41d8cd98f00b204e9800998ecf8427e

min_make.php

d93ca08a66cb968b3cdb872863ef7024

PHP script, ASCII text, with CRLF line terminators

ms.php

2ed370f6c4f03eaa136eeedb199243bc

PHP script, ASCII text, with very long lines (34043), with CRLF line terminators

sc.php

970ad566cb5e57e70d48ce510bf9b2fc

JavaScript source, ASCII text, with CRLF line terminators

log.json

d41d8cd98f00b204e9800998ecf8427e

profile.php

bc5c3edff97718abfc5e3825a143f810

PHP script, ASCII text, with very long lines (65529)

config.ini

c8aabe10fddf8adef4f84769ed81a885

ASCII text

httpd.grt

ce3dc406316a594ec6302ffb12834993

ASCII text, with very long lines (407), with no line terminators

j.php

080926b37a871956c18da7fc823b4459

PHP script, ASCII text, with very long lines (65529), with CRLF line terminators

j2.php

6f36e9fcebdb8fb9dbe37087450a6b9e

PHP script, ASCII text, with very long lines (65527), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell which eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell which eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell which eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	maspethwellding.com/host[24.0].zip	172.67.171.177	200 OK	1.9 MB
URL User Request GET HTTP/2 maspethwellding.com/host[24.0].zip IP 172.67.171.177:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectmaspethwellding.com FingerprintBA:6C:B0:F1:E6:2A:D1:FB:27:B4:75:F6:C5:CE:72:87:4A:6B:F3:34 ValidityWed, 10 Apr 2024 15:25:16 GMT - Tue, 09 Jul 2024 15:25:15 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 1.9 MB (1875725 bytes) Hash 526a605b670dac71c795bce678ce1ff7 afb9d8b6638987b2e3143e6be7b957ed516c1649 8a3893e76cff57743098d60c0a29b4ab2af9600fdc4eaf92702212f5f58a8f96 HTTP Headers `GET /host[24.0].zip HTTP/1.1 Host: maspethwellding.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Tue, 23 Apr 2024 19:50:21 GMT content-type: application/zip content-length: 1875725 last-modified: Wed, 10 Apr 2024 16:38:29 GMT cache-control: max-age=14400 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Fr2RlRRTOgi0iKBDcOm%2FC2DrbsX9olFpwlWYG7IRuulSsU%2FxEAP5n7n8ogTVgTvC9tmEH3BWOv32tqTsHrbRqSEgvpJ8%2B14XhSaBr0tpFvw%2Btyqleo85ITy1oOMp2yOc2wqMOhr"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 879061cf19055695-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

maspethwellding.com/host[24.0].zip

172.67.171.177

200 OK

1.9 MB

URL User Request GET HTTP/2
maspethwellding.com/host[24.0].zip
IP
172.67.171.177:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmaspethwellding.com
FingerprintBA:6C:B0:F1:E6:2A:D1:FB:27:B4:75:F6:C5:CE:72:87:4A:6B:F3:34
ValidityWed, 10 Apr 2024 15:25:16 GMT - Tue, 09 Jul 2024 15:25:15 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.9 MB (1875725 bytes)
Hash
526a605b670dac71c795bce678ce1ff7
afb9d8b6638987b2e3143e6be7b957ed516c1649
8a3893e76cff57743098d60c0a29b4ab2af9600fdc4eaf92702212f5f58a8f96

HTTP Headers

GET /host[24.0].zip HTTP/1.1
Host: maspethwellding.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 Apr 2024 19:50:21 GMT
content-type: application/zip
content-length: 1875725
last-modified: Wed, 10 Apr 2024 16:38:29 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Fr2RlRRTOgi0iKBDcOm%2FC2DrbsX9olFpwlWYG7IRuulSsU%2FxEAP5n7n8ogTVgTvC9tmEH3BWOv32tqTsHrbRqSEgvpJ8%2B14XhSaBr0tpFvw%2Btyqleo85ITy1oOMp2yOc2wqMOhr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879061cf19055695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (26)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers