Report - eb3.whitebaba.com/download/game/Rust.zip

Report Overview

Submitted URL
eb3.whitebaba.com/download/game/Rust.zip
IP
104.21.29.203
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 23:11:52
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eb3.whitebaba.com	unknown	unknown	No data	No data	494 B	12 MB	172.67.149.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
eb3.whitebaba.com/download/game/Rust.zip
IP
172.67.149.200
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
12 MB (11490003 bytes)
Hash
fe0697a234df4e61adcdcdd6e99128d5
a0537c4fd9267816109fa9fd77052c969dac9adc
49bd64e821a4f0003960533076fb7102c76efc6f05cbcb40517229b21ef5b579

Archive (24)

Filename

Md5

File type

MetroAssets

ddfadb8efef8aedc2344a9daa7157d2b

7-zip archive data, version 0.4

Microsoft.WindowsAPICodePack.dll

ace419174e1e0c792d028f25f60d6e5f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.WindowsAPICodePack.Shell.dll

18a46202a1636b985208e2183d756617

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Windows.Interactivity.dll

e991d47605bc04629af29939ac2cc9b5

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

wdmode.exe

42badc1d2f03a8b1e4875740d3d49336

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

YLLibs.dll

3744d4fd7ba093923174696b56d05f9f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ZoneList

cd9447ef8116a3103e002dc719b21f7c

ASCII text, with CRLF line terminators

Chinese(Simplified).png

18bd6697bc44bcfaa606aec883fdf1c4

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

Chinese(Simplified).xml

2ba8908901c62e486dc7d4ce5822acf3

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

English.png

00214d9e4e6155a04e3997d121641c98

PNG image data, 48 x 48, 8-bit colormap, non-interlaced

English.xml

2091e6d656ae235a0e7977b0d5a51ce3

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (310), with CRLF line terminators

Hindi.txt

b36cf08ef6cc607894f3719fe607039d

ASCII text, with CRLF line terminators

Polish.png

464a2897bc125872878d68aef0ef18bf

PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced

Polish.xml

90c85da1a793104e89789e7d20356463

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF line terminators

Portuguese (Brazil).png

e1e15cebb26738f77b3ef7bf363e158a

PNG image data, 40 x 28, 8-bit/color RGB, non-interlaced

Portuguese (Brazil).xml

50873071801aa9149f2995e3baae2006

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (332), with CRLF line terminators

Russian.png

32407c33f2a8c46d716d78164157e063

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

Russian.xml

f6fa2e722e5939899a26ccf55b7d857e

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (378), with CRLF line terminators

Telugu.txt

5bd8c217b68dc7e02c937b068eea3e78

ASCII text, with CRLF line terminators

Turkish.xml

dce3b57fd8c845cfd7c98bca25271013

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (322), with CRLF line terminators

[Rust - Game PC].exe

79b862f83a5bfa3fb5011cabf9d47a63

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ControlzEx.dll

2d5035cb5a3678f2c2f5a889bd384813

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Hardcodet.Wpf.TaskbarNotification.dll

d5d708e9e7625ab2c4ac1c1faa099350

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MahApps.Metro.dll

d0875df0efa5aa164ed3a1572cbad9dc

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

eb3.whitebaba.com/download/game/Rust.zip

172.67.149.200

200 OK

12 MB

URL User Request GET HTTP/2
eb3.whitebaba.com/download/game/Rust.zip
IP
172.67.149.200:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwhitebaba.com
Fingerprint2F:B8:CF:63:E8:7D:DF:CD:A0:83:85:EF:0B:FB:88:CA:50:AA:13:96
ValiditySun, 07 Apr 2024 10:15:25 GMT - Sat, 06 Jul 2024 10:15:24 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
12 MB (11490003 bytes)
Hash
fe0697a234df4e61adcdcdd6e99128d5
a0537c4fd9267816109fa9fd77052c969dac9adc
49bd64e821a4f0003960533076fb7102c76efc6f05cbcb40517229b21ef5b579

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

HTTP Headers

GET /download/game/Rust.zip HTTP/1.1
Host: eb3.whitebaba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 23:11:25 GMT
content-type: application/zip
content-length: 11490003
last-modified: Sun, 14 Apr 2024 20:36:59 GMT
etag: "661c3e6b-af52d3"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HR%2FbX15IVFtLVVK%2BpfdOctfV%2BjxwKKLrjZe%2FCfl9DKxJjizwPSmYpBdPf7EOB5KRWrBV4X5GQFUb4m5aoM%2Ft8STHi3N9jLrgH3Oq4fe8FUBXKMW0O5XRjlsuJO1DxuiCsR9ytA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8760180ef823b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers