Report - kosred.com/a/kpnvfx.txt

Report Overview

Submitted URL
kosred.com/a/kpnvfx.txt
IP
51.158.151.173
ASN
#12876 Scaleway S.a.s.
Submitted
2024-03-28 09:21:57
Access
public
Website Title
kosred.com/a/kpnvfx.txt
Final URL
kosred.com/a/kpnvfx.txt
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kosred.com	unknown	2020-10-21	2020-10-24	2024-03-27	902 B	263 kB	51.158.151.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	kosred.com/a/kpnvfx.txt	Detects a set of reconnaissance commands on Windows systems
2024-03-28	medium	kosred.com/a/kpnvfx.txt	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
2024-03-28	medium	kosred.com/a/kpnvfx.txt	PHP webshell which directly eval()s obfuscated string
2024-03-28	medium	kosred.com/a/kpnvfx.txt	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
2024-03-28	medium	kosred.com/a/kpnvfx.txt	Web Shell - file r57142.php

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

kosred.com/a/kpnvfx.txt

51.158.151.173

200 OK

131 kB

URL User Request GET HTTP/1.1
kosred.com/a/kpnvfx.txt
IP
51.158.151.173:443
ASN
#12876 Scaleway S.a.s.

Certificate
IssuerLet's Encrypt
Subjectkosred.com
Fingerprint03:B8:7C:15:AC:53:8F:F2:2C:26:F7:90:4A:88:51:2F:3F:77:8D:21
ValidityTue, 13 Feb 2024 05:47:35 GMT - Mon, 13 May 2024 05:47:34 GMT

File type
PHP script, ASCII text, with very long lines (19425), with CRLF line terminators
Size
131 kB (131176 bytes)
Hash
6225e894e6b25fa9e5a7e5c03f5d40be
ae3d85a05222f0c19c7eb46ffcfd730f14695396
44445f29393a1d9fb083f2649dec867472c97bfc71943ad8966f7016d58b4887

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a set of reconnaissance commands on Windows systems
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Web Shell - file r57142.php

HTTP Headers

GET /a/kpnvfx.txt HTTP/1.1
Host: kosred.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 09:21:33 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 17 Oct 2023 23:38:10 GMT
ETag: "713ae-607f203fea4b7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

kosred.com/favicon.ico

51.158.151.173

200 OK

131 kB

URL GET HTTP/1.1
kosred.com/favicon.ico
IP
51.158.151.173:443
ASN
#12876 Scaleway S.a.s.

Requested by
https://kosred.com/a/kpnvfx.txt
Certificate
IssuerLet's Encrypt
Subjectkosred.com
Fingerprint03:B8:7C:15:AC:53:8F:F2:2C:26:F7:90:4A:88:51:2F:3F:77:8D:21
ValidityTue, 13 Feb 2024 05:47:35 GMT - Mon, 13 May 2024 05:47:34 GMT

File type
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Size
131 kB (130767 bytes)
Hash
2003db3f84e2d4fb3e059b568607c061
4eead5a216b26ae7113cbfd989b94058b2a10d22
5a8117904d931231dd0e8f6c3ed8c37754df89007d15e2a500b491a94273b348

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kosred.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kosred.com/a/kpnvfx.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 09:21:33 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 11 Nov 2020 15:51:12 GMT
ETag: "1fecf-5b3d6c3c9892c"
Accept-Ranges: bytes
Content-Length: 130767
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers