Report - lecudasecurity.co.za/Aku%20sayang%20kamu.zip

Report Overview

Submitted URL
lecudasecurity.co.za/Aku%20sayang%20kamu.zip
IP
41.185.64.62
ASN
#36943 ZA-1-Grid
Submitted
2024-03-28 22:11:06
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
60

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lecudasecurity.co.za	unknown	2021-11-16	2021-11-17	2024-01-08	498 B	558 kB	41.185.64.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
lecudasecurity.co.za/Aku%20sayang%20kamu.zip
IP
41.185.64.62
ASN
#36943 ZA-1-Grid

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
558 kB (557703 bytes)
Hash
f551d3a7e2e903493af2eb95fe93055b
5345ee51f851421e8467946c1de394c443aa2007
6cc09deb3b2e999ac50c196d51cdf80f23814999ea45f95298f7fca2884709c1

Archive (24)

Filename

Md5

File type

akunorak;(.PhP7

ded4d43e9068719af05faf2f39bf1cd1

PHP script, ASCII text

ditolak#.php

9c7fe45aa3f9114610f3f47da3ea6f53

HTML document, ASCII text, with very long lines (1069)

Ganja403.php

43294f5cc4ccffb0425ebc48555dae59

JavaScript source, ASCII text, with very long lines (1069)

fine.PhP5

8231b8416ee3eab08638bce2724a91d7

PHP script, ASCII text, with very long lines (2281), with CRLF line terminators

Attack.PhP7

8231b8416ee3eab08638bce2724a91d7

PHP script, ASCII text, with very long lines (2281), with CRLF line terminators

wibu.PhP7

51645f25c1826a95a8e07aff07ee42f3

PHP script, Unicode text, UTF-8 text, with very long lines (1791)

asu.php7

77954b66d9a27cdd9b23ddc643dbb5ba

PHP script, ASCII text, with very long lines (2052)

Shell.PhP7

b89755fdf59169ada4610671fc1ab212

Unicode text, UTF-8 text, with very long lines (65531), with no line terminators

mass.PhP7

439a9452f461c32dc62a72e92d100a27

PHP script, ASCII text, with CRLF line terminators

Hehe.php

33b6e8f167c9d34b49ad707791249abe

JavaScript source, ASCII text, with very long lines (1564), with CRLF, LF line terminators

mmct.php

2b8fdf0f57a6abd257e23ade0ecfce2b

PHP script, ASCII text, with very long lines (2541), with CRLF line terminators

Mass.sh

818f172b4cc7dade9c7becc7f0e30218

Bourne-Again shell script, ASCII text executable, with CRLF line terminators

wso.php

07a3fe9875d3a8b7c57874c4cc509929

PHP script, Unicode text, UTF-8 text, with very long lines (2504)

deface.php

439a9452f461c32dc62a72e92d100a27

PHP script, ASCII text, with CRLF line terminators

gel4y.PhP7

d56c2f7d6c85df2db68856ed70eb1d9e

PHP script, ASCII text, with very long lines (2709)

kalera.php

8d82c81fa35ba8949d408e101416d7f4

PHP script, ASCII text, with very long lines (1612)

Mah.PhP56

24597a530ba20d0d907ce39ebb1d7194

PHP script, Unicode text, UTF-8 text, with very long lines (2975)

hatikamu$.php7

8d83bc138670daa06ea242c348b01e50

PHP script, ASCII text, with CRLF line terminators

ezz.php.txt

86425213bdea3247879811dce3860259

HTML document, ASCII text, with very long lines (1564), with CRLF line terminators

cpanel.php

8d82c81fa35ba8949d408e101416d7f4

PHP script, ASCII text, with very long lines (1612)

UnknownSec.PhP7

a4809fc3a5c2fa7a52cda2eb65a096c6

PHP script, ASCII text, with very long lines (3443), with CRLF line terminators

Heart.PhP2024

2a78a8268986010a0ad7a0c55b7e8d1e

PHP script, ASCII text, with very long lines (2709), with CRLF line terminators

indoXploite.PhP404

12b68bbbcc86c2f268b0825a0134bb37

HTML document, Unicode text, UTF-8 text, with very long lines (4078), with CRLF line terminators

panelc.php.jpg

29ac5eb074d35b97392ea0b1ea0b3072

PHP script, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	php webshell containing base64 encoded payload
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
Public Nextron YARA rules	malware	Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	php webshell containing base64 encoded payload
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
Public Nextron YARA rules	malware	Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt
Public Nextron YARA rules	malware	PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
Public Nextron YARA rules	malware	Chinese Hacktool Set - file templatr.php
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	PHP webshell obfuscated
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell obfuscated
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell containing base64 encoded payload
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Webshell which sends eval/assert via GET
Public Nextron YARA rules	malware	Web Shell - file r57142.php
Public Nextron YARA rules	malware	Web Shell - file 404.php
Public Nextron YARA rules	malware	Semi-Auto-generated - file wso.txt
Public Nextron YARA rules	malware	Semi-Auto-generated - from files multiple_php_webshells
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	PHP webshell obfuscated
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	php webshell containing base64 encoded payload
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	php webshell containing base64 encoded payload
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules	malware	PHP webshell obfuscated
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	php webshell containing base64 encoded payload
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Semi-Auto-generated - from files multiple_php_webshells
Public Nextron YARA rules	malware	Detects hex encoded code that has been base64 encoded
Public Nextron YARA rules	malware	PHP webshell obfuscated by encoding of mixed hex and dec
Public Nextron YARA rules	malware	PHP webshell which eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell using some kind of eval with encoded blob to decode
Public Nextron YARA rules	malware	Detects malware from NK APT incident DE

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	lecudasecurity.co.za/Aku%20sayang%20kamu.zip	41.185.64.62	200 OK	558 kB
URL User Request GET HTTP/1.1 lecudasecurity.co.za/Aku%20sayang%20kamu.zip IP 41.185.64.62:443 ASN #36943 ZA-1-Grid Certificate IssuercPanel, Inc. Subjectlecudasecurity.co.za FingerprintE3:E1:02:F9:9C:E4:8A:22:2B:29:34:E9:D9:40:65:26:08:8B:80:99 ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 558 kB (557703 bytes) Hash f551d3a7e2e903493af2eb95fe93055b 5345ee51f851421e8467946c1de394c443aa2007 6cc09deb3b2e999ac50c196d51cdf80f23814999ea45f95298f7fca2884709c1 HTTP Headers `GET /Aku%20sayang%20kamu.zip HTTP/1.1 Host: lecudasecurity.co.za User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 22:10:40 GMT Server: Apache Last-Modified: Tue, 05 Mar 2024 19:16:01 GMT Accept-Ranges: bytes Content-Length: 557703 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/zip`

lecudasecurity.co.za/Aku%20sayang%20kamu.zip

41.185.64.62

200 OK

558 kB

URL User Request GET HTTP/1.1
lecudasecurity.co.za/Aku%20sayang%20kamu.zip
IP
41.185.64.62:443
ASN
#36943 ZA-1-Grid

Certificate
IssuercPanel, Inc.
Subjectlecudasecurity.co.za
FingerprintE3:E1:02:F9:9C:E4:8A:22:2B:29:34:E9:D9:40:65:26:08:8B:80:99
ValiditySun, 24 Mar 2024 00:00:00 GMT - Sat, 22 Jun 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
558 kB (557703 bytes)
Hash
f551d3a7e2e903493af2eb95fe93055b
5345ee51f851421e8467946c1de394c443aa2007
6cc09deb3b2e999ac50c196d51cdf80f23814999ea45f95298f7fca2884709c1

HTTP Headers

GET /Aku%20sayang%20kamu.zip HTTP/1.1
Host: lecudasecurity.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 22:10:40 GMT
Server: Apache
Last-Modified: Tue, 05 Mar 2024 19:16:01 GMT
Accept-Ranges: bytes
Content-Length: 557703
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers