Report Overview

  1. Visited public
    2024-07-16 12:13:10
    Tags
  2. URL

    stepik-files.cyber-ed.space/WhiteHat/courses-shop.zip

  3. Finishing URL

    about:privatebrowsing

  4. IP / ASN
    217.78.234.243

    #9123 TimeWeb Ltd.

    Title
    about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
e6.o.lencr.orgunknown2020-06-292024-06-07 08:35:092024-07-14 18:50:11
stepik-files.cyber-ed.spaceunknownunknownNo dataNo data
r10.o.lencr.orgunknown2020-06-292024-06-06 21:45:112024-07-14 18:12:33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    stepik-files.cyber-ed.space/WhiteHat/courses-shop.zip

  2. IP

    217.78.234.244

  3. ASN

    #9123 TimeWeb Ltd.

  1. File type

    Zip archive data, at least v1.0 to extract, compression method=store

    Size

    3.0 MB (3001564 bytes)

  2. Hash

    5539936cec7512070a7a794c6ae03371

    d3a3487c6f9a38e776189996d9e3406183c6ae15

  1. Archive (36)

  2. FilenameMd5File type
    000-default.conf
    f4e34bbd15332e373698ae10406cabd5
    ASCII text
    index.php
    6f152299ab46b93c1056b48b7c2dab7a
    HTML document, Unicode text, UTF-8 text, with very long lines (2645)
    order.php
    b8f4b36a55eb3b688d3023e9ff2878b1
    PHP script, ASCII text
    index.php
    8d1c610aa3fdab2cd85fb8bd90f9546a
    PHP script, ASCII text
    main.php
    e2d384e9a19db5d3735d6ec7c17e3d66
    PHP script, ASCII text
    otp.php
    521d6116a702aa690b7a0dbd11c8cdc2
    PHP script, ASCII text
    header.inc.php
    a73c14783571eee59ba45ba98d5023da
    HTML document, ASCII text
    config.php
    56fbb88c013e6f64dc6dd9c40fcc8652
    PHP script, ASCII text
    footer.inc.php
    2f44b0b561d535108c8ac70d38bee313
    ASCII text
    config.php
    769cfb2fed8bfbdc62ebd21ba06bfa09
    PHP script, ASCII text
    receipt.php
    191835e831332c29882b5213e2f2bcf2
    PHP script, Unicode text, UTF-8 text, with very long lines (2645)
    bootstrap.min.css
    450fc463b8b1a349df717056fbb3e078
    ASCII text, with very long lines (65325)
    volume.png
    20c60bad37a1218f9263c8a70b56235c
    PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
    form2xml.js
    6e3222f7fbb0d4929c81d56b88bae3bc
    JavaScript source, Unicode text, UTF-8 text
    dot.png
    b686616beeb43fc0eca318f54275f34d
    PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced
    bootstrap.bundle.min.js
    a454220fc07088bf1fdd19313b6bfd50
    JavaScript source, ASCII text, with very long lines (65297)
    pricing.css
    9513ef368337bffcfd2d7e744ac8c655
    ASCII text
    bootstrap.min.js
    14d449eb8876fa55e1ef3c2cc52b0c17
    JavaScript source, ASCII text, with very long lines (48664)
    apple-touch-icon-57x57.png
    e741ca37ac6bdafb7d41dd31aefbfdad
    PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced
    holder.min.js
    6266d87979b32f717d298f7adf36984a
    JavaScript source, Unicode text, UTF-8 text, with very long lines (32011)
    bootstrap-solid.svg
    ea931a5b98a97e8b8658d9f6d537329e
    SVG Scalable Vector Graphics image
    pictures.png
    a36c8a9ad46ec6d66df2b7cf59d0f8a4
    PNG image data, 114 x 16, 8-bit/color RGBA, non-interlaced
    popper.min.js
    70d3fda195602fe8b75e0097eed74dde
    JavaScript source, ASCII text, with very long lines (19015)
    image.php
    5a09a0b235efba46f2bb42e466671610
    PHP script, ASCII text
    script-bot.sh
    e34df7d948af3d3eeeaf8afa2a9677c7
    Bourne-Again shell script executable (binary data)
    script-db.sh
    387f8251128887d18eaa2172d71113fd
    Bourne-Again shell script executable (binary data)
    script-web.sh
    5eb41768d57d07d4ee55616b76a68400
    Bourne-Again shell script executable (binary data)
    mysql-custom-config.cnf
    3e08204fb27b7cff15e9cf19d2aaba7f
    ASCII text
    requirements.txt
    440438f8451d6c45b52a7381cb0771ee
    ASCII text
    bot.py
    1c2f9ace4093877e69092e2e56950379
    Python script, ASCII text executable
    geckodriver-v0.24.0-linux64.tar.gz
    7552b85e43973c84763e212af7cca566
    gzip compressed data, last modified: Mon Jan 28 22:49:19 2019, from Unix
    start.sh
    8436145b32ea0ba911b7c14551d83afe
    Bourne-Again shell script, ASCII text executable
    docker-compose.yml
    e99d96f078ff86341b1896856945eed0
    ASCII text
    DockerfileBot
    81fd6e2509a7a8e13c190a718e8625a2
    ASCII text
    DockerfileWeb
    c098977c86427943cc1fdf95648eed9e
    ASCII text
    DockerfileDB
    7296f06b7dadb17d94526fdb33956d15
    ASCII text

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
    VirusTotalmalicious

JavaScript (0)

HTTP Transactions (10)

URLIPResponseSize
r10.o.lencr.org/
23.36.76.249 504 B
r10.o.lencr.org/
23.36.76.249 504 B
r10.o.lencr.org/
23.36.76.249 504 B
e6.o.lencr.org/
23.36.76.249 346 B
r10.o.lencr.org/
23.36.76.249 504 B
stepik-files.cyber-ed.space/WhiteHat/courses-shop.zip
217.78.234.244200 OK3.0 MB
r10.o.lencr.org/
23.36.77.32 504 B
r10.o.lencr.org/
23.36.77.32 504 B
r10.o.lencr.org/
23.36.76.249 504 B
r10.o.lencr.org/
23.36.77.32 504 B