Report - st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc=

Report Overview

Visited public
2024-12-08 07:26:29
Tags
URL
st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc=
Finishing URL
about:privatebrowsing
IP / ASN
104.26.4.128
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
st1.ranoz.gg	unknown	2024-07-27	2024-08-26	2024-12-06	574 B	6.4 MB	172.67.72.211

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc=
IP
172.67.72.211
ASN
#13335 CLOUDFLARENET

File type
7-zip archive data, version 0.4
Size
6.4 MB (6403658 bytes)
Hash
65836fb42edd9e42a0b0f7b3a0705549
144abb6026018004e2ebd84d8b84b537b10a549f
d28912cce9427337c6f397767f70ae265b02b08cb3232dc95954a656846ad6d6

Archive (6)

Filename

Md5

File type

kuyhAa.Me.url

b6f5ce7267c50cf195b1ae2a8eaec913

MS Windows 95 Internet shortcut text (URL=<http://www.kuyhaa.me/>), ASCII text, with CRLF line terminators

Traktir Kopi.url

cede76e1dc338ac0320b98dec0286fd8

MS Windows 95 Internet shortcut text (URL=<https://bit.ly/spprtkopi>), ASCII text, with CRLF line terminators

VERYSILENT.url

b6f5ce7267c50cf195b1ae2a8eaec913

MS Windows 95 Internet shortcut text (URL=<http://www.kuyhaa.me/>), ASCII text, with CRLF line terminators

www.kuyhAa.Me.url

30baba57cbaa11c62bcc649938f40566

MS Windows 95 Internet shortcut text (URL=<https://www.kuyhaa.me/>), ASCII text, with CRLF line terminators

_Silent Install.cmd

52bd87bcb48009e3ef7e813a62eb76a7

DOS batch file, ISO-8859 text, with CRLF line terminators

StartAllBack AiO 3.9.0.5216.exe

e3c31684aefacbf9167b55de96a33ce9

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Scans presence of the found strings using the in-house brute force method

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc=	172.67.72.211	200 OK	6.4 MB
URL User Request GET HTTP/2 st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc= IP 172.67.72.211:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectst1.ranoz.gg Fingerprint02:5F:5C:24:B8:D9:06:36:25:F1:B4:57:DF:E0:89:C9:BB:25:4A:40 ValidityMon, 14 Oct 2024 15:20:34 GMT - Sun, 12 Jan 2025 16:20:32 GMT File type 7-zip archive data, version 0.4 Size 6.4 MB (6403658 bytes) Hash 65836fb42edd9e42a0b0f7b3a0705549 144abb6026018004e2ebd84d8b84b537b10a549f d28912cce9427337c6f397767f70ae265b02b08cb3232dc95954a656846ad6d6 HTTP Headers GET /pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc= HTTP/1.1 Host: st1.ranoz.gg User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sun, 08 Dec 2024 07:26:03 GMT content-length: 6403658 cf-ray: 8eeb06661f3cb521-OSL cf-cache-status: MISS accept-ranges: bytes cache-control: max-age=14400 content-disposition: attachment; filename*=UTF-8''StartAllBack%203.9.0.5216.kuyhAa.7z etag: "182611eb5475e8c55f73f1c7326dab0f-1" last-modified: Fri, 06 Dec 2024 13:43:54 GMT vary: Accept-Encoding report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRp2ZH6Zj1epbCu8wdeTdad%2BBvpAjClip1Sl5u1LCmho9xCV9ajVPeXPjvzIyMzQzNIoy9xWBEELIjh9PVgnsB6lmS48PljYMwB1iuCuBAc%2FRC0Gos9MyHy0noiiBg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare server-timing: cfCacheStatus;desc="MISS", cfL4;desc="?proto=TCP&rtt=6034&min_rtt=403&rtt_var=11238&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3185&recv_bytes=1198&delivery_rate=8402321&cwnd=254&unsent_bytes=0&cid=99eee7a34aad0c29&ts=258&x=0" X-Firefox-Spdy: h2

st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc=

172.67.72.211

200 OK

6.4 MB

URL User Request GET HTTP/2
st1.ranoz.gg/pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc=
IP
172.67.72.211:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectst1.ranoz.gg
Fingerprint02:5F:5C:24:B8:D9:06:36:25:F1:B4:57:DF:E0:89:C9:BB:25:4A:40
ValidityMon, 14 Oct 2024 15:20:34 GMT - Sun, 12 Jan 2025 16:20:32 GMT

File type
7-zip archive data, version 0.4
Size
6.4 MB (6403658 bytes)
Hash
65836fb42edd9e42a0b0f7b3a0705549
144abb6026018004e2ebd84d8b84b537b10a549f
d28912cce9427337c6f397767f70ae265b02b08cb3232dc95954a656846ad6d6

HTTP Headers

GET /pGPeHn8M-StartAllBack%203.9.0.5216.kuyhAa.7z?verify=1733642731-eNwAv810fydj72M7ZRcw6WTVsZKtkZvLjkvx2KXzvXc= HTTP/1.1
Host: st1.ranoz.gg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Dec 2024 07:26:03 GMT
content-length: 6403658
cf-ray: 8eeb06661f3cb521-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: max-age=14400
content-disposition: attachment; filename*=UTF-8''StartAllBack%203.9.0.5216.kuyhAa.7z
etag: "182611eb5475e8c55f73f1c7326dab0f-1"
last-modified: Fri, 06 Dec 2024 13:43:54 GMT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRp2ZH6Zj1epbCu8wdeTdad%2BBvpAjClip1Sl5u1LCmho9xCV9ajVPeXPjvzIyMzQzNIoy9xWBEELIjh9PVgnsB6lmS48PljYMwB1iuCuBAc%2FRC0Gos9MyHy0noiiBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfCacheStatus;desc="MISS", cfL4;desc="?proto=TCP&rtt=6034&min_rtt=403&rtt_var=11238&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3185&recv_bytes=1198&delivery_rate=8402321&cwnd=254&unsent_bytes=0&cid=99eee7a34aad0c29&ts=258&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers