Report - erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation

Report Overview

Submitted URL
erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip
IP
3.5.29.48
ASN
#14618 AMAZON-AES
Submitted
2024-05-08 10:44:56
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
erwin-us.s3.amazonaws.com	unknown	2005-08-18	2022-07-05	2024-01-15	531 B	22 kB	52.217.114.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip
IP
52.217.114.105
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
22 kB (21639 bytes)
Hash
06a6c629ddd186b7766bbface117d5ac
dd200397ffbaf1d7b748c10587c2c60b319d9931
1f166ff0c09ee0f18315e7f479c57bed59600cbd2ef62f9b018e31cc4778b41f

Archive (8)

Filename

Md5

File type

DQLabs_Linux_1_10_0.sh

300097930279a57e515982eed458d530

Bourne-Again shell script, ASCII text executable, with very long lines (473), with CRLF line terminators

DQLabs_Linux_Upgrade_to_V1_10_0.sh

41b2081627260662f8157a5618d93203

Bourne-Again shell script, ASCII text executable, with CRLF line terminators

DQLabs_URLs_Validating_Script.ps1

3370797cd7e01ab46d99cf18cebe14f5

ASCII text, with CRLF line terminators

DQLabs_Windows_Prerequisites_install_V1_10_0.ps1

38d75316266b7b50b772efad794eaf0c

Unicode text, UTF-8 (with BOM) text, with very long lines (668), with CRLF line terminators

DQLabs_Windows_Server_Deployment_V1_10_0.ps1

0233ea9f1e46d5fd3f0b4ee56632f3ce

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

DQLabs_Windows_Backup_V1_10_0.ps1

7084acf48f487b67d99ff77060375fcd

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

DQLabs_Windows_Client_Code_Upgrade_V1_10_0.ps1

1813a2129756872de77fcd85d072e624

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

DQLabs_Windows_Server_Deployment_V1_10_0.ps1

e58fc47139d7853dc74813f80a5778ec

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip	52.217.114.105	200 OK	22 kB
URL User Request GET HTTP/1.1 erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip IP 52.217.114.105:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 22 kB (21639 bytes) Hash 06a6c629ddd186b7766bbface117d5ac dd200397ffbaf1d7b748c10587c2c60b319d9931 1f166ff0c09ee0f18315e7f479c57bed59600cbd2ef62f9b018e31cc4778b41f HTTP Headers GET /Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip HTTP/1.1 Host: erwin-us.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: M9+2EMFSkjJtM+I7k37ioCwmRJTVjJdodd9uZpOVhwgt8AC+uR0tnuqs7OawYnrjc10pJuaS88w= x-amz-request-id: TGMK0NMXD1NTAXNR Date: Wed, 08 May 2024 10:44:31 GMT Last-Modified: Mon, 18 Dec 2023 16:54:59 GMT ETag: "06a6c629ddd186b7766bbface117d5ac" x-amz-server-side-encryption: AES256 x-amz-version-id: 0itQIUZNpbzHWxNwWHqRZgVJeoyDCV0_ Accept-Ranges: bytes Content-Type: application/zip Server: AmazonS3 Content-Length: 21639`

erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip

52.217.114.105

200 OK

22 kB

URL User Request GET HTTP/1.1
erwin-us.s3.amazonaws.com/Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip
IP
52.217.114.105:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
22 kB (21639 bytes)
Hash
06a6c629ddd186b7766bbface117d5ac
dd200397ffbaf1d7b748c10587c2c60b319d9931
1f166ff0c09ee0f18315e7f479c57bed59600cbd2ef62f9b018e31cc4778b41f

HTTP Headers

GET /Support/ADS/v13.2/erwin_DQ_Installation_Scripts.zip HTTP/1.1
Host: erwin-us.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: M9+2EMFSkjJtM+I7k37ioCwmRJTVjJdodd9uZpOVhwgt8AC+uR0tnuqs7OawYnrjc10pJuaS88w=
x-amz-request-id: TGMK0NMXD1NTAXNR
Date: Wed, 08 May 2024 10:44:31 GMT
Last-Modified: Mon, 18 Dec 2023 16:54:59 GMT
ETag: "06a6c629ddd186b7766bbface117d5ac"
x-amz-server-side-encryption: AES256
x-amz-version-id: 0itQIUZNpbzHWxNwWHqRZgVJeoyDCV0_
Accept-Ranges: bytes
Content-Type: application/zip
Server: AmazonS3
Content-Length: 21639

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers