Report - www.rfideas.com/sites/default/files/pcProxAPI-7.5.1.zip

Report Overview

Submitted URL
www.rfideas.com/sites/default/files/pcProxAPI-7.5.1.zip
IP
34.238.11.122
ASN
#14618 AMAZON-AES
Submitted
2024-05-04 00:59:01
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.rfideas.com	unknown	1996-10-25	2012-10-16	2023-11-20	509 B	1.6 MB	34.238.11.122
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-02	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.rfideas.com/sites/default/files/pcProxAPI-7.5.1.zip
IP
34.238.11.122
ASN
#14618 AMAZON-AES

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
1.6 MB (1623038 bytes)
Hash
9e28be38e24c8f0dc05530689e08bdbd
84f120de833a94aae900ec5a8742575f6427093b
ac1073fce9a6e5347652d50d2859bc4096c8e593fdcad820bdef979272794fa2

Archive (53)

Filename

Md5

File type

LicenseAgreementEULA.pdf

a5b46b54ca9590374cc47a84f9735dc8

PDF document, version 1.5, 6 pages (zip deflate encoded)

PcProxAPI-7.pdf

0ebad41e5d822d3c4b2431e8b016ac7f

PDF document, version 1.3, 366 pages

readercomm.au3

4af8046fed3762b23c535ea276dd3996

C source, Unicode text, UTF-8 text, with CRLF line terminators

ReadMe.txt

10bdab6a72f6cba78ced0b97d48c84a8

ASCII text, with CRLF line terminators

beacon.c

590dae62b72799b0a8ab188ffb350dcb

C source, Unicode text, UTF-8 text, with CRLF line terminators

beacon.vcxproj

72943abed22b0abb6c6a4b9b659fd42d

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

beacon.vcxproj.filters

972dc497639f46bfcfbb59e3bc4f0ac3

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

BLE_Example.sln

cdfdc42bf5237407236c47a7c747ef71

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

apitypes.h

fceeb60aa10a0e7df240029be04ee744

C source, ASCII text, with CRLF line terminators

cmd_def.c

3d9e9b17fd72e510b614f8e889515645

C source, ASCII text, with CRLF line terminators

cmd_def.h

94ce6e9fc9a592ffef77030fad14c7eb

C source, ASCII text, with CRLF line terminators

commands.c

691b199806aa1b417e4982196b055565

C source, ASCII text, with CRLF line terminators

README.md

2a5c6a683f8bf5c83b895b592c901c93

ASCII text, with CRLF line terminators

scanner.c

5b382ba0682adc2791160228f0f3222d

C source, Unicode text, UTF-8 text, with CRLF line terminators

scanner.vcxproj

5dc232a396721c097883fbc1af026d00

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

scanner.vcxproj.filters

71397ca099969bd97ae53e5e9a8ec749

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

serialdriver.c

786d544a5fcbde7495bfe01ad38a7f8f

C source, ASCII text, with CRLF line terminators

serialdriver.h

441ac86aa341ee37f419081e2128dc5b

C source, ASCII text, with CRLF line terminators

App.config

3f9b7c50015ca8be5ec84127bb37e2cb

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

pcproxlib.cs

d9277fd4ac863868064b14e50c563e91

C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Program.cs

a14d53afea4bb4deb36d7008121828c9

C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

AssemblyInfo.cs

dd6438894b2559821f46d4438fdc6ff6

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readercomm.csproj

cf0a1e240356170b1ea15d1e09ceeab1

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readercomm.sln

af5348638eaf5d84bc0b0e429259dd77

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

ReadMe.txt

bcc14f9606139954cf5b2127522d8327

ASCII text, with CRLF line terminators

Makefile

5d32468dd203c307f4b9437a95b35767

makefile script, ASCII text, with CRLF line terminators

readercomm.cpp

27f9fab5a1a5418815015ad42ea42b08

C source, Unicode text, UTF-8 text, with CRLF line terminators

readercomm.sln

d6bfffdf0bb253f5fed93da774aa88e6

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readercomm.vcxproj

54ba8e7c86160eaff59d538af7e112a5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

ReadMe.txt

0152084744a406224007db50b8b6dacf

Microsoft HTML Help Project

readercomm.java

d2ab0c30f687574d88d20d9e12dfd233

Java source, Unicode text, UTF-8 text, with CRLF line terminators

ReadMe.txt

27777a6c870f1e78cf11ee51ee5d17b9

ASCII text, with CRLF line terminators

readercomm.py

50be653c4dad047fed74dab29ce12997

Python script, ASCII text executable, with CRLF line terminators

ReadMe.txt

f6d9dc4919428a65d85be6b8be5014b6

ASCII text, with CRLF line terminators

App.config

3f9b7c50015ca8be5ec84127bb37e2cb

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Module1.vb

55cd72be23585890f5581aa2ea4b77d3

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Application.Designer.vb

9ab4249ffdd29aa630e238acaec1aa17

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Application.myapp

ecc20c642bde7b594bc4e84dab249c91

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

AssemblyInfo.vb

5155d05302bfec8f004fe1fab57d43c9

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Resources.Designer.vb

c34b34ebf43b5d4e530b99037d06e22c

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Resources.resx

0cd8c971317d19bbed44757809bcb92b

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Settings.Designer.vb

eace6dbb3be84a6481b207abe6bbacae

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Settings.settings

4a12ce12282d0ee237b12e7513037c50

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

PcProxAPIWrapper.vb

2d34c280ee4e0aa25a9b2ee91303b1d9

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readercomm.sln

3828827a83e779c91b6deca283fbd508

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readercomm.vbproj

5327bf8832365652593c8f6e350bca75

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

ReadMe.txt

825508af9372c0d658a19c2e82a86892

Microsoft HTML Help Project

pcProxAPI.h

2089be34cacf03e9a4ac52cf915facf7

C source, Unicode text, UTF-8 text, with CRLF line terminators

pcProxAPI.dll

7e4ff135187e924ab5e9af57f063257a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

pcProxAPI.lib

4bf8353fa573249af8d2185d06886a2a

current ar archive

pcProxAPI.dll

d522c17e1620d9f3affe969c2e8ed089

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

pcProxAPI.lib

19f5b596aac79018239d44390816a1ea

current ar archive

ReadMe.pdf

862820f53d912676431331289ee97e9e

PDF document, version 1.5, 5 pages

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	www.rfideas.com/sites/default/files/pcProxAPI-7.5.1.zip	34.238.11.122	200 OK	1.6 MB
URL User Request GET HTTP/2 www.rfideas.com/sites/default/files/pcProxAPI-7.5.1.zip IP 34.238.11.122:443 ASN #14618 AMAZON-AES Certificate IssuerLet's Encrypt Subjectrfideas.com FingerprintCA:4E:A8:78:3C:B6:D5:4E:E2:FE:62:06:7F:58:3D:9D:7C:16:4F:88 ValidityTue, 12 Mar 2024 16:12:44 GMT - Mon, 10 Jun 2024 16:12:43 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 1.6 MB (1623038 bytes) Hash 9e28be38e24c8f0dc05530689e08bdbd 84f120de833a94aae900ec5a8742575f6427093b ac1073fce9a6e5347652d50d2859bc4096c8e593fdcad820bdef979272794fa2 HTTP Headers `GET /sites/default/files/pcProxAPI-7.5.1.zip HTTP/1.1 Host: www.rfideas.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes cache-control: max-age=31536000 content-type: application/zip date: Sat, 04 May 2024 00:58:36 GMT etag: "626aa45c-18c3fe" expires: Sun, 04 May 2025 00:58:36 GMT last-modified: Thu, 28 Apr 2022 14:27:40 GMT strict-transport-security: max-age=0 traceresponse: 00-17cc23402ac15f56133faeffdc2a3ea5-356e052a787f7993-01 vary: Accept-Encoding x-debug-info: eyJyZXRyaWVzIjowfQ== x-platform-cluster: ftimtubo6a5qs-master-7rqtwti x-platform-processor: 3y6mqarconq4ookyptusreeemi x-platform-router: bwjxlupps4t5mjopznty6ape3e content-length: 1623038 X-Firefox-Spdy: h2

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=HkMY7tKS97k7XdjC9afkoqo5nLl3Dehhrs408B_IXongv1FK5MyZERXfFlChckB_rDxRQsik3v0UsihmX5DQf6Qu1NoHcNC82Q3L4TaoyvZnnJoufMWNjY3_0gv2sY6o strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Sat, 04 May 2024 00:58:13 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 41 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (53)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers