www.elcomsoft.com/download/alpr.zip
35.161.100.221301 Moved Permanently 194 B URL User Request GET HTTP/1.1 www.elcomsoft.com/download/alpr.zip
IP 35.161.100.221:443
Certificate IssuerSectigo Limited
Subject*.elcomsoft.com
FingerprintC5:41:90:4E:64:72:1C:B0:27:D2:C8:1B:F1:9E:33:D5:3A:2B:D8:07
ValidityTue, 19 Dec 2023 00:00:00 GMT - Sat, 18 Jan 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash a718c83022dda2cc03813d97ea9f3a9a
b1e7b25d45f5ea8562a6f7c372491fecec492ad4
e4ef2bd88e50ff8bba2faca31902a8e033531912c11f6ad23dc1fc74a2f38ba8
GET /download/alpr.zip HTTP/1.1
Host: www.elcomsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 16 Apr 2024 10:03:06 GMT
Content-Type: text/html
Content-Length: 194
Location: https://www.elcomsoft.com/download/alpr_setup_en.msi
Connection: keep-alive
Strict-Transport-Security: max-age=15768000
www.elcomsoft.com/download/alpr_setup_en.msi
35.161.100.221302 Found 0 B URL User Request GET HTTP/1.1 www.elcomsoft.com/download/alpr_setup_en.msi
IP 35.161.100.221:443
Certificate IssuerSectigo Limited
Subject*.elcomsoft.com
FingerprintC5:41:90:4E:64:72:1C:B0:27:D2:C8:1B:F1:9E:33:D5:3A:2B:D8:07
ValidityTue, 19 Dec 2023 00:00:00 GMT - Sat, 18 Jan 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/alpr_setup_en.msi HTTP/1.1
Host: www.elcomsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 16 Apr 2024 10:03:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: PHPSESSID=gjrm1qb1iaq7rdenadpm2c0sa3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://download_de.elcomsoft.com/alpr_setup_en.msi
X-Frame-Options: SAMEORIGIN
download_de.elcomsoft.com/alpr_setup_en.msi
88.198.215.59200 OK 21 MB URL User Request GET HTTP/1.1 download_de.elcomsoft.com/alpr_setup_en.msi
IP 88.198.215.59:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerSectigo Limited
Subject*.elcomsoft.com
FingerprintC5:41:90:4E:64:72:1C:B0:27:D2:C8:1B:F1:9E:33:D5:3A:2B:D8:07
ValidityTue, 19 Dec 2023 00:00:00 GMT - Sat, 18 Jan 2025 23:59:59 GMT
Size 21 MB (20606976 bytes)
Hash 7de1e2ff588fead5adccc62bdb943639
15188de57e8e9663d5f3ff48eff1300a76ebf091
eeb9684ef4105b1c01f4e1ba31233b6aab3be3c4bc19b4586acfbdfae109f202
Analyzer Verdict Alert YARAhub by abuse.ch malware Related to CVE-2023-36884. Hunts for any zip-like archive (eg. office documents) that have an embedded .rtf file, based on the '.rtf' extension of the file.
GET /alpr_setup_en.msi HTTP/1.1
Host: download_de.elcomsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 16 Apr 2024 10:03:06 GMT
Content-Type: application/octet-stream
Content-Length: 20606976
Last-Modified: Tue, 28 Aug 2018 13:48:14 GMT
Connection: keep-alive
ETag: "5b85529e-13a7000"
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes