Report - download.freenew.net/pf-setup.exe

Report Overview

Visited public
2024-08-11 22:18:56
Tags
Submit Tags
URL
download.freenew.net/pf-setup.exe
Finishing URL
about:privatebrowsing
IP / ASN
93.184.221.133
#15133 EDGECAST
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown				2.9 kB	8.0 kB	23.36.77.32
download.freenew.net	unknown				403 B	3.6 MB	93.184.221.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-11 22:18:31	high	93.184.221.133	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c2c08f8e2c667f91e7ee939f41a7ca06
159557c63c8c8ef725ae9b3fec75d5f1810b40d8
68059941cc11a454898b59b485e702d97abe8025bd02657174e26ec24eb68c81

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "68059941CC11A454898B59B485E702D97ABE8025BD02657174E26EC24EB68C81"
Last-Modified: Sun, 11 Aug 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15694
Expires: Mon, 12 Aug 2024 02:40:04 GMT
Date: Sun, 11 Aug 2024 22:18:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2a2d14e098204ee1d1e68f2616277092
f7ec021aa453d577c048bd3898995ddf825aeebb
20e8174590f8ae5789160b7beaa6a42bc90d4312052087181bbafed5f464d7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "20E8174590F8AE5789160B7BEAA6A42BC90D4312052087181BBAFED5F464D7D3"
Last-Modified: Sun, 11 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2561
Expires: Sun, 11 Aug 2024 23:01:11 GMT
Date: Sun, 11 Aug 2024 22:18:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
920e4f3a49784056e5c5faa263b2f6a7
5070431826e2f4b1988fff3b3e6ff8a4e1a97919
037a14a94c65f88afcab57eae3fc805e8115b35825ec9659f173442b45918e8e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "037A14A94C65F88AFCAB57EAE3FC805E8115B35825EC9659F173442B45918E8E"
Last-Modified: Sun, 11 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10891
Expires: Mon, 12 Aug 2024 01:20:01 GMT
Date: Sun, 11 Aug 2024 22:18:30 GMT
Connection: keep-alive

GET download.freenew.net/pf-setup.exe

93.184.221.133

200 OK

3.6 MB

URL User Request GET HTTP/1.1
download.freenew.net/pf-setup.exe
IP
93.184.221.133:80
ASN
#15133 EDGECAST

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
3.6 MB (3566408 bytes)
Hash
b309841cb30d0822e40ad2c6bd2effa8
a7a8170f3c5e6204bd4624effb67caf0dd0689cd
9e275dd9954d99005d4d5528f0a38d8e08b07761638c8ca6f1285e992cc2d3ac

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/69

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /pf-setup.exe HTTP/1.1
Host: download.freenew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 12137110
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Date: Sun, 11 Aug 2024 22:18:31 GMT
Etag: "84440246"
Expires: Sun, 18 Aug 2024 22:18:31 GMT
Last-Modified: Fri, 23 Nov 2012 06:50:10 GMT
Server: ECAcc (ska/F750)
X-Cache: HIT
Content-Length: 3566408

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
24d5ac4a84272d86de181a7791544f41
fa835ee14a3cfcbed175acb393bdb09cd71031a4
8a07c5b6e3ed866da9b88f4fe543f285cf7fde46e2cdae44109fe5e998884240

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8A07C5B6E3ED866DA9B88F4FE543F285CF7FDE46E2CDAE44109FE5E998884240"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3189
Expires: Sun, 11 Aug 2024 23:11:40 GMT
Date: Sun, 11 Aug 2024 22:18:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b3cb4fa78d48efd3475d6c2225a3a440
d25b7736221fe0073288e3ec4950389761ae2a06
799a896dc6357139a345e649d5cc7560ec07901f5a272e102018cb4dc18aebd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "799A896DC6357139A345E649D5CC7560EC07901F5A272E102018CB4DC18AEBD7"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4345
Expires: Sun, 11 Aug 2024 23:30:57 GMT
Date: Sun, 11 Aug 2024 22:18:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b3cb4fa78d48efd3475d6c2225a3a440
d25b7736221fe0073288e3ec4950389761ae2a06
799a896dc6357139a345e649d5cc7560ec07901f5a272e102018cb4dc18aebd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "799A896DC6357139A345E649D5CC7560EC07901F5A272E102018CB4DC18AEBD7"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4345
Expires: Sun, 11 Aug 2024 23:30:57 GMT
Date: Sun, 11 Aug 2024 22:18:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b3cb4fa78d48efd3475d6c2225a3a440
d25b7736221fe0073288e3ec4950389761ae2a06
799a896dc6357139a345e649d5cc7560ec07901f5a272e102018cb4dc18aebd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "799A896DC6357139A345E649D5CC7560EC07901F5A272E102018CB4DC18AEBD7"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4345
Expires: Sun, 11 Aug 2024 23:30:57 GMT
Date: Sun, 11 Aug 2024 22:18:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b3cb4fa78d48efd3475d6c2225a3a440
d25b7736221fe0073288e3ec4950389761ae2a06
799a896dc6357139a345e649d5cc7560ec07901f5a272e102018cb4dc18aebd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "799A896DC6357139A345E649D5CC7560EC07901F5A272E102018CB4DC18AEBD7"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4345
Expires: Sun, 11 Aug 2024 23:30:57 GMT
Date: Sun, 11 Aug 2024 22:18:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b3cb4fa78d48efd3475d6c2225a3a440
d25b7736221fe0073288e3ec4950389761ae2a06
799a896dc6357139a345e649d5cc7560ec07901f5a272e102018cb4dc18aebd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "799A896DC6357139A345E649D5CC7560EC07901F5A272E102018CB4DC18AEBD7"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4345
Expires: Sun, 11 Aug 2024 23:30:57 GMT
Date: Sun, 11 Aug 2024 22:18:32 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP