Report - dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R9

Report Overview

Visited public
2024-07-02 09:49:12
Tags
URL
dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R9_STIG.zip
Finishing URL
about:privatebrowsing
IP / ASN
54.240.174.44
#16509 AMAZON-02
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-30 18:17:38	1.6 kB	4.4 kB	23.36.76.226
ocsp.entrust.net	1208	1997-07-28	2014-01-10 03:18:45	2024-06-30 18:12:02	656 B	3.9 kB	184.24.45.171
dl.dod.cyber.mil	933999	unknown	2020-05-03 11:53:35	2024-01-15 14:53:00	538 B	1.2 MB	54.240.174.44

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R9_STIG.zip
IP
54.240.174.44
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.2 MB (1178948 bytes)
Hash
7f5d8a14bf80ea79fc104232862b1373
69e3e2ead08af28ac867a1e76bb6e75e593e84f0
7cb96d6e163a94e420962c7acfdc37c890bc5143383dbdb61fe0adc27cd653d3

Archive (11)

Filename

Md5

File type

DOD_EP_V3.xml

2969e93e25a3d83a36c73cb1fa77c703

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

MSS-legacy.adml

9051f7c44f76ae663d52582927e030d7

ASCII text, with CRLF line terminators

MSS-legacy.admx

d6ed8f967016e69df98f35cd789fa977

ASCII text, with very long lines (332), with CRLF line terminators

SecGuide.adml

672fce6a8bf2dd19297f705b5c5ec9da

XML 1.0 document, ASCII text, with very long lines (362), with CRLF line terminators

SecGuide.admx

6d11f31198419c37be9f7315a434be1e

XML 1.0 document, ASCII text, with CRLF line terminators

DoD-DISA-logos-as-JPEG.JPG

54b5df617d6b5429ef491b646365b7a9

JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 1100x330, components 3

STIG_unclass.xsl

f3b1a3299f26ea57dbbe1d6c730f28f6

XML 1.0 document, ASCII text, with CRLF line terminators

U_MS_Windows_Server_2019_STIG_V2R9_Manual-xccdf.xml

ab4edf7aecd66e18f74669d40b9594d0

XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators

U_MS_Windows_Server_2019_V2R9_Overview.pdf

33ba0e8ca74867c6b27e760fc894ff82

PDF document, version 1.6 (zip deflate encoded)

U_MS_Windows_Server_2019_V2R9_Revision_History.pdf

9ce4d5d552d49151ad7308791e81c909

PDF document, version 1.6 (zip deflate encoded)

U_Readme_SRG_and_STIG.pdf

80da0676c2b71e13ab871eb29dc5c1a9

PDF document, version 1.6 (zip deflate encoded)

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

JavaScript (0)

HTTP Transactions (8)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash b7dbdd91e33b4b40b990affe38907ed8 8c1dc814dfd071e0c4dcfc0f5429eb7c221d609a 842512e65717b866647d52bc726c962cc42c7e2027c53a2b5b79d7b86d2e50fc HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "842512E65717B866647D52BC726C962CC42C7E2027C53A2B5B79D7B86D2E50FC" Last-Modified: Sun, 30 Jun 2024 13:53:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6832 Expires: Tue, 02 Jul 2024 11:42:38 GMT Date: Tue, 02 Jul 2024 09:48:46 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash f6d043d7b5e98906db1fe2695e98859c 154db889ef567d2839bb7eaa15818cd546495b4f f4fcc79261acda8e1cb81b9fc6524ee560b60740b0cf8107308dc82750dc079a HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F4FCC79261ACDA8E1CB81B9FC6524EE560B60740B0CF8107308DC82750DC079A" Last-Modified: Sat, 29 Jun 2024 23:47:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15851 Expires: Tue, 02 Jul 2024 14:12:57 GMT Date: Tue, 02 Jul 2024 09:48:46 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 6809014b6f52128eea64522a888ef559 c5403c0900fff6604a4f58e3cd83a67d587c7ac2 c6035fcd2c47b60fecbb2f86f67249e4fe21736a75c6cf000f5e9212f88c154d HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "C6035FCD2C47B60FECBB2F86F67249E4FE21736A75C6CF000F5E9212F88C154D" Last-Modified: Tue, 02 Jul 2024 04:18:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12035 Expires: Tue, 02 Jul 2024 13:09:21 GMT Date: Tue, 02 Jul 2024 09:48:46 GMT Connection: keep-alive`

	ocsp.entrust.net/	184.24.45.171		1.6 kB
URL ocsp.entrust.net/ IP 184.24.45.171:0 ASN #16625 AKAMAI-AS File type data Size 1.6 kB (1588 bytes) Hash 4164d7ce54f0d980bd65a6037c45358e db35cc4c1315e89ddf93a5676af433b8b6c3e119 0d7dd5712fcd53fe212fc040f65e91b3a42c3c1cd6ee58e879a3c076676b7680 HTTP Headers `POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "0D7DD5712FCD53FE212FC040F65E91B3A42C3C1CD6EE58E879A3C076676B7680" Last-Modified: Tue, 02 Jul 2024 00:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3600 Expires: Tue, 02 Jul 2024 10:48:46 GMT Date: Tue, 02 Jul 2024 09:48:46 GMT Connection: keep-alive`

	dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R9_STIG.zip	54.240.174.44	200 OK	1.2 MB
URL User Request GET HTTP/2 dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R9_STIG.zip IP 54.240.174.44:443 ASN #16509 AMAZON-02 Certificate IssuerEntrust, Inc. Subjectpublic.cyber.mil FingerprintE1:A4:61:60:B9:54:C8:34:4E:B3:AB:30:DA:23:DE:44:2C:9D:14:B8 ValidityWed, 10 Apr 2024 00:03:15 GMT - Mon, 14 Apr 2025 00:03:14 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 1.2 MB (1178948 bytes) Hash 7f5d8a14bf80ea79fc104232862b1373 69e3e2ead08af28ac867a1e76bb6e75e593e84f0 7cb96d6e163a94e420962c7acfdc37c890bc5143383dbdb61fe0adc27cd653d3 HTTP Headers GET /wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R9_STIG.zip HTTP/1.1 Host: dl.dod.cyber.mil User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/zip content-length: 1178948 date: Mon, 01 Jul 2024 11:44:38 GMT x-amz-replication-status: COMPLETED last-modified: Thu, 02 May 2024 14:10:43 GMT etag: "7f5d8a14bf80ea79fc104232862b1373" x-amz-server-side-encryption: AES256 x-amz-version-id: TdU7XlXF67L.8kG2Wjsly68X8ntqIrAA accept-ranges: bytes server: AmazonS3 x-cache: Hit from cloudfront via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 alt-svc: h3=":443"; ma=86400 x-amz-cf-id: XUy5Ghy7RqC0cwfM72lEPPy891YwOEtrRy4tUzXK7qtJqXya3P6gtg== age: 79449 X-Firefox-Spdy: h2

	ocsp.entrust.net/	184.24.45.171		1.6 kB
URL ocsp.entrust.net/ IP 184.24.45.171:0 ASN #16625 AKAMAI-AS File type data Size 1.6 kB (1588 bytes) Hash 4164d7ce54f0d980bd65a6037c45358e db35cc4c1315e89ddf93a5676af433b8b6c3e119 0d7dd5712fcd53fe212fc040f65e91b3a42c3c1cd6ee58e879a3c076676b7680 HTTP Headers `POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "0D7DD5712FCD53FE212FC040F65E91B3A42C3C1CD6EE58E879A3C076676B7680" Last-Modified: Tue, 02 Jul 2024 00:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3540 Expires: Tue, 02 Jul 2024 10:47:47 GMT Date: Tue, 02 Jul 2024 09:48:47 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6147 Expires: Tue, 02 Jul 2024 11:31:15 GMT Date: Tue, 02 Jul 2024 09:48:48 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34" Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6147 Expires: Tue, 02 Jul 2024 11:31:15 GMT Date: Tue, 02 Jul 2024 09:48:48 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (11)

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers