Report - www.autoitscript.com/forum/files/file/114-captureit/?do=download&r=1825&confirm=1&t=1&csrfKey=3c2297fdd5b90443ec6fe206dd7e7d5c

Report Overview

Visited public
2025-06-07 07:39:20
Tags
URL
www.autoitscript.com/forum/files/file/114-captureit/?do=download&r=1825&confirm=1&t=1&csrfKey=3c2297fdd5b90443ec6fe206dd7e7d5c
Finishing URL
about:privatebrowsing
IP / ASN
212.227.91.231
#8560 IONOS SE
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

1

Threat Detection Systems

4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.autoitscript.com	712355	2004-05-05	2012-05-21	2025-06-05	594 B	791 kB	212.227.91.231

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-07 07:38:57	low	Client IP	212.227.91.231	ET HUNTING Observed Domain (autoitscript .com) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.autoitscript.com/forum/files/file/114-captureit/?do=download&r=1825&confirm=1&t=1&csrfKey=3c2297fdd5b90443ec6fe206dd7e7d5c
IP
212.227.91.231
ASN
#8560 IONOS SE

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
791 kB (790702 bytes)
Hash
58fe96ce0ac6b873c154f216c44aa9a9
758b27ab318eef11e486af684c4bb7bd62528539
c754dc7105e584186f570a96d684e0e298ec4cd49486e401983b5ba911bf280e

Archive (20)

Filename

Md5

File type

English.lng

fb41d8f697d8aca750cd77341fc0d025

Generic INItialization configuration [Translation]

Russian.lng

39be9e1c0ebf49a94992fc750860d964

Generic INItialization configuration [Translation]

CaptureIt.exe

21034aab166a5246a73c9a81534f97e6

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

CaptureIt.ini

84eaa950a81596002575c7f640057285

ASCII text, with CRLF line terminators

Readme.txt

377383b09060f7f8e09a17ce2529acf2

ISO-8859 text, with CRLF line terminators

Capture.wav

d5e37c02ff01e405517d60e3fea202ed

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz

Icons.icl

8c9831a46c9297e36b4ea997e8585da5

PE32 executable (GUI) Intel 80386, for MS Windows

CaptureIt.au3

7a1c3e888932ac3798c37f1bb14642cd

CSV ISO-8859 text

Icon.ico

e2f840c083ff1aa701b73dcc17bf6138

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

AboutBox.au3

2e44e771a8afcd47c3be7f70e0ce19ab

JavaScript source, ISO-8859 text, with CRLF line terminators

GUIHotkey.au3

9014583d8e8779fa5a3ede6529ae10f5

C source, ASCII text, with CRLF line terminators

iUploader.au3

77ab115500525d4573d3edc1e883d153

C source, ASCII text, with CRLF line terminators

WinHttp.au3

afa7267f5340b1c27f738bb121f3810e

C source, ASCII text, with very long lines (503), with CRLF line terminators

WinHttpConstants.au3

b274515d0fb265d6209faee9a6c6da6f

C source, ASCII text, with CRLF line terminators

ZLIB.au3

abcc2a910ef2d73e828bba48c9400759

ASCII text, with very long lines (2062), with CRLF line terminators

ModernMenu.au3

08368dece97e2112ce8445d1db039b5e

C source, ASCII text, with CRLF line terminators

ScrollText.au3

a57c164b8f514ee1f9cfaa24fbf4dff9

C source, ISO-8859 text, with CRLF line terminators

SocialBookmarks.au3

85f2b14580c34c6e72bf91a91c1db41c

C source, ASCII text, with CRLF line terminators

Translation.au3

1d0ff44072aa34ca6d1a4595cb22529e

C source, ASCII text, with very long lines (301), with CRLF line terminators

TreeViewTab.au3

510c6b9c7398651e794ea583f4f573d2

C source, ISO-8859 text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
Public InfoSec YARA rules	malware	Identifies AutoIT script.
VirusTotal	malicious	VirusTotal - Scan result 31/60

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.autoitscript.com/forum/files/file/114-captureit/?do=download&r=1825&confirm=1&t=1&csrfKey=3c2297fdd5b90443ec6fe206dd7e7d5c

212.227.91.231

200 OK

791 kB

URL User Request GET
www.autoitscript.com/forum/files/file/114-captureit/?do=download&r=1825&confirm=1&t=1&csrfKey=3c2297fdd5b90443ec6fe206dd7e7d5c
IP
212.227.91.231:443
ASN
#8560 IONOS SE

Certificate
IssuerLet's Encrypt
Subjectautoitscript.com
FingerprintC4:20:DB:14:A3:15:D8:44:38:73:6B:BB:6A:05:44:A3:6F:CB:E9:AF
ValiditySun, 20 Apr 2025 15:40:22 GMT - Sat, 19 Jul 2025 15:40:21 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
791 kB (790702 bytes)
Hash
58fe96ce0ac6b873c154f216c44aa9a9
758b27ab318eef11e486af684c4bb7bd62528539
c754dc7105e584186f570a96d684e0e298ec4cd49486e401983b5ba911bf280e

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 31/60

HTTP Headers

GET /forum/files/file/114-captureit/?do=download&r=1825&confirm=1&t=1&csrfKey=3c2297fdd5b90443ec6fe206dd7e7d5c HTTP/1.1
Host: www.autoitscript.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jun 2025 07:38:57 GMT
content-type: application/zip
content-length: 790702
accept-ranges: bytes
content-transfer-encoding: binary
content-disposition: attachment; filename="CaptureIt_1.06.zip"
set-cookie: ips4_IPSSessionFront=plrgsa3ktfv61eqha5ag2oul3p; path=/; secure; HttpOnly
content-range: bytes 0-790701/790702
cache-control: max-age=5
expires: Sat, 07 Jun 2025 07:39:02 GMT
vary: Accept-Encoding
x-powered-by: PHP/8.1.32, PleskLin
X-Firefox-Spdy: h2