Report - download.documentfoundation.org/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win

Report Overview

Submitted URL
download.documentfoundation.org/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi
IP
89.238.68.185
ASN
#34240 manitu GmbH
Submitted
2024-03-29 00:47:44
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ftp.snt.utwente.nl	426272	1986-10-16	2017-02-01	2024-03-26	558 B	7.9 MB	130.89.149.20
download.documentfoundation.org	614546	2010-09-15	2013-07-12	2024-03-26	554 B	1.7 kB	89.238.68.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	ftp.snt.utwente.nl/pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi	Related to CVE-2023-36884. Hunts for any zip-like archive (eg. office documents) that have an embedded .rtf file, based on the '.rtf' extension of the file.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ftp.snt.utwente.nl/pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi
IP
130.89.149.20
ASN
#1133 SURF B.V.

File type
Composite Document File V2 Document, Can't read SAT
Size
7.9 MB (7872946 bytes)
Hash
b51542267086238a962922a194ea9f12
d2a320fa2decde84e566bdaa0a4803bbcc3c1d93
0cee143b70e21314b12adb171a6c7f8cea43b15e696cae046726bd0b2aa7a33b

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Related to CVE-2023-36884. Hunts for any zip-like archive (eg. office documents) that have an embedded .rtf file, based on the '.rtf' extension of the file.

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

download.documentfoundation.org/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi

89.238.68.185

302 Found

432 B

URL User Request GET HTTP/2
download.documentfoundation.org/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi
IP
89.238.68.185:443
ASN
#34240 manitu GmbH

Certificate
IssuerLet's Encrypt
Subjectdownload.documentfoundation.org
Fingerprint48:EE:82:F4:80:FB:71:12:4D:3D:87:E0:49:5F:E9:57:D6:42:41:F9
ValiditySun, 10 Mar 2024 02:07:10 GMT - Sat, 08 Jun 2024 02:07:09 GMT

File type
HTML document, ASCII text
Size
432 B (432 bytes)
Hash
d4426ac84a2c3103662f27c6c4c4d1ea
f546fe51d3e6a5982bd9c150c571fd7709e08339
30d0cc86ac5064e6c049e0884bea5dd301e8f219c5779f16670f7eaf315c9aac

HTTP Headers

GET /libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi HTTP/1.1
Host: download.documentfoundation.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 29 Mar 2024 00:47:19 GMT
content-type: text/html; charset=iso-8859-1
content-length: 432
server: Apache
x-prefix: 91.90.40.0/21
x-as: 50304
x-mirrorbrain-mirror: snt.utwente.nl
x-mirrorbrain-realm: region
link: <http://download.documentfoundation.org/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi.meta4>; rel=describedby; type="application/metalink4+xml", <https://ftp.snt.utwente.nl/pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi>; rel=duplicate; pri=1; geo=nl, <https://ftp.bme.hu/pub/mirrors/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi>; rel=duplicate; pri=2; geo=hu, <https://www.mirrorservice.org/sites/download.documentfoundation.org/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi>; rel=duplicate; pri=3; geo=gb, <https://fastmirror.pp.ua/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi>; rel=duplicate; pri=4; geo=ua, <https://ftp.fau.de/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi>; rel=duplicate; pri=5; geo=de
location: https://ftp.snt.utwente.nl/pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi
X-Firefox-Spdy: h2

ftp.snt.utwente.nl/pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi

130.89.149.20

200 OK

7.9 MB

URL User Request GET HTTP/1.1
ftp.snt.utwente.nl/pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi
IP
130.89.149.20:443
ASN
#1133 SURF B.V.

Certificate
IssuerLet's Encrypt
Subjectkompot.snt.utwente.nl
Fingerprint5C:E3:A3:1B:1B:51:D6:D5:0D:B9:F9:33:0E:7D:67:DC:F1:26:7C:F0
ValiditySat, 09 Mar 2024 07:10:10 GMT - Fri, 07 Jun 2024 07:10:09 GMT

File type
Composite Document File V2 Document, Can't read SAT
Size
7.9 MB (7872946 bytes)
Hash
b51542267086238a962922a194ea9f12
d2a320fa2decde84e566bdaa0a4803bbcc3c1d93
0cee143b70e21314b12adb171a6c7f8cea43b15e696cae046726bd0b2aa7a33b

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Related to CVE-2023-36884. Hunts for any zip-like archive (eg. office documents) that have an embedded .rtf file, based on the '.rtf' extension of the file.

HTTP Headers

GET /pub/software/tdf/libreoffice/stable/7.6.6/win/x86_64/LibreOffice_7.6.6_Win_x86-64.msi HTTP/1.1
Host: ftp.snt.utwente.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 00:47:20 GMT
Server: Apache/2.4.56 (Debian)
Last-Modified: Fri, 22 Mar 2024 17:31:33 GMT
ETag: "15969000-6144331f643ee"
Accept-Ranges: bytes
Content-Length: 362188800
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-msi

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers