Report - www.lwolf.com/downloads/stunnel.zip

Report Overview

Submitted URL
www.lwolf.com/downloads/stunnel.zip
IP
128.136.159.6
ASN
#13649 ASN-FLEXENTIAL
Submitted
2024-04-17 01:50:50
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.lwolf.com	200950	1996-04-19	2013-05-09	2024-04-10	489 B	659 B	128.136.159.6
www2.lwolf.com	unknown	1996-04-19	2013-07-18	2024-02-12	490 B	1.5 MB	128.136.159.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www2.lwolf.com/Downloads/stunnel.zip
IP
128.136.159.132
ASN
#13649 ASN-FLEXENTIAL

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.5 MB (1510051 bytes)
Hash
2d188d11d9c25b8ccc355c2171e16bb9
c76fc93bf7556638afb05d7137c1ce5128820c99
23a9165332dcc7032f0da436ceaa01136f6848699579f496653e1c4e24ed02fb

Archive (11)

Filename

Md5

File type

libeay32.dll

e78af7889b63930806d81e0b7cf5cf2b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

Microsoft.VC90.CRT.Manifest

6bb5d2aad0ae1b4a82e7ddf7cf58802a

XML 1.0 document, ASCII text, with CRLF line terminators

msvcr90.dll

4d03ca609e68f4c90cf66515218017f8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

openssl.exe

21893203d37428f178909e8d751332a4

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

SmtpConfig(0).txt

0eab76955647cb734c64d5ba994ebc0b

ASCII text, with CRLF line terminators

SmtpLog(0).txt

5a4a0462e59ae6d581cf65e95cd9d9ba

ASCII text, with CRLF line terminators

ssleay32.dll

9ccc011dcd7a66d46ffa2a234a96100b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

stunnel.exe

a2d104c52f4f749925cb0f5816bb8255

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

stunnel.html

7f3396124216495b1c5ae581a6f6b879

XML 1.0 document, ASCII text, with very long lines (699), with CRLF line terminators

stunnel.pem

bc9b3cde2368381d60e4d8175759b7a2

ASCII text

zlib1.dll

c736034c1415e99224bd793c0e1eab51

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	www.lwolf.com/downloads/stunnel.zip	128.136.159.6	301 Moved Permanently	315 B
URL User Request GET HTTP/1.1 www.lwolf.com/downloads/stunnel.zip IP 128.136.159.6:443 ASN #13649 ASN-FLEXENTIAL Certificate IssuerSectigo Limited Subject.lwolf.com Fingerprint71:C9:8C:7E:DD:F7:BF:BB:8E:8A:94:05:E2:9B:B3:55:11:15:CA:EB ValidityTue, 13 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT File type HTML document, ASCII text Size 315 B (315 bytes) Hash a3462600f2cc6917f09e7db3f7a3c89c 32edb17512da61dd71260bbdaf46905603d73234 2a164beec68c608764e5fde6c8c0fd0eb307d914753790c1fef6eae116d67329 HTTP Headers `GET /downloads/stunnel.zip HTTP/1.1 Host: www.lwolf.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Date: Wed, 17 Apr 2024 01:50:25 GMT Server: Apache Location: https://www2.lwolf.com/Downloads/stunnel.zip Content-Length: 315 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Set-Cookie: BIGipServerLWOLF-PRD=840318218.20480.0000; path=/; Httponly; Secure`

	www2.lwolf.com/Downloads/stunnel.zip	128.136.159.132	200 OK	1.5 MB
URL User Request GET HTTP/1.1 www2.lwolf.com/Downloads/stunnel.zip IP 128.136.159.132:443 ASN #13649 ASN-FLEXENTIAL Certificate IssuerSectigo Limited Subject.lwolf.com Fingerprint71:C9:8C:7E:DD:F7:BF:BB:8E:8A:94:05:E2:9B:B3:55:11:15:CA:EB ValidityTue, 13 Feb 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 1.5 MB (1510051 bytes) Hash 2d188d11d9c25b8ccc355c2171e16bb9 c76fc93bf7556638afb05d7137c1ce5128820c99 23a9165332dcc7032f0da436ceaa01136f6848699579f496653e1c4e24ed02fb HTTP Headers `GET /Downloads/stunnel.zip HTTP/1.1 Host: www2.lwolf.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/x-zip-compressed Last-Modified: Fri, 20 Sep 2019 18:35:23 GMT Accept-Ranges: bytes ETag: "24e162ae26fd51:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Site: WS Date: Wed, 17 Apr 2024 01:50:25 GMT Content-Length: 1510051 Set-Cookie: BIGipServerGWINT-PRD-pool=1628519690.20480.0000; path=/; Httponly; Secure`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (11)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers