Report - www.kaplansoft.com/arpminer/release/ARPMiner.zip

Report Overview

Submitted URL
www.kaplansoft.com/arpminer/release/ARPMiner.zip
IP
178.18.207.213
ASN
#50941 Vargonen Teknoloji ve Bilisim Sanayi Ticaret Anonim Sirketi
Submitted
2024-04-24 01:39:37
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.kaplansoft.com	unknown	2011-11-26	2014-01-29	2024-04-18	502 B	3.4 MB	178.18.207.213

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.kaplansoft.com/arpminer/release/ARPMiner.zip
IP
178.18.207.213
ASN
#50941 Vargonen Teknoloji ve Bilisim Sanayi Ticaret Anonim Sirketi

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.4 MB (3391639 bytes)
Hash
8cb771f54b3c0357c546245205ce7eda
32c53bbccb81e1b6d65fb40c6c2a917470a91af6
5f6cfda5ec8aef1ddfe899b3dcd1f357b409cfa7e6b79b0ffd7dc30f0447daca

Archive (3)

Filename

Md5

File type

ARPMiner.msi

568a44058b64e3e62d6931d0e048ddb3

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 07:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: x64;1033, Number of Pages: 200, Revision Number: {A746F608-BE00-4BD0-9C45-7CB49A27885C}, Title: ARPMiner, Subject: ARPMiner Setup, Author: Yasin KAPLAN, Keywords: HotSpot Manager, Comments: HotSpot Server for Windows, Number of Words: 2, Last Saved Time/Date: Mon Apr 8 16:36:30 2024, Last Printed: Mon Apr 8 16:36:30 2024

Readme.rtf

c1de9b61e5a78b101ff2c9caeaa68813

Rich Text Format data, version 1, ANSI, code page 1254, default middle east language ID 1025

Setup.exe

4e813d27b3fa4359cab4ced5f4bbcba6

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.kaplansoft.com/arpminer/release/ARPMiner.zip

178.18.207.213

200 OK

3.4 MB

URL User Request GET HTTP/2
www.kaplansoft.com/arpminer/release/ARPMiner.zip
IP
178.18.207.213:443
ASN
#50941 Vargonen Teknoloji ve Bilisim Sanayi Ticaret Anonim Sirketi

Certificate
IssuerGoDaddy.com, Inc.
Subjectwww.kaplansoft.com
FingerprintC0:B7:FF:4C:CA:BD:E9:DA:CE:1F:D9:0A:2D:32:5A:9B:6E:12:41:06
ValidityFri, 29 Dec 2023 12:28:02 GMT - Wed, 29 Jan 2025 12:28:02 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.4 MB (3391639 bytes)
Hash
8cb771f54b3c0357c546245205ce7eda
32c53bbccb81e1b6d65fb40c6c2a917470a91af6
5f6cfda5ec8aef1ddfe899b3dcd1f357b409cfa7e6b79b0ffd7dc30f0447daca

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/67

HTTP Headers

GET /arpminer/release/ARPMiner.zip HTTP/1.1
Host: www.kaplansoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=172800
content-type: application/x-zip-compressed
last-modified: Mon, 08 Apr 2024 16:36:47 GMT
accept-ranges: bytes
etag: "e2ce21f3d289da1:0"
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
date: Wed, 24 Apr 2024 01:39:11 GMT
content-length: 3391639
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers