Report - reqrypt.org/download/WinDivert-1.3.0-WDDK.zip

Report Overview

Submitted URL
reqrypt.org/download/WinDivert-1.3.0-WDDK.zip
IP
172.67.132.243
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 09:56:56
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
reqrypt.org	unknown	2010-12-16	2013-11-30	2024-04-09	499 B	154 kB	104.21.5.43

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
reqrypt.org/download/WinDivert-1.3.0-WDDK.zip
IP
104.21.5.43
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
154 kB (153724 bytes)
Hash
502dfa2c52b08049e869f214450f1cf0
b230792bd930761e7f42d3508235edd86d24bf98
a33653db27045e7a1a164ca15043b294cfe78c55b2cbd38125224c8df2578ba4

Archive (22)

Filename

Md5

File type

LICENSE

42316ce53f67d80ce6ae669032acaabc

ASCII text

webfilter.exe

0b29cbdc20e2629a4ccf4ce29db299db

PE32+ executable (console) x86-64, for MS Windows, 4 sections

streamdump.exe

4f94255264a6c477364d0608cb823ed6

PE32+ executable (console) x86-64, for MS Windows, 4 sections

netfilter.exe

4bd0b7e9df629efd4064fe28e5ac9e89

PE32+ executable (console) x86-64, for MS Windows, 4 sections

WinDivert64.sys

d6f42128c81965e12578feca7dac500f

PE32+ executable (native) x86-64, for MS Windows, 7 sections

netdump.exe

69ffbb51c31df44df5c27cd0e65374ef

PE32+ executable (console) x86-64, for MS Windows, 4 sections

WinDivert.dll

ee42f18f56e8ab20103d0eacc6cb3056

PE32+ executable (DLL) (console) x86-64, for MS Windows, 4 sections

passthru.exe

b57e04826b0bcb63c5475896db4691e7

PE32+ executable (console) x86-64, for MS Windows, 4 sections

WinDivert.lib

c5f319be080814b3ab7972a5d2ac97fb

current ar archive

webfilter.exe

fc7c9a2b768eca1756fed64d853b5395

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

streamdump.exe

91afff58fb51288fd45050968b803ee6

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

netfilter.exe

464f5d269c5f9760191e51ff089209af

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

netdump.exe

c7054ac6f3e29f4b4bfff92e5322c050

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

WinDivert.dll

ac68537d316919a78b57ea6f90be7cf2

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 3 sections

passthru.exe

60a2f97505253ceb6da86b1ad19751ab

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

WinDivert32.sys

ecab976e5b0434685524ba6d534301a5

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

WinDivert.lib

76bfc71307c6bfe028bcde69dcbd4b9f

current ar archive

CHANGELOG

5476965d9afb0bdbb40f67ffe61b246a

ASCII text

VERSION

0589f66713bc44029a1a720b9a0d850d

ASCII text

WinDivert.html

3a29d3588b6b26c43e3b2a22bbba5de7

HTML document, ASCII text

README

a450dd8d20fb7b02e2fa4d27a8d889f1

ASCII text

windivert.h

ee239ac964935bda46fc491e6cf3ff8e

C source, ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

reqrypt.org/download/WinDivert-1.3.0-WDDK.zip

104.21.5.43

200 OK

154 kB

URL User Request GET HTTP/2
reqrypt.org/download/WinDivert-1.3.0-WDDK.zip
IP
104.21.5.43:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectreqrypt.org
Fingerprint1F:0C:DA:B4:96:3F:E5:EF:2F:28:3A:B1:91:75:04:24:63:23:CB:6D
ValiditySat, 02 Mar 2024 14:06:51 GMT - Fri, 31 May 2024 14:06:50 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
154 kB (153724 bytes)
Hash
502dfa2c52b08049e869f214450f1cf0
b230792bd930761e7f42d3508235edd86d24bf98
a33653db27045e7a1a164ca15043b294cfe78c55b2cbd38125224c8df2578ba4

HTTP Headers

GET /download/WinDivert-1.3.0-WDDK.zip HTTP/1.1
Host: reqrypt.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:56:30 GMT
content-type: application/zip
content-length: 153724
etag: "208029473"
last-modified: Wed, 18 Oct 2017 01:53:48 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bnc4s5vCLA7x2UFklo0bILnO6HoVz%2BgQVnENuouh2Jisf%2FcTQ0v5TIonTdC%2BIK7Nv%2BmY03EaKrA7ciP43NxvIHAQ07wN5Hv6xyi1O08lOE4Ne0wWpcCbdKCdYBlbkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b8ba8ab3c9306-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2