Report - www.ranvis.com/downloads/PuTTY-0.81-ranvis-20240417.win32.7z

Report Overview

Submitted URL
www.ranvis.com/downloads/PuTTY-0.81-ranvis-20240417.win32.7z
IP
160.16.89.48
ASN
#9370 SAKURA Internet Inc.
Submitted
2024-04-17 07:18:38
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.ranvis.com	unknown	2002-01-17	2017-04-19	2024-01-10	514 B	1.9 MB	160.16.89.48
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-17	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.ranvis.com/downloads/PuTTY-0.81-ranvis-20240417.win32.7z
IP
160.16.89.48
ASN
#9370 SAKURA Internet Inc.

File type
7-zip archive data, version 0.4
Size
1.9 MB (1867328 bytes)
Hash
81077a449df9de9e57048b24f3fe5905
40675d180ef00f8f226f3c014ea1f32ffd973f69
27750667a242bbbaeece3e54126e1326f9bee368eb163cf92476dea8abae5745

Archive (15)

Filename

Md5

File type

LICENCE

73851b498e47c316ffffd66392dadc27

ASCII text

README.ranvis-dist.txt

804fead6ce10819285fddcdd2ad66858

Unicode text, UTF-8 text

pageant.lng

b3af7e16016d2d5ef506ee797971bcd1

Unicode text, UTF-16, little-endian text, with very long lines (565)

plink.lng

4b586537f3c12aceb1f79d0437ff2f01

Unicode text, UTF-16, little-endian text

pterm.lng

142fb0a3e3bdd70e14aa81d36cb6f983

Unicode text, UTF-16, little-endian text

putty.lng

8e0a446e5f4560a2a7beda8936d65ee5

Unicode text, UTF-16, little-endian text, with very long lines (542)

puttygen.lng

3c1f2236c7ee65be05cdbedc6f5a2b51

Unicode text, UTF-16, little-endian text, with very long lines (580)

putty.chm

bd0c20568e3c468e906c0fdd2acbc92f

MS Windows HtmlHelp Data

putty_sample.ini

0e58013e26bfcd7d6dde5ab458486f6d

ASCII text

pageant.exe

50b413d6639b5b72c6eae0f8db446966

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

plink.exe

d718fdf3b9d644d7ee192e7816584372

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

pscp.exe

e06b56227abcd5bbd031757538d95f0f

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

psftp.exe

bc320138ff6365b440672448d692988e

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

putty.exe

da4b468bd13233a685c8fede417ab9d5

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

puttygen.exe

43a945793288b99839ad8e3488aa8315

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	www.ranvis.com/downloads/PuTTY-0.81-ranvis-20240417.win32.7z	160.16.89.48	200 OK	1.9 MB
URL User Request GET HTTP/1.1 www.ranvis.com/downloads/PuTTY-0.81-ranvis-20240417.win32.7z IP 160.16.89.48:443 ASN #9370 SAKURA Internet Inc. Certificate IssuerLet's Encrypt Subjectranvis.com Fingerprint66:51:DC:C2:1E:FC:CA:22:28:8B:0D:3F:D4:90:F9:DB:36:39:8F:73 ValidityMon, 01 Apr 2024 17:30:17 GMT - Sun, 30 Jun 2024 17:30:16 GMT File type 7-zip archive data, version 0.4 Size 1.9 MB (1867328 bytes) Hash 81077a449df9de9e57048b24f3fe5905 40675d180ef00f8f226f3c014ea1f32ffd973f69 27750667a242bbbaeece3e54126e1326f9bee368eb163cf92476dea8abae5745 HTTP Headers `GET /downloads/PuTTY-0.81-ranvis-20240417.win32.7z HTTP/1.1 Host: www.ranvis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 07:18:13 GMT Server: Moof! Strict-Transport-Security: max-age=864000 X-Frame-Options: SAMEORIGIN Last-Modified: Tue, 16 Apr 2024 15:12:10 GMT ETag: "1c7e40-61638297eb6e3" Accept-Ranges: bytes Content-Length: 1867328 Keep-Alive: timeout=20, max=100 Connection: Keep-Alive Content-Type: application/x-7z-compressed`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=C_l-Jar0WLbviaon5HSvqCcmTOHl-1v-B-wCfUoRzI3YHZuqeptSNSnS6_l0uMao9tyopSKF8AyB3cHlRzr4kM7iFMFWr9ed6EJLw7KAzJSdvsoeS2iiSQAYcFmeWV3_ strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Wed, 17 Apr 2024 07:16:51 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 100 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (15)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers