Report - www.solvusoft.com/file-downloads/builds/static_delivery/installers/file-magic/spf/010224_build/Setup_File_Magic

Report Overview

Visitedpublic

2024-07-22 08:27:54

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-21 18:21:45	2.3 kB	6.2 kB	23.36.76.226
www.solvusoft.com	848833	2011-05-24	2012-05-24 17:13:49	2024-07-17 11:51:20	574 B	1.3 MB	104.69.222.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-22	medium	www.solvusoft.com/file-downloads/builds/static_delivery/installers/file-magic/spf/010224_build/Setup_File_Magic_2024.exe	meth_stackstrings

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.solvusoft.com/file-downloads/builds/static_delivery/installers/file-magic/spf/010224_build/Setup_File_Magic_2024.exe

IP / ASN

104.69.222.200

#20940 Akamai International B.V.

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size1.3 MB (1323904 bytes)

MD5d75285220b58ba212f1141054074a6c1

SHA1c2f48bd27784def5314d77960264f665b43d9e1b

SHA256a1bb0214e9fe22c8d65272b1b95fab9b9307deccb1473ebe1218924a5d851e2f

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
VirusTotal	suspicious	VirusTotal - Scan result 1/73

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen13065

Size504 B (504 bytes)

MD5c7f6de9d4ccb60f56a555de6134b5b77

SHA14b9e75fa3da17c1584a3d87aec6afd7d8da41d16

SHA25655db53ef70b6bfeb3c259dbe5d0ac0e6625898a3ac37d7e200253c03979e2cf7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "55DB53EF70B6BFEB3C259DBE5D0AC0E6625898A3AC37D7E200253C03979E2CF7"
Last-Modified: Sat, 20 Jul 2024 20:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8481
Expires: Mon, 22 Jul 2024 10:48:49 GMT
Date: Mon, 22 Jul 2024 08:27:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-20

Last Seen2024-08-19

Times Seen17507

Size504 B (504 bytes)

MD5f58a4b489ef65eff7896802c87e363e7

SHA1e7287b89b56c66407955bf95bd03133d2e5945d1

SHA256fb270cf16706247adde7efd430fe667555cb37ee35eae763593424a17c624bcd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FB270CF16706247ADDE7EFD430FE667555CB37EE35EAE763593424A17C624BCD"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6559
Expires: Mon, 22 Jul 2024 10:16:47 GMT
Date: Mon, 22 Jul 2024 08:27:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22689

Size504 B (504 bytes)

MD585a291090b5db764a5b5f1487dcb958f

SHA19dadf7a0a7d6be86e491a10bbbc72c84f798cab9

SHA25660c84bb6c568871d3febe1e58c6aedf398fa06f5f7afc3e6087200be0a25ad3f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "60C84BB6C568871D3FEBE1E58C6AEDF398FA06F5F7AFC3E6087200BE0A25AD3F"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8782
Expires: Mon, 22 Jul 2024 10:53:51 GMT
Date: Mon, 22 Jul 2024 08:27:29 GMT
Connection: keep-alive

GET www.solvusoft.com/file-downloads/builds/static_delivery/installers/file-magic/spf/010224_build/Setup_File_Magic_2024.exe

104.69.222.200

200 OK

1.3 MB

URL

www.solvusoft.com/file-downloads/builds/static_delivery/installers/file-magic/spf/010224_build/Setup_File_Magic_2024.exe

IP / ASN

104.69.222.200

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2024-01-09

Last Seen2024-08-20

Times Seen5

Size1.3 MB (1323904 bytes)

MD5d75285220b58ba212f1141054074a6c1

SHA1c2f48bd27784def5314d77960264f665b43d9e1b

SHA256a1bb0214e9fe22c8d65272b1b95fab9b9307deccb1473ebe1218924a5d851e2f

Certificate Info

IssuerLet's Encrypt

Subjectwww.solvusoft.com

Fingerprint9A:E5:89:A3:7D:7E:5D:2F:98:CE:67:7C:1C:11:54:CB:5C:4F:16:62

ValidityFri, 21 Jun 2024 18:39:25 GMT - Thu, 19 Sep 2024 18:39:24 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
VirusTotal	suspicious	VirusTotal - Scan result 1/73

HTTP Headers

GET /file-downloads/builds/static_delivery/installers/file-magic/spf/010224_build/Setup_File_Magic_2024.exe HTTP/1.1
Host: www.solvusoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/octet-stream
etag: "d75285220b58ba212f1141054074a6c1:1704212020.737174"
last-modified: Tue, 02 Jan 2024 16:13:05 GMT
server: AkamaiNetStorage
content-length: 1323904
date: Mon, 22 Jul 2024 08:27:29 GMT
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-20

Last Seen2024-08-19

Times Seen18141

Size504 B (504 bytes)

MD500accea3155d7ac730285aec633670a9

SHA1fee8ca25b96d24d0c10951f7f4ea28389020e88d

SHA2569abd3b5f4de73d55417dcec4bbf72b38cc201842360ed32d763a4c65e35819d8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9ABD3B5F4DE73D55417DCEC4BBF72B38CC201842360ED32D763A4C65E35819D8"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9722
Expires: Mon, 22 Jul 2024 11:09:31 GMT
Date: Mon, 22 Jul 2024 08:27:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10624
Expires: Mon, 22 Jul 2024 11:24:35 GMT
Date: Mon, 22 Jul 2024 08:27:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10624
Expires: Mon, 22 Jul 2024 11:24:35 GMT
Date: Mon, 22 Jul 2024 08:27:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10624
Expires: Mon, 22 Jul 2024 11:24:35 GMT
Date: Mon, 22 Jul 2024 08:27:31 GMT
Connection: keep-alive