Report - gitea.com/censorliber/zapret/raw/branch/main/winws.exe

Report Overview

Visited public
2025-01-06 12:59:38
Tags
URL
gitea.com/censorliber/zapret/raw/branch/main/winws.exe
Finishing URL
about:privatebrowsing
IP / ASN
34.217.253.146
#16509 AMAZON-02
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gitea.com	561722	2009-04-27	2015-11-15	2024-12-30	508 B	160 kB	34.217.253.146

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-06 12:59:12	medium	Client IP	34.217.253.146	ET INFO Observed Self-Hosted Git Service Domain (gitea .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gitea.com/censorliber/zapret/raw/branch/main/winws.exe
IP
34.217.253.146
ASN
#16509 AMAZON-02

File type
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections
Size
160 kB (159744 bytes)
Hash
7824c819bd3c98bf7890d92fd3ef3785
3dd4873b965f24ec3156f7081a03256931694256
28604cd5b40e42def61986e39d59b94f48cd40b615ed711db799a8e89c856edd

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	gitea.com/censorliber/zapret/raw/branch/main/winws.exe	34.217.253.146	200 OK	160 kB
URL User Request GET HTTP/1.1 gitea.com/censorliber/zapret/raw/branch/main/winws.exe IP 34.217.253.146:443 ASN #16509 AMAZON-02 Certificate IssuerLet's Encrypt Subjectgitea.com FingerprintED:E4:62:18:A9:CF:7F:DB:90:9F:76:E0:2C:93:BA:1F:7E:56:2D:21 ValidityFri, 29 Nov 2024 17:50:18 GMT - Thu, 27 Feb 2025 17:50:17 GMT File type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections Size 160 kB (159744 bytes) Hash 7824c819bd3c98bf7890d92fd3ef3785 3dd4873b965f24ec3156f7081a03256931694256 28604cd5b40e42def61986e39d59b94f48cd40b615ed711db799a8e89c856edd HTTP Headers `GET /censorliber/zapret/raw/branch/main/winws.exe HTTP/1.1 Host: gitea.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Access-Control-Expose-Headers: Content-Disposition Cache-Control: private, max-age=300 Content-Disposition: inline; filename="winws.exe"; filename*=UTF-8''winws.exe Content-Length: 159744 Content-Type: application/octet-stream Date: Mon, 06 Jan 2025 12:59:12 GMT Etag: "855872ec43df93bdf31cc8a77a94a3fe45c7f8a7" Last-Modified: Mon, 06 Jan 2025 11:23:35 GMT Server: Caddy Set-Cookie: i_like_gitea=a38991147f948f71; Path=/; HttpOnly; Secure; SameSite=Lax _csrf=INibyV2niec9NIT6ixihdjS65v86MTczNjE2ODM1MjUwNDk5MTQyMg; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN

gitea.com/censorliber/zapret/raw/branch/main/winws.exe

34.217.253.146

200 OK

160 kB

URL User Request GET HTTP/1.1
gitea.com/censorliber/zapret/raw/branch/main/winws.exe
IP
34.217.253.146:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectgitea.com
FingerprintED:E4:62:18:A9:CF:7F:DB:90:9F:76:E0:2C:93:BA:1F:7E:56:2D:21
ValidityFri, 29 Nov 2024 17:50:18 GMT - Thu, 27 Feb 2025 17:50:17 GMT

File type
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections
Size
160 kB (159744 bytes)
Hash
7824c819bd3c98bf7890d92fd3ef3785
3dd4873b965f24ec3156f7081a03256931694256
28604cd5b40e42def61986e39d59b94f48cd40b615ed711db799a8e89c856edd

HTTP Headers

GET /censorliber/zapret/raw/branch/main/winws.exe HTTP/1.1
Host: gitea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Disposition
Cache-Control: private, max-age=300
Content-Disposition: inline; filename="winws.exe"; filename*=UTF-8''winws.exe
Content-Length: 159744
Content-Type: application/octet-stream
Date: Mon, 06 Jan 2025 12:59:12 GMT
Etag: "855872ec43df93bdf31cc8a77a94a3fe45c7f8a7"
Last-Modified: Mon, 06 Jan 2025 11:23:35 GMT
Server: Caddy
Set-Cookie: i_like_gitea=a38991147f948f71; Path=/; HttpOnly; Secure; SameSite=Lax
_csrf=INibyV2niec9NIT6ixihdjS65v86MTczNjE2ODM1MjUwNDk5MTQyMg; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers