Report - pkg-store.dl.mail.ru/packages/shop/0_2017362distrib52/jre/bin/freetype.dll

Report Overview

Submitted URL
pkg-store.dl.mail.ru/packages/shop/0_2017362distrib52/jre/bin/freetype.dll
IP
188.93.63.73
ASN
#47764 Mail.Ru LLC
Submitted
2023-04-29 22:20:30
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pkg-store.dl.mail.ru	unknown		2020-05-26	2023-04-29	438 B	550 kB	188.93.63.73
objects.githubusercontent.com	134060		2021-11-01	2023-04-29	970 B	37 kB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-29 22:20:16	high	188.93.63.73	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pkg-store.dl.mail.ru/packages/shop/0_2017362distrib52/jre/bin/freetype.dll
IP
188.93.63.73
ASN
#47764 Mail.Ru LLC

File type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows\012- data
Size
550 kB (549704 bytes)
Hash
e00dbb8d42beddd9cbc3f0570655968b
b0c3635072a7d726ee5439529de992cb88476240
ff70136ec44e0b9b501f90b56b3bbf2e44be875ee49e10d8b0159713e8c19eb6

JavaScript (2)

	URL	Size	First Seen	Last Seen
	resource://activity-stream/data/content/activity-stream.bundle.js	515 kB	2023-04-05	2023-05-06
Pretty URL resource://activity-stream/data/content/activity-stream.bundle.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-05 09:01:43 Last Seen2023-05-06 01:12:05 Times Seen129 Hash 98fb1d2cafc4c7b72bc3fb9eb16de356 a1ebbf5dc5bd0a95c87a1d724027c0467e471f1e 2a2aabbc8f26fd8ff52ed2556b94befb0d4f22f08295acc47fe2d88b37e0f17f Loading...

	about:home?jscache	80 kB	2023-04-05	2023-05-05
Pretty URL about:home?jscache IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 11:48:26 Last Seen2023-05-05 20:54:56 Times Seen305 Hash c4043eaccb9d0c0cc0842c6360da765a 513205df246d441bbf8c2a47994ba6ed361f20e3 9fdca211a72230e4f14a5b8a491efcc12754d2eddcf296d4712cbaec5e0a4bd5 Loading...

HTTP Transactions (2)

URL IP Response Size

objects.githubusercontent.com/github-production-release-asset-2e65be/354876995/84eb7257-d7fb-436b-bce6-edadc2987efe?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230429%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230429T221948Z&X-Amz-Expires=300&X-Amz-Signature=a0b9c27c339ff9e1d4403dd3bba28f3662af92b1197ba82b1919c9db687052a2&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=354876995&response-content-disposition=attachment%3B%20filename%3Dlibopencv-dev.4.5.4_x86_vc15_staticlib_Debug.exe&response-content-type=application%2Foctet-stream

185.199.109.133

36 kB

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/354876995/84eb7257-d7fb-436b-bce6-edadc2987efe?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230429%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230429T221948Z&X-Amz-Expires=300&X-Amz-Signature=a0b9c27c339ff9e1d4403dd3bba28f3662af92b1197ba82b1919c9db687052a2&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=354876995&response-content-disposition=attachment%3B%20filename%3Dlibopencv-dev.4.5.4_x86_vc15_staticlib_Debug.exe&response-content-type=application%2Foctet-stream
IP
185.199.109.133:0
ASN
#54113 FASTLY

File type
data
Size
36 kB (36515 bytes)
Hash
42692f0b0b976d1036e6a2c735e61514
9986c6b1c34d910bdb7e5f4122c1be0be920299f
be908f3cb3d300e6b309b12c930f7f6fbe5df933b8bd0d49f5af27e854d0908c

HTTP Headers

GET /github-production-release-asset-2e65be/354876995/84eb7257-d7fb-436b-bce6-edadc2987efe?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230429%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230429T221948Z&X-Amz-Expires=300&X-Amz-Signature=a0b9c27c339ff9e1d4403dd3bba28f3662af92b1197ba82b1919c9db687052a2&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=354876995&response-content-disposition=attachment%3B%20filename%3Dlibopencv-dev.4.5.4_x86_vc15_staticlib_Debug.exe&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=133332992-
If-Match: "0x8DA7AF8AB3431B0"
If-Unmodified-Since: Wed, 10 Aug 2022 17:49:26 GMT

HTTP/2 206 Partial Content
content-type: application/octet-stream
content-md5: BH0gGcsmhXoh/PUHkKjv8A==
last-modified: Wed, 10 Aug 2022 17:49:26 GMT
etag: "0x8DA7AF8AB3431B0"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 11c839f7-b01e-0062-2fe8-7a2372000000
x-ms-version: 2020-04-08
x-ms-creation-time: Wed, 10 Aug 2022 17:49:26 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=libopencv-dev.4.5.4_x86_vc15_staticlib_Debug.exe
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 28
content-range: bytes 133332992-133369506/133369507
date: Sat, 29 Apr 2023 22:20:16 GMT
x-served-by: cache-iad-kjyo7100033-IAD, cache-bma1673-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 0
x-timer: S1682806816.934953,VS0,VE98
content-length: 36515
X-Firefox-Spdy: h2

pkg-store.dl.mail.ru/packages/shop/0_2017362distrib52/jre/bin/freetype.dll

188.93.63.73

200 OK

550 kB

URL User Request GET HTTP/1.1
pkg-store.dl.mail.ru/packages/shop/0_2017362distrib52/jre/bin/freetype.dll
IP
188.93.63.73:80
ASN
#47764 Mail.Ru LLC

File type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows\012- data
Size
550 kB (549704 bytes)
Hash
e00dbb8d42beddd9cbc3f0570655968b
b0c3635072a7d726ee5439529de992cb88476240
ff70136ec44e0b9b501f90b56b3bbf2e44be875ee49e10d8b0159713e8c19eb6

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP

HTTP Headers

GET /packages/shop/0_2017362distrib52/jre/bin/freetype.dll HTTP/1.1
Host: pkg-store.dl.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 29 Apr 2023 22:20:16 GMT
Content-Type: application/octet-stream
Content-Length: 549704
Last-Modified: Fri, 17 Mar 2023 09:45:28 GMT
Connection: keep-alive
ETag: "641436b8-86348"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers