Report - downloadfile.standard.us-east-1.oortech.com/dlfile/Wire%20Payment%20Instruction.iso

Report Overview

Visited public
2024-07-30 04:15:05
Tags
URL
downloadfile.standard.us-east-1.oortech.com/dlfile/Wire%20Payment%20Instruction.iso
Finishing URL
about:privatebrowsing
IP / ASN
170.106.47.94
#132203 Tencent Building, Kejizhongyi Avenue
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
downloadfile.standard.us-east-1.oortech.com	unknown	unknown	No data	No data	537 B	609 kB	170.106.47.94
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-29 18:12:12	2.3 kB	6.2 kB	23.36.77.32
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10 09:18:30	2024-07-29 11:19:28	334 B	1.1 kB	172.64.149.23

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2024-07-26	medium	downloadfile.standard.us-east-1.oortech.com/dlfile/Wire%20Payment%20Instruction.iso	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
downloadfile.standard.us-east-1.oortech.com/dlfile/Wire%20Payment%20Instruction.iso
IP
170.106.47.94
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
ISO 9660 CD-ROM filesystem data 'Wire Payment Instruction^^^^^^^^'
Size
608 kB (608256 bytes)
Hash
73346834767e2464aa826a88f39b9973
d041d741f9c63adf93f656ac5fd3aefe6f162631
d3551652011e00eb390eb59d30e4607dfacd7d3da6ba11f93179eb1a17eb261a

Archive (1)

Filename

Md5

File type

WIRE PAYMENT INSTRUCTION^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^.EXE

67a0111a375ffc6b0c6503021648b7be

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 14/65

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
eb8b5a3f62f8ead7f86e028723019196
8941f16c283439f44a148ba7668a67a55aba16de
f76a44ac993c568fcdac2165655a7886f3207e980286b7605a48dc897e4fd68b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F76A44AC993C568FCDAC2165655A7886F3207E980286B7605A48DC897E4FD68B"
Last-Modified: Mon, 29 Jul 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17864
Expires: Tue, 30 Jul 2024 09:12:22 GMT
Date: Tue, 30 Jul 2024 04:14:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0a7ed9f549f2b3f25d9e54500bcb15b9
93b4f0fb8a1be59fa68f9a72a2196c84be6ad61a
8855ef94f553a3d130a13bdf45ba112b3a3282a8110a98dae49144e0b70cff7b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8855EF94F553A3D130A13BDF45BA112B3A3282A8110A98DAE49144E0B70CFF7B"
Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3049
Expires: Tue, 30 Jul 2024 05:05:27 GMT
Date: Tue, 30 Jul 2024 04:14:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7335e53b6e780bcc46feb27b6421e625
d5405503dbb1d5d734473133fdd449be49ef8ef0
3fe77d2e06518aee992b779c45a0b57d1353d7e9232e57d99d79bfdfaa488e34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3FE77D2E06518AEE992B779C45A0B57D1353D7E9232E57D99D79BFDFAA488E34"
Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17422
Expires: Tue, 30 Jul 2024 09:05:01 GMT
Date: Tue, 30 Jul 2024 04:14:39 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
15f96036fbb7eb8f1dca46d5deb56cb3
5d53fb802bba0a433e8fcb0fd8a002f9a37a4686
e85fa0f570601f68b9d4960c3315fa0464fa580ba6b1d34f709ca2cb7b201e87

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E85FA0F570601F68B9D4960C3315FA0464FA580BA6B1D34F709CA2CB7B201E87"
Last-Modified: Mon, 29 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14748
Expires: Tue, 30 Jul 2024 08:20:27 GMT
Date: Tue, 30 Jul 2024 04:14:39 GMT
Connection: keep-alive

ocsp.trust-provider.cn/

172.64.149.23

599 B

URL
ocsp.trust-provider.cn/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
599 B (599 bytes)
Hash
013cb5a6c2ef583b8b71382176125006
88e6d1cfe3cd4cd6b82a153762f3e74bdc8fa532
edff0a846ef78764fa365ded3a89e60ae3b0bf855012781dc4860be93cd92efd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 30 Jul 2024 04:14:39 GMT
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
Last-Modified: Sat, 27 Jul 2024 13:26:07 GMT
Expires: Sat, 03 Aug 2024 13:26:06 GMT
Etag: "88e6d1cfe3cd4cd6b82a153762f3e74bdc8fa532"
Cache-Control: max-age=378086,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8ab285ea4847b50c-OSL

downloadfile.standard.us-east-1.oortech.com/dlfile/Wire%20Payment%20Instruction.iso

170.106.47.94

200 OK

608 kB

URL User Request GET HTTP/2
downloadfile.standard.us-east-1.oortech.com/dlfile/Wire%20Payment%20Instruction.iso
IP
170.106.47.94:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.standard.us-east-1.oortech.com
FingerprintB5:7D:C1:DF:83:AA:29:2B:BC:3A:C0:93:E7:92:D6:09:28:E3:1C:43
ValidityThu, 28 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
ISO 9660 CD-ROM filesystem data 'Wire Payment Instruction^^^^^^^^'
Size
608 kB (608256 bytes)
Hash
73346834767e2464aa826a88f39b9973
d041d741f9c63adf93f656ac5fd3aefe6f162631
d3551652011e00eb390eb59d30e4607dfacd7d3da6ba11f93179eb1a17eb261a

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other
VirusTotal	malicious	VirusTotal - Scan result 14/65

HTTP Headers

GET /dlfile/Wire%20Payment%20Instruction.iso HTTP/1.1
Host: downloadfile.standard.us-east-1.oortech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 30 Jul 2024 04:14:40 GMT
content-type: application/x-iso9660-image
content-length: 608256
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: *
access-control-allow-methods: GET,PUT,POST,DELETE,PATCH,HEAD,CONNECT,OPTIONS,TRACE
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Content-Type, token, refresh_token
access-control-max-age: 3628800
content-disposition: attachment; filename="Wire%20Payment%20Instruction.iso"
last-modified: Fri, 26 Jul 2024 04:04:17 GMT
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3bcd70e3c9d0d4edf43c4f35306f7898
8334db3317d065d5811e8826adecfd876f29ef3b
5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF"
Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19182
Expires: Tue, 30 Jul 2024 09:34:23 GMT
Date: Tue, 30 Jul 2024 04:14:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3bcd70e3c9d0d4edf43c4f35306f7898
8334db3317d065d5811e8826adecfd876f29ef3b
5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF"
Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19182
Expires: Tue, 30 Jul 2024 09:34:23 GMT
Date: Tue, 30 Jul 2024 04:14:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3bcd70e3c9d0d4edf43c4f35306f7898
8334db3317d065d5811e8826adecfd876f29ef3b
5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF"
Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19182
Expires: Tue, 30 Jul 2024 09:34:23 GMT
Date: Tue, 30 Jul 2024 04:14:41 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (1)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash