Report - www.teamtek.net/public/OCE.zip

Report Overview

Submitted URL
www.teamtek.net/public/OCE.zip
IP
31.11.35.174
ASN
#31034 Aruba S.p.A.
Submitted
2024-05-07 08:52:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp06.actalis.it	190155	2001-12-18	2017-01-31	2024-04-30	341 B	4.2 kB	109.70.240.114
www.teamtek.net	unknown	2002-05-06	2017-02-22	2024-02-13	484 B	218 kB	31.11.35.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.teamtek.net/public/OCE.zip
IP
31.11.35.174
ASN
#31034 Aruba S.p.A.

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
218 kB (218240 bytes)
Hash
bf8f944ef852a0d963b7a7db990293f7
c5f2f52e32522fdad7d4f62deda596fdfe70fb3e
9727f455bd790f179f3cc0e3d30ed124b4f7cb233b2a2daea536845f11e6f873

Archive (5)

Filename

Md5

File type

OutLook Contacts Exporter.application

b093675ae5477a50d29044e66d40bcc9

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3702), with CRLF line terminators

OutLook Contacts Exporter.exe.deploy

a58fd73e48deccd9f46248d47204c2d3

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections

OutLook Contacts Exporter.exe.manifest

0ccf328e327d2f1ae318246365a6154f

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3666), with CRLF line terminators

OutLook Contacts Exporter.application

b093675ae5477a50d29044e66d40bcc9

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3702), with CRLF line terminators

setup.exe

3c6c73e57d8f1c85d1572aa947aca453

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/68

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp06.actalis.it/VA/AUTHDV-G3

109.70.240.114

3.9 kB

URL
ocsp06.actalis.it/VA/AUTHDV-G3
IP
109.70.240.114:0
ASN
#31034 Aruba S.p.A.

File type
data
Size
3.9 kB (3926 bytes)
Hash
693d183a8a992addce5ceb757ffaa9c1
28d91c6857a47c32e6cf0b14766f964def7741df
7501382c1b653469de4f48aa7a615bea2d5e6f8464db2344bae309b2ca4ac16b

HTTP Headers

POST /VA/AUTHDV-G3 HTTP/1.1
Host: ocsp06.actalis.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx
Date: Tue, 07 May 2024 08:52:06 GMT
Content-Type: application/ocsp-response
Content-Length: 3926
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 04:10:02 GMT
Expires: Wed, 08 May 2024 04:10:01 GMT
ETag: "28d91c6857a47c32e6cf0b14766f964def7741df"

www.teamtek.net/public/OCE.zip

31.11.35.174

200 OK

218 kB

URL User Request GET HTTP/2
www.teamtek.net/public/OCE.zip
IP
31.11.35.174:443
ASN
#31034 Aruba S.p.A.

Certificate
IssuerActalis S.p.A.
Subject*.teamtek.net
Fingerprint17:80:05:F8:E4:B0:5B:CB:B2:B1:99:F1:FF:F7:CA:3D:27:66:F2:78
ValiditySun, 24 Sep 2023 03:10:32 GMT - Thu, 24 Oct 2024 03:10:31 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
218 kB (218240 bytes)
Hash
bf8f944ef852a0d963b7a7db990293f7
c5f2f52e32522fdad7d4f62deda596fdfe70fb3e
9727f455bd790f179f3cc0e3d30ed124b4f7cb233b2a2daea536845f11e6f873

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/68

HTTP Headers

GET /public/OCE.zip HTTP/1.1
Host: www.teamtek.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-zip-compressed
last-modified: Fri, 08 Mar 2013 15:24:43 GMT
accept-ranges: bytes
etag: "80831cf111cce1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Tue, 07 May 2024 08:52:06 GMT
content-length: 218240
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (5)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers