Report - 1719273047.h625f.cc/1024big.zip

Report Overview

Visited public
2024-09-28 06:42:21
Tags
URL
1719273047.h625f.cc/1024big.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.22.10.124
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1719273047.h625f.cc	unknown	unknown	No data	No data	485 B	3.1 MB	104.22.10.124
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-27 18:12:10	1.3 kB	3.5 kB	2.23.172.201
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-27 18:12:04	1.3 kB	3.5 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
1719273047.h625f.cc/1024big.zip
IP
104.22.10.124
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.1 MB (3147351 bytes)
Hash
b6f727d494e0b7974db38a5e540a13e7
a9b0353055470f81b8da58e3a90fa02728d0b712
5b0f6f11193fb1fed82517f087bb61c5555968ccc7244ccc3658f3d53be42399

Archive (6)

Modified	Filename	Size	Md5	File type
2022-08-17 15:26	_1024��ֻ��.apk	3.9 MB	1132ec308ceabd6281269cc9eb5e37a2	Android package (APK), with zipflinger virtual entry Zip archive data, at least v0.0 to extract, compression method=store
2024-06-18 23:34	_1024��^��2024��.chm	12 kB	92c9dc80829597997a8989a37c51f8a6	MS Windows HtmlHelp Data
2022-03-27 00:29	_˫��ֱ��1024��.htm	280 kB	3c0a2ef2fe1508a655a41ea6cf14c798	JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (65158), with CRLF line terminators
2024-06-18 22:34	_ɨ��1024��׿��.html	283 kB	f08a9491ccdb1c4417af843936503c2e	HTML document, ASCII text, with very long lines (35797), with CRLF line terminators
2024-06-18 23:09	_ɨ��ֱ��1024��.html	385 kB	ef0a7aee719842f4c90981cfbc62b2c7	ASCII text, with very long lines (58736), with CRLF line terminators
2022-03-27 00:32	_��BT�ϼ�.html	280 kB	7b0b025e8638e738d4c9226ba99acc5d	JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (65158), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 15/62

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b6ecb6018a51380d08a47460236a395c
1ce7fe77c21188624302a660a289fe1ce6e7a9e4
ec876edd163ea26b47c9b862c795844f5dd01452095287ea5cd920e3b512672a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EC876EDD163EA26B47C9B862C795844F5DD01452095287EA5CD920E3B512672A"
Last-Modified: Wed, 25 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3045
Expires: Sat, 28 Sep 2024 07:32:39 GMT
Date: Sat, 28 Sep 2024 06:41:54 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ecc351c0b561d88ab01a732388f003a1
efa49eafef765a8bb838cbcd5be3685069471376
ea57a9a1e4be6e8db6781d469ea2998e0faaf1783f41ee28e1f95482add72ad8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EA57A9A1E4BE6E8DB6781D469EA2998E0FAAF1783F41EE28E1F95482ADD72AD8"
Last-Modified: Sat, 28 Sep 2024 00:25:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3000
Expires: Sat, 28 Sep 2024 07:31:54 GMT
Date: Sat, 28 Sep 2024 06:41:54 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fcaa6b13decd4189cd8ba623e95cf010
cf122e47b818929ea99081b0e7779b56e728562b
f23cdf2d7ba67b7bd2f302b1f113823637d7c7e57cb455338056f28b1d8580d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F23CDF2D7BA67B7BD2F302B1F113823637D7C7E57CB455338056F28B1D8580D3"
Last-Modified: Sat, 28 Sep 2024 01:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4017
Expires: Sat, 28 Sep 2024 07:48:52 GMT
Date: Sat, 28 Sep 2024 06:41:55 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4b28467956198f83634920e149806abd
608e925158915f159b491eba496c9f65cf4bf0c8
99289ccbcd1ed7679dad27fa9565dbc77d0a59332bee28c1a2480426667b16ef

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "99289CCBCD1ED7679DAD27FA9565DBC77D0A59332BEE28C1A2480426667B16EF"
Last-Modified: Fri, 27 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3102
Expires: Sat, 28 Sep 2024 07:33:37 GMT
Date: Sat, 28 Sep 2024 06:41:55 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
044ffd72c40d461bc70a811130252e16
f87e56269563ca902347e987fffab35a8ad5280d
48e620c4494ee400b7967e66cc9f5c5e994048e38830837c01787f59dd317ef5

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "48E620C4494EE400B7967E66CC9F5C5E994048E38830837C01787F59DD317EF5"
Last-Modified: Fri, 27 Sep 2024 17:01:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5439
Expires: Sat, 28 Sep 2024 08:12:36 GMT
Date: Sat, 28 Sep 2024 06:41:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
044ffd72c40d461bc70a811130252e16
f87e56269563ca902347e987fffab35a8ad5280d
48e620c4494ee400b7967e66cc9f5c5e994048e38830837c01787f59dd317ef5

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "48E620C4494EE400B7967E66CC9F5C5E994048E38830837C01787F59DD317EF5"
Last-Modified: Fri, 27 Sep 2024 17:01:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5484
Expires: Sat, 28 Sep 2024 08:13:21 GMT
Date: Sat, 28 Sep 2024 06:41:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
044ffd72c40d461bc70a811130252e16
f87e56269563ca902347e987fffab35a8ad5280d
48e620c4494ee400b7967e66cc9f5c5e994048e38830837c01787f59dd317ef5

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "48E620C4494EE400B7967E66CC9F5C5E994048E38830837C01787F59DD317EF5"
Last-Modified: Fri, 27 Sep 2024 17:01:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5439
Expires: Sat, 28 Sep 2024 08:12:36 GMT
Date: Sat, 28 Sep 2024 06:41:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
044ffd72c40d461bc70a811130252e16
f87e56269563ca902347e987fffab35a8ad5280d
48e620c4494ee400b7967e66cc9f5c5e994048e38830837c01787f59dd317ef5

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "48E620C4494EE400B7967E66CC9F5C5E994048E38830837C01787F59DD317EF5"
Last-Modified: Fri, 27 Sep 2024 17:01:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5484
Expires: Sat, 28 Sep 2024 08:13:21 GMT
Date: Sat, 28 Sep 2024 06:41:57 GMT
Connection: keep-alive

1719273047.h625f.cc/1024big.zip

104.22.10.124

200 OK

3.1 MB

URL User Request GET HTTP/2
1719273047.h625f.cc/1024big.zip
IP
104.22.10.124:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecth625f.cc
Fingerprint0B:6B:5C:A9:B3:EC:93:DC:3C:56:1F:15:55:BB:58:9B:3D:E8:6F:85
ValidityWed, 21 Aug 2024 14:36:35 GMT - Tue, 19 Nov 2024 14:36:34 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.1 MB (3147351 bytes)
Hash
b6f727d494e0b7974db38a5e540a13e7
a9b0353055470f81b8da58e3a90fa02728d0b712
5b0f6f11193fb1fed82517f087bb61c5555968ccc7244ccc3658f3d53be42399

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 15/62

HTTP Headers

GET /1024big.zip HTTP/1.1
Host: 1719273047.h625f.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 28 Sep 2024 06:41:55 GMT
content-type: application/zip
content-length: 3147351
last-modified: Wed, 19 Jun 2024 08:28:26 GMT
etag: "667296aa-300657"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=R4oOQPQQAdahphlOyuiU2byrrfnYuT5yXjaEHHSZgSo-1727505715-1.0.1.1-Adc0rFxiqEg41Xwa1aClSubflRZVl3zCN0.zQ45tt5n7g9yWgwZdDZ1GKVdMqDgFj7N65X0rpUtOyL4gLVjCXg; path=/; expires=Sat, 28-Sep-24 07:11:55 GMT; domain=.h625f.cc; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uSzZ0Io5YFRmfNnqIb%2F0nHPim2TjierpvdSyqGMYjusZyKjfvo2uOIRqST2vDH%2Bq2enRK9RJHldQ%2F4SlDockcWN2zAEUuUmHwcKWE9YRGBQfGjPAZ2pofdc%2B9b9%2Fh6ZmVhBr%2FmfK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ca1c020297babe7-CPH
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2