Report - tex.360t.com/jwrapper/prod/tex/starter/360T_SSO

Report Overview

Visitedpublic

2024-08-08 13:42:16

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown				2.0 kB	5.3 kB	23.36.77.32
tex.360t.com	unknown				514 B	44 MB	193.29.38.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

tex.360t.com/jwrapper/prod/tex/starter/360T_SSO_prod-w64.exe

IP / ASN

193.29.38.131

#50246 360 Treasury Systems AG

File Overview

File TypePE32+ executable (GUI) x86-64, for MS Windows, 5 sections

Size44 MB (43994312 bytes)

MD57f435ec1baa27b7a686cf54f7e3b913e

SHA12ba8b462c7bb9571517311eb7e1f39796aee8b8c

SHA256d6b79fa84adbe84894f13b4c1b719d3766b9c405a2befbb753a3b4277afeafdd

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/74

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen36182

Size504 B (504 bytes)

MD5e7a128439c6dec237227cc4b883a2c99

SHA17794fc9e9bc964823a96cec60a2ec829dbce9919

SHA256f0a648a200fc7849174d4b74c6fbfee82b5bd098c9c9cae7084bdafaba169e3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0A648A200FC7849174D4B74C6FBFEE82B5BD098C9C9CAE7084BDAFABA169E3B"
Last-Modified: Tue, 06 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13236
Expires: Thu, 08 Aug 2024 17:22:26 GMT
Date: Thu, 08 Aug 2024 13:41:50 GMT
Connection: keep-alive

GET tex.360t.com/jwrapper/prod/tex/starter/360T_SSO_prod-w64.exe

193.29.38.131

200 OK

44 MB

URL

tex.360t.com/jwrapper/prod/tex/starter/360T_SSO_prod-w64.exe

IP / ASN

193.29.38.131

#50246 360 Treasury Systems AG

Requested byN/A

Resource Info

File typePE32+ executable (GUI) x86-64, for MS Windows, 5 sections

First Seen2024-08-08

Last Seen2024-09-20

Times Seen3

Size44 MB (43994312 bytes)

MD57f435ec1baa27b7a686cf54f7e3b913e

SHA12ba8b462c7bb9571517311eb7e1f39796aee8b8c

SHA256d6b79fa84adbe84894f13b4c1b719d3766b9c405a2befbb753a3b4277afeafdd

Certificate Info

IssuerSectigo Limited

Subject*.360t.com

Fingerprint03:9D:66:3C:59:52:86:20:B4:3C:7C:FF:18:A7:10:67:46:37:0F:AE

ValidityWed, 24 Jan 2024 00:00:00 GMT - Sun, 23 Feb 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/74

HTTP Headers

GET /jwrapper/prod/tex/starter/360T_SSO_prod-w64.exe HTTP/1.1
Host: tex.360t.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Aug 2024 13:41:50 GMT
Content-Type: application/octet-stream
Content-Length: 43994312
Last-Modified: Thu, 11 Jul 2024 14:39:50 GMT
Connection: keep-alive
ETag: "668feeb6-29f4cc8"
Referrer-Policy: same-origin
Content-Security-Policy: default-src 'self';frame-ancestors 'none';
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=16416000; includeSubdomains
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()
Accept-Ranges: bytes

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Thu, 08 Aug 2024 14:26:30 GMT
Date: Thu, 08 Aug 2024 13:41:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Thu, 08 Aug 2024 14:26:30 GMT
Date: Thu, 08 Aug 2024 13:41:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Thu, 08 Aug 2024 14:26:30 GMT
Date: Thu, 08 Aug 2024 13:41:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Thu, 08 Aug 2024 14:26:30 GMT
Date: Thu, 08 Aug 2024 13:41:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen30072

Size504 B (504 bytes)

MD5460334cc4e5b7d0e9bae1a2db2ad27cd

SHA1b0a331b5252d61b68e687dc25581842a360aac4f

SHA2568e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Thu, 08 Aug 2024 14:26:30 GMT
Date: Thu, 08 Aug 2024 13:41:55 GMT
Connection: keep-alive