Report - app.neifredomar.com/wp-content/uploads/2024/09/psiphon3-2.zip

Report Overview

Visited public
2024-10-02 08:27:05
Tags
Submit Tags
URL
app.neifredomar.com/wp-content/uploads/2024/09/psiphon3-2.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.25.84
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-30 18:12:17	1.3 kB	3.5 kB	23.36.77.32
app.neifredomar.com	unknown	unknown	No data	No data	515 B	8.2 MB	104.21.25.84
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-30 18:12:04	1.6 kB	4.4 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
283f08fcfbb7290d15f509b0621e8ef9
bd09b8859239fbc86f88bb96351b7022ff1a3db5
1e4a4e9692a824cb5b76884b05febdcb3e7ded25b4b915641d8bdc999fc4fc31

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1E4A4E9692A824CB5B76884B05FEBDCB3E7DED25B4B915641D8BDC999FC4FC31"
Last-Modified: Wed, 02 Oct 2024 03:51:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9290
Expires: Wed, 02 Oct 2024 11:01:28 GMT
Date: Wed, 02 Oct 2024 08:26:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a8901baef26e06d1c6a8d84e9cc7c99d
45039e57582ddc5f8ca1332f81326182633c5e39
a7d111d2a198a732c3607681e4045192bcbcff213cee531c0a90d349605d5306

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A7D111D2A198A732C3607681E4045192BCBCFF213CEE531C0A90D349605D5306"
Last-Modified: Mon, 30 Sep 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Wed, 02 Oct 2024 11:07:53 GMT
Date: Wed, 02 Oct 2024 08:26:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
daf008a2087b5dedcb61bafdadfdb64f
a1acc322ac70eb303f843b9940f46304541bfa0a
c3a8fc4dde078f05274f86ced09cfba79758690f6ffc485d5a40f5a23df9ce79

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C3A8FC4DDE078F05274F86CED09CFBA79758690F6FFC485D5A40F5A23DF9CE79"
Last-Modified: Wed, 02 Oct 2024 04:05:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6432
Expires: Wed, 02 Oct 2024 10:13:50 GMT
Date: Wed, 02 Oct 2024 08:26:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5e3f6fc68f86be07d377aea0e7496870
9d1005d0782906dfdfe4217125b907b86a22b530
c6309b6effe12dabaacc99df66e13fba72de8198e5bccf67198400576e3158da

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C6309B6EFFE12DABAACC99DF66E13FBA72DE8198E5BCCF67198400576E3158DA"
Last-Modified: Mon, 30 Sep 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8802
Expires: Wed, 02 Oct 2024 10:53:21 GMT
Date: Wed, 02 Oct 2024 08:26:39 GMT
Connection: keep-alive

GET app.neifredomar.com/wp-content/uploads/2024/09/psiphon3-2.zip

104.21.25.84

200 OK

8.2 MB

URL User Request GET HTTP/2
app.neifredomar.com/wp-content/uploads/2024/09/psiphon3-2.zip
IP
104.21.25.84:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectneifredomar.com
FingerprintF4:27:47:B0:0C:6E:BB:54:95:2A:0B:BC:38:82:CF:5E:CC:91:68:AE
ValidityWed, 25 Sep 2024 15:59:39 GMT - Tue, 24 Dec 2024 15:59:38 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.2 MB (8174235 bytes)
Hash
4e0f0cce93fd3fbffab7e3e84a1eb427
faf69929c844d17aa26b89828daea5307c71cbdc
1d2c1b3fd9551c66859e84dacae201c4b483212bcb9e7ba187d973b179334620

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/66

HTTP Headers

GET /wp-content/uploads/2024/09/psiphon3-2.zip HTTP/1.1
Host: app.neifredomar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 02 Oct 2024 08:26:39 GMT
content-type: application/zip
content-length: 8174235
cf-ray: 8cc34f0abf906a69-HAM
cf-cache-status: HIT
accept-ranges: bytes
etag: "66f757f9-7cba9b"
last-modified: Sat, 28 Sep 2024 01:12:25 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pXaNw1HX9BUQSYEz31n54L7KAEhYVgcuzZ1NXZQNxmf%2F%2FxDsMWHCU41q85QFrh4rKQT0UFkLiPDk6tDb49hd%2B%2FJp20Tp3MZrI9ZDX84s8dA%2B6QDfBR2Se%2By9dkebJBQuYDHBc6r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6abd69b2ef1aead68051018946a2b25b
0efc76d77b0b217e1d124e673e8b524df3559c59
6b26a48d9ca6936e79d3216452c2880c978252bed559b040485dab53bffd794d

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6B26A48D9CA6936E79D3216452C2880C978252BED559B040485DAB53BFFD794D"
Last-Modified: Wed, 02 Oct 2024 04:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Wed, 02 Oct 2024 11:58:37 GMT
Date: Wed, 02 Oct 2024 08:26:41 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6abd69b2ef1aead68051018946a2b25b
0efc76d77b0b217e1d124e673e8b524df3559c59
6b26a48d9ca6936e79d3216452c2880c978252bed559b040485dab53bffd794d

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6B26A48D9CA6936E79D3216452C2880C978252BED559B040485DAB53BFFD794D"
Last-Modified: Wed, 02 Oct 2024 04:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Wed, 02 Oct 2024 11:58:37 GMT
Date: Wed, 02 Oct 2024 08:26:41 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6abd69b2ef1aead68051018946a2b25b
0efc76d77b0b217e1d124e673e8b524df3559c59
6b26a48d9ca6936e79d3216452c2880c978252bed559b040485dab53bffd794d

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6B26A48D9CA6936E79D3216452C2880C978252BED559B040485DAB53BFFD794D"
Last-Modified: Wed, 02 Oct 2024 04:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Wed, 02 Oct 2024 11:58:37 GMT
Date: Wed, 02 Oct 2024 08:26:41 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6abd69b2ef1aead68051018946a2b25b
0efc76d77b0b217e1d124e673e8b524df3559c59
6b26a48d9ca6936e79d3216452c2880c978252bed559b040485dab53bffd794d

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6B26A48D9CA6936E79D3216452C2880C978252BED559B040485DAB53BFFD794D"
Last-Modified: Wed, 02 Oct 2024 04:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Wed, 02 Oct 2024 11:58:37 GMT
Date: Wed, 02 Oct 2024 08:26:41 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6abd69b2ef1aead68051018946a2b25b
0efc76d77b0b217e1d124e673e8b524df3559c59
6b26a48d9ca6936e79d3216452c2880c978252bed559b040485dab53bffd794d

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6B26A48D9CA6936E79D3216452C2880C978252BED559B040485DAB53BFFD794D"
Last-Modified: Wed, 02 Oct 2024 04:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Wed, 02 Oct 2024 11:58:37 GMT
Date: Wed, 02 Oct 2024 08:26:41 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL