Report - www.tcnp3.com/wp-content/uploads/custom/screenrec.zip

Report Overview

Visitedpublic

2024-09-19 18:51:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-19 18:12:24	327 B	887 B	23.36.77.32
www.tcnp3.com	565156	2008-04-17	2013-11-12 09:32:02	2020-02-15 19:01:19	507 B	366 B	35.202.237.190
www.tcn.com	662672	2000-08-10	2017-04-15 23:06:02	2024-03-20 16:21:48	505 B	22 MB	35.202.237.190

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

www.tcn.com/wp-content/uploads/custom/screenrec.zip

IP / ASN

35.202.237.190

#396982 GOOGLE-CLOUD-PLATFORM

File Overview

File TypeZip archive data, at least v1.0 to extract, compression method=store

Size22 MB (22447964 bytes)

MD59406354065f8f1cc48ae76c09c2cf113

SHA1fed6487b8781ad30df47b47372cbe878b4e8a38b

SHA256b4b23494f15fa79064c31197d38d52878aec9d8006c0674b70deffee2111ac0e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/68

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Information

File typedata

First Seen2024-09-17

Last Seen2024-09-20

Times Seen14595

Size504 B (504 bytes)

MD5946bd983da8ed3f6d5c12abcab5273e0

SHA1eaf94210f1202240080722b9f0a78aa64b6cc1b3

SHA256f772e410f6d95169a72a7473bf8ff96f7c642b0e8cd820c34b9debdfc367c44e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F772E410F6D95169A72A7473BF8FF96F7C642B0E8CD820C34B9DEBDFC367C44E"
Last-Modified: Tue, 17 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8857
Expires: Thu, 19 Sep 2024 21:18:43 GMT
Date: Thu, 19 Sep 2024 18:51:06 GMT
Connection: keep-alive

GET www.tcnp3.com/wp-content/uploads/custom/screenrec.zip

35.202.237.190

301 Moved Permanently

162 B

URL User Request GET HTTPS

www.tcnp3.com/wp-content/uploads/custom/screenrec.zip

IP / ASN

35.202.237.190

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Information

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-07-11

Times Seen131096

Size162 B (162 bytes)

MD54f8e702cc244ec5d4de32740c0ecbd97

SHA13adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA2569e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Certificate Information

IssuerDigiCert Inc

Subject*.tcnp3.com

Fingerprint05:85:22:62:3C:4D:2E:CD:33:E0:67:28:CF:38:20:D2:0B:A8:69:BA

ValidityThu, 11 Jul 2024 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

HTTP Headers

GET /wp-content/uploads/custom/screenrec.zip HTTP/1.1
Host: www.tcnp3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 19 Sep 2024 18:51:06 GMT
content-type: text/html
content-length: 162
location: https://www.tcn.com/wp-content/uploads/custom/screenrec.zip
X-Firefox-Spdy: h2

GET www.tcn.com/wp-content/uploads/custom/screenrec.zip

35.202.237.190

200 OK

22 MB

URL User Request GET HTTPS

www.tcn.com/wp-content/uploads/custom/screenrec.zip

IP / ASN

35.202.237.190

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Information

File typeZip archive data, at least v1.0 to extract, compression method=store

First Seen2024-09-05

Last Seen2024-10-11

Times Seen7

Size22 MB (22447964 bytes)

MD59406354065f8f1cc48ae76c09c2cf113

SHA1fed6487b8781ad30df47b47372cbe878b4e8a38b

SHA256b4b23494f15fa79064c31197d38d52878aec9d8006c0674b70deffee2111ac0e

Certificate Information

IssuerDigiCert Inc

Subject*.tcn.com

FingerprintB0:33:23:1D:40:BC:09:86:03:F1:B1:C3:F5:AD:0E:F7:71:74:A3:A0

ValidityFri, 05 Jan 2024 00:00:00 GMT - Thu, 23 Jan 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/68

HTTP Headers

GET /wp-content/uploads/custom/screenrec.zip HTTP/1.1
Host: www.tcn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Sep 2024 18:51:06 GMT
content-type: application/zip
content-length: 22447964
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 23 Jul 2024 15:48:40 GMT
etag: "156875c-61dec1882812a"
accept-ranges: bytes
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2