Report - ftp.vector.co.jp/75/26/2956/vCardComv6.08free.zip?a8=WQDdiQ7OUbVd753.AyMmADv4DJJhqDe4_y9dnJv-nafOUbDkq5DbpbMV94X_2

Report Overview

Visitedpublic

2024-07-12 00:06:17

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ssocsp.cybertrust.ne.jp	21077	2005-09-14	2019-10-07 09:21:25	2024-07-11 13:11:57	690 B	3.3 kB	104.215.54.174
ftp.vector.co.jp	unknown	1994-01-18	2012-05-23 00:47:00	2021-11-10 22:12:52	599 B	303 kB	180.214.37.164
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-11 18:12:19	2.0 kB	5.3 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ftp.vector.co.jp/75/26/2956/vCardComv6.08free.zip?a8=WQDdiQ7OUbVd753.AyMmADv4DJJhqDe4_y9dnJv-nafOUbDkq5DbpbMV94X_2_t9jaK4HwDejQDd6s00000007693002

IP / ASN

180.214.37.164

#23637 Equinix Japan Enterprise K.K.

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size302 kB (302404 bytes)

MD5da9b8f4344ac193676bdba47a5c5bc3d

SHA18ebfb75c3b5119eed32eb9de652087f82f13bb0d

SHA2569ee858a01f8d28a186bdeb714d7e685a49762a667bc275e34d21a1531b5b8327

Archive (2)

Modified	Filename	Size	MD5	File type
2022-07-16 00:00	vCardComvMacro6.08Free.xlsm	308 kB	4a33d6b22c39926d8d699a9de208dba0	Microsoft Excel 2007+
2022-07-16 00:00	ReadMe.txt	4.2 kB	766363460abd62e4ca599a444314c541	Non-ISO extended-ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 28/65

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen34251

Size504 B (504 bytes)

MD5ee5b6dc3e7ab972df60b36582e3eaaf4

SHA12a5185acc539fcddac9c33895ec74faf552b62dd

SHA256be84262bbb3f3aabae368745bc3e85b816e372b16bc37327a1887d3a19992df6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE84262BBB3F3AABAE368745BC3E85B816E372B16BC37327A1887D3A19992DF6"
Last-Modified: Wed, 10 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8323
Expires: Fri, 12 Jul 2024 02:24:35 GMT
Date: Fri, 12 Jul 2024 00:05:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-09

Last Seen2024-08-19

Times Seen16077

Size504 B (504 bytes)

MD5e08576e0904dc9903a9c20fa9e3d15b8

SHA174feff76140500fd4a61e89c7e9d8d0a60df1183

SHA256ee690bacddf55fd12ae0c9c39e330e0a1a18776b9edc91b4aa6c5bae28824f1e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EE690BACDDF55FD12AE0C9C39E330E0A1A18776B9EDC91B4AA6C5BAE28824F1E"
Last-Modified: Tue, 09 Jul 2024 15:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13016
Expires: Fri, 12 Jul 2024 03:42:48 GMT
Date: Fri, 12 Jul 2024 00:05:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen39709

Size504 B (504 bytes)

MD5e7492695b5254a3a63fcffb4f1ee8cec

SHA10361713c6d8129210245347284c7c6babfd28fb7

SHA2565d1bc1c01894fd88a0d4680490977488d6458bb58a98ace24ef8aa103538bc1f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D1BC1C01894FD88A0D4680490977488D6458BB58A98ACE24EF8AA103538BC1F"
Last-Modified: Tue, 09 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7808
Expires: Fri, 12 Jul 2024 02:16:00 GMT
Date: Fri, 12 Jul 2024 00:05:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-09

Last Seen2024-08-19

Times Seen23416

Size504 B (504 bytes)

MD5fc076d7a99abd74b9da6b35304bb93e9

SHA19d541501d5141dcf7b4d839d6fcffabec81e1a14

SHA256c86804eff01a7bb9ff866508bfdb1b071cfa4a26617d11094b9f5226e1a4b970

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C86804EFF01A7BB9FF866508BFDB1B071CFA4A26617D11094B9F5226E1A4B970"
Last-Modified: Tue, 09 Jul 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8301
Expires: Fri, 12 Jul 2024 02:24:13 GMT
Date: Fri, 12 Jul 2024 00:05:52 GMT
Connection: keep-alive

ssocsp.cybertrust.ne.jp/OcspServer

104.215.54.174

1.5 kB

URL

ssocsp.cybertrust.ne.jp/OcspServer

IP / ASN

104.215.54.174

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size1.5 kB (1480 bytes)

MD5975ac077bdc08673867afc8466b60761

SHA140629d2b9869c8b2375738f9bc90ec2bf2e27ddc

SHA256c4161664528e16ca24099a351b6933130025b18ba98bf11729d2ef1ecfa85ce5

HTTP Headers

POST /OcspServer HTTP/1.1
Host: ssocsp.cybertrust.ne.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jul 2024 00:05:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1480
Connection: keep-alive
Keep-Alive: timeout=2

ssocsp.cybertrust.ne.jp/OcspServer

104.215.54.174

1.5 kB

URL

ssocsp.cybertrust.ne.jp/OcspServer

IP / ASN

104.215.54.174

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size1.5 kB (1480 bytes)

MD5975ac077bdc08673867afc8466b60761

SHA140629d2b9869c8b2375738f9bc90ec2bf2e27ddc

SHA256c4161664528e16ca24099a351b6933130025b18ba98bf11729d2ef1ecfa85ce5

HTTP Headers

POST /OcspServer HTTP/1.1
Host: ssocsp.cybertrust.ne.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jul 2024 00:05:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1480
Connection: keep-alive
Keep-Alive: timeout=2

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen38767

Size504 B (504 bytes)

MD550e4489707989517510128817aedd2ea

SHA136a54d7b34a9ac621715b569e5a870f62671c574

SHA2563e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5365
Expires: Fri, 12 Jul 2024 01:35:19 GMT
Date: Fri, 12 Jul 2024 00:05:54 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen38767

Size504 B (504 bytes)

MD550e4489707989517510128817aedd2ea

SHA136a54d7b34a9ac621715b569e5a870f62671c574

SHA2563e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5365
Expires: Fri, 12 Jul 2024 01:35:19 GMT
Date: Fri, 12 Jul 2024 00:05:54 GMT
Connection: keep-alive

GET ftp.vector.co.jp/75/26/2956/vCardComv6.08free.zip?a8=WQDdiQ7OUbVd753.AyMmADv4DJJhqDe4_y9dnJv-nafOUbDkq5DbpbMV94X_2_t9jaK4HwDejQDd6s00000007693002

180.214.37.164

200 OK

302 kB

URL

ftp.vector.co.jp/75/26/2956/vCardComv6.08free.zip?a8=WQDdiQ7OUbVd753.AyMmADv4DJJhqDe4_y9dnJv-nafOUbDkq5DbpbMV94X_2_t9jaK4HwDejQDd6s00000007693002

IP / ASN

180.214.37.164

#23637 Equinix Japan Enterprise K.K.

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2023-05-20

Last Seen2025-04-06

Times Seen16

Size302 kB (302404 bytes)

MD5da9b8f4344ac193676bdba47a5c5bc3d

SHA18ebfb75c3b5119eed32eb9de652087f82f13bb0d

SHA2569ee858a01f8d28a186bdeb714d7e685a49762a667bc275e34d21a1531b5b8327

Certificate Info

IssuerCybertrust Japan Co., Ltd.

Subject*.vector.co.jp

FingerprintC1:35:21:DA:4A:69:8A:3D:F9:00:D9:97:2C:78:D0:6B:42:63:A0:E6

ValidityThu, 07 Dec 2023 06:13:11 GMT - Thu, 02 Jan 2025 14:59:00 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 28/65

HTTP Headers

GET /75/26/2956/vCardComv6.08free.zip?a8=WQDdiQ7OUbVd753.AyMmADv4DJJhqDe4_y9dnJv-nafOUbDkq5DbpbMV94X_2_t9jaK4HwDejQDd6s00000007693002 HTTP/1.1
Host: ftp.vector.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 12 Jul 2024 00:05:53 GMT
Server: Apache
Last-Modified: Fri, 15 Jul 2022 15:00:00 GMT
ETag: "3f80d35-49d44-5e3d945ae1c00"
Accept-Ranges: bytes
Content-Length: 302404
Content-Disposition: filename=vCardComv6.08free.zip
Connection: close
Content-Type: application/zip