Report - download.tenorshare.tw/downloads/icarefone-itransgo

Report Overview

Visited public
2024-07-22 03:32:21
Tags
URL
download.tenorshare.tw/downloads/icarefone-itransgo_6265.exe?rnclid=11711670400305568501
Finishing URL
about:privatebrowsing
IP / ASN
104.18.11.150
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-21 18:21:45	2.3 kB	6.2 kB	23.36.77.32
download.tenorshare.tw	unknown	unknown	2020-04-10 11:28:09	2023-09-24 22:47:27	542 B	1.8 MB	104.18.11.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.tenorshare.tw/downloads/icarefone-itransgo_6265.exe?rnclid=11711670400305568501
IP
104.18.11.150
ASN
#13335 CLOUDFLARENET

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
1.8 MB (1811216 bytes)
Hash
48de230032710f3c0801a9fa1f745f48
62e0ff4273809d4e5298a56501a5a04ce1a69e43
a68da4a12982fffb62f43b7d9c79c1ba0caceab65ca5b6edc2be3ac33808c939

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/73

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f58a4b489ef65eff7896802c87e363e7
e7287b89b56c66407955bf95bd03133d2e5945d1
fb270cf16706247adde7efd430fe667555cb37ee35eae763593424a17c624bcd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FB270CF16706247ADDE7EFD430FE667555CB37EE35EAE763593424A17C624BCD"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3013
Expires: Mon, 22 Jul 2024 04:22:09 GMT
Date: Mon, 22 Jul 2024 03:31:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2f796f6340ac7eef4fa2891ac8f8aa1a
27bbc7bb6314b31dcab89f198bc258b040593aa7
778d02decabf7dff03bf5ec4c4eb0f03ac789e89bcfe58353c266c9d66c08834

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "778D02DECABF7DFF03BF5EC4C4EB0F03AC789E89BCFE58353C266C9D66C08834"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6831
Expires: Mon, 22 Jul 2024 05:25:47 GMT
Date: Mon, 22 Jul 2024 03:31:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cf41dddde2cb04d4f8b233b01318bde1
f7f9259cebf98c255ea506e7d7f0170c1e6a9604
90a7510dc4acc5716c9a82e10dcbb6074af14f502e3847f8b6c43caef244ca12

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "90A7510DC4ACC5716C9A82E10DCBB6074AF14F502E3847F8B6C43CAEF244CA12"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6826
Expires: Mon, 22 Jul 2024 05:25:42 GMT
Date: Mon, 22 Jul 2024 03:31:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
00accea3155d7ac730285aec633670a9
fee8ca25b96d24d0c10951f7f4ea28389020e88d
9abd3b5f4de73d55417dcec4bbf72b38cc201842360ed32d763a4c65e35819d8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9ABD3B5F4DE73D55417DCEC4BBF72B38CC201842360ED32D763A4C65E35819D8"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6875
Expires: Mon, 22 Jul 2024 05:26:31 GMT
Date: Mon, 22 Jul 2024 03:31:56 GMT
Connection: keep-alive

download.tenorshare.tw/downloads/icarefone-itransgo_6265.exe?rnclid=11711670400305568501

104.18.11.150

200 OK

1.8 MB

URL User Request GET HTTP/2
download.tenorshare.tw/downloads/icarefone-itransgo_6265.exe?rnclid=11711670400305568501
IP
104.18.11.150:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttenorshare.tw
Fingerprint1F:69:43:99:47:C0:F8:76:7E:3E:6E:72:55:58:E2:61:84:FD:02:CB
ValidityTue, 09 Jul 2024 14:16:43 GMT - Mon, 07 Oct 2024 15:16:26 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
1.8 MB (1811216 bytes)
Hash
48de230032710f3c0801a9fa1f745f48
62e0ff4273809d4e5298a56501a5a04ce1a69e43
a68da4a12982fffb62f43b7d9c79c1ba0caceab65ca5b6edc2be3ac33808c939

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/73

HTTP Headers

GET /downloads/icarefone-itransgo_6265.exe?rnclid=11711670400305568501 HTTP/1.1
Host: download.tenorshare.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 Jul 2024 03:31:56 GMT
content-type: application/octet-stream
content-length: 1811216
cf-ray: 8a705c5849221bfe-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 332991
cache-control: public, max-age=691200
content-disposition: attachment;filename=icarefone-itransgo_11711670400305568501.exe
etag: "647e92a7-1ba310"
expires: Tue, 30 Jul 2024 03:31:56 GMT
last-modified: Tue, 06 Jun 2023 01:57:59 GMT
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10028
Expires: Mon, 22 Jul 2024 06:19:07 GMT
Date: Mon, 22 Jul 2024 03:31:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10028
Expires: Mon, 22 Jul 2024 06:19:07 GMT
Date: Mon, 22 Jul 2024 03:31:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92fe046ed30974fab002b18924562af5
a80246a7f4813076cea6cc1629667b43a094fa97
151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10028
Expires: Mon, 22 Jul 2024 06:19:07 GMT
Date: Mon, 22 Jul 2024 03:31:59 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers