Report - trendyscreen.co/wp-content/server/dsf4i000954.zip

Report Overview

Visitedpublic

2024-07-11 01:02:47

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-09 18:12:41	2.3 kB	6.2 kB	23.36.77.32
trendyscreen.co	unknown	2023-09-19	2023-09-20 01:17:40	2023-09-21 19:48:59	503 B	6.8 MB	198.187.31.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

trendyscreen.co/wp-content/server/dsf4i000954.zip

IP / ASN

198.187.31.229

#22612 NAMECHEAP-NET

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size6.8 MB (6821893 bytes)

MD51a111248461db6baadd1106730b5f541

SHA106e8002ed1a3d60090526b567368d9009aaa814d

SHA2565d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83

Archive (10)

Modified	Filename	Size	MD5	File type
2024-07-07 19:07	File ver2-065.msi	4.5 MB	094bffe76d0e01a0a2dddc7021916c24	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: ComboTIFF for Windows (64 Bit) - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 0.0.0.0, Subject: ComboTIFF for Windows (64 Bit) - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: iRedSoft Technology Inc, Keywords: Installer, Comments: This installation was built with Inno Setup., Template: Intel;1033, Revision Number: {4C0DED81-118E-4270-B4EA-66090A44E4D8}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
2024-07-01 14:00	License.txt	403 kB	0507b454d8793e3c59ed750dfeead0f4	Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators
2024-03-08 19:03	app_type.xml	159 B	c6e524037a2152d1963a2c29dbfa2966	XML 1.0 document, ASCII text, with CRLF line terminators
2023-12-15 16:11	config.ini	175 B	c487e005db348b8885a99b7327401168	ASCII text, with CRLF line terminators
2023-12-11 20:55	part1.7z	82 B	376c011a05342973485d88ac988383ca	7-zip archive data, version 0.4
2023-12-11 20:55	part2.7z	167 B	18f06a80a2bf297e36da89e4b7ae0e8e	7-zip archive data, version 0.4
2023-12-11 20:55	part3.7z	360 B	3423b37119f842d6e9838c721e97124c	7-zip archive data, version 0.4
2023-12-15 16:11	unins000.dat	2.8 MB	a73d07ab51f706c4c75e1c8c41972b07	InnoSetup Log lesta Wotspeak ModPack 1.23.0.0 ver.3 {JustDj-D437-4D2E-BFBD-2E44F58DD32C}, version 0x418, 2801435 bytes, LAPTOP-I2\PC�� , C:\Games\Tanki�� ^
2023-12-15 16:10	unins000.exe	1.5 MB	3ab31d714c50ae078f9eaba7b2497191	PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
2023-09-08 08:45	vivoxsdk.dll	4.1 MB	2e61c567d528d08cef62b718cb8aa82f	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/66

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-09

Last Seen2024-08-19

Times Seen16077

Size504 B (504 bytes)

MD5e08576e0904dc9903a9c20fa9e3d15b8

SHA174feff76140500fd4a61e89c7e9d8d0a60df1183

SHA256ee690bacddf55fd12ae0c9c39e330e0a1a18776b9edc91b4aa6c5bae28824f1e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EE690BACDDF55FD12AE0C9C39E330E0A1A18776B9EDC91B4AA6C5BAE28824F1E"
Last-Modified: Tue, 09 Jul 2024 15:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13077
Expires: Thu, 11 Jul 2024 04:40:16 GMT
Date: Thu, 11 Jul 2024 01:02:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen34251

Size504 B (504 bytes)

MD5ee5b6dc3e7ab972df60b36582e3eaaf4

SHA12a5185acc539fcddac9c33895ec74faf552b62dd

SHA256be84262bbb3f3aabae368745bc3e85b816e372b16bc37327a1887d3a19992df6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE84262BBB3F3AABAE368745BC3E85B816E372B16BC37327A1887D3A19992DF6"
Last-Modified: Wed, 10 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3213
Expires: Thu, 11 Jul 2024 01:55:52 GMT
Date: Thu, 11 Jul 2024 01:02:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen39709

Size504 B (504 bytes)

MD5e7492695b5254a3a63fcffb4f1ee8cec

SHA10361713c6d8129210245347284c7c6babfd28fb7

SHA2565d1bc1c01894fd88a0d4680490977488d6458bb58a98ace24ef8aa103538bc1f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D1BC1C01894FD88A0D4680490977488D6458BB58A98ACE24EF8AA103538BC1F"
Last-Modified: Tue, 09 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3592
Expires: Thu, 11 Jul 2024 02:02:11 GMT
Date: Thu, 11 Jul 2024 01:02:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-09

Last Seen2024-08-19

Times Seen12065

Size504 B (504 bytes)

MD59b556e25e514a3cd5829bc4d938e5517

SHA185eeba07dc1438e7433ce7a145500164d842d5db

SHA25622f599883dc87540746708049ea46ec4eb88c81c924ba145a58bebd5ee3199cb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "22F599883DC87540746708049EA46EC4EB88C81C924BA145A58BEBD5EE3199CB"
Last-Modified: Tue, 09 Jul 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7126
Expires: Thu, 11 Jul 2024 03:01:05 GMT
Date: Thu, 11 Jul 2024 01:02:19 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen38767

Size504 B (504 bytes)

MD550e4489707989517510128817aedd2ea

SHA136a54d7b34a9ac621715b569e5a870f62671c574

SHA2563e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14534
Expires: Thu, 11 Jul 2024 05:04:35 GMT
Date: Thu, 11 Jul 2024 01:02:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen38767

Size504 B (504 bytes)

MD550e4489707989517510128817aedd2ea

SHA136a54d7b34a9ac621715b569e5a870f62671c574

SHA2563e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14534
Expires: Thu, 11 Jul 2024 05:04:35 GMT
Date: Thu, 11 Jul 2024 01:02:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-10

Last Seen2024-08-19

Times Seen38767

Size504 B (504 bytes)

MD550e4489707989517510128817aedd2ea

SHA136a54d7b34a9ac621715b569e5a870f62671c574

SHA2563e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14534
Expires: Thu, 11 Jul 2024 05:04:35 GMT
Date: Thu, 11 Jul 2024 01:02:21 GMT
Connection: keep-alive

GET trendyscreen.co/wp-content/server/dsf4i000954.zip

198.187.31.229

200 OK

6.8 MB

URL

trendyscreen.co/wp-content/server/dsf4i000954.zip

IP / ASN

198.187.31.229

#22612 NAMECHEAP-NET

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size6.8 MB (6821893 bytes)

MD51a111248461db6baadd1106730b5f541

SHA106e8002ed1a3d60090526b567368d9009aaa814d

SHA2565d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83

Certificate Info

IssuerSectigo Limited

Subjecttrendyscreen.co

FingerprintCD:B4:9E:F3:67:25:3F:17:75:1B:AE:97:62:8D:02:D0:9D:AC:71:03

ValidityThu, 21 Sep 2023 00:00:00 GMT - Sat, 21 Sep 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/66

HTTP Headers

GET /wp-content/server/dsf4i000954.zip HTTP/1.1
Host: trendyscreen.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Sun, 07 Jul 2024 15:19:30 GMT
accept-ranges: bytes
content-length: 6821893
date: Thu, 11 Jul 2024 01:02:20 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2