Report - 3dsgate-dev.borica.bg/cgi-bin/cgi

Report Overview

Visited public
2024-07-08 16:10:45
Tags
fake_software scam
Submit Tags
URL
3dsgate-dev.borica.bg/cgi-bin/cgi_link
Finishing URL
3dsgate-dev.borica.bg/cgi-bin/cgi_link
IP / ASN
193.41.190.104
#16193 BORICA AD
Title
System Error
Scam - Fake AntiVirus / Security software

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-07 18:12:32	2.0 kB	5.3 kB	23.36.76.226
3dsgate-dev.borica.bg	unknown	unknown	2023-01-20 09:19:07	2023-10-23 10:03:17	943 B	4.8 kB	193.41.190.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b34ca6af54e2b9fea57d418f5d1928f7
510b69f4470789a573217726d6f1a3d6ee765460
41e6a348aac9e9db44bfa14b3aa29d411f4489b375ae1f1be6b0d280af98541d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "41E6A348AAC9E9DB44BFA14B3AA29D411F4489B375AE1F1BE6B0D280AF98541D"
Last-Modified: Mon, 08 Jul 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9959
Expires: Mon, 08 Jul 2024 18:56:13 GMT
Date: Mon, 08 Jul 2024 16:10:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
abec3934929082bd707108b7042796da
4f200b04ad1c6fcac9833107c492a59ebf36dc6e
8e27309b919c0dcb3b0736dd99dad8c7d3bc16b4816dd982e6af6b79d7ead9ed

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E27309B919C0DCB3B0736DD99DAD8C7D3BC16B4816DD982E6AF6B79D7EAD9ED"
Last-Modified: Sun, 07 Jul 2024 03:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2665
Expires: Mon, 08 Jul 2024 16:54:39 GMT
Date: Mon, 08 Jul 2024 16:10:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
41036a4c62e61466443bce27a927e029
39a2a8a258c5feaf020246696135700b0c30740d
e38b3080a1752122f5a174604bd307c54be31c02e0cdb8e2d9354e2a04e1b50f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E38B3080A1752122F5A174604BD307C54BE31C02E0CDB8E2D9354E2A04E1B50F"
Last-Modified: Sun, 07 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14866
Expires: Mon, 08 Jul 2024 20:18:00 GMT
Date: Mon, 08 Jul 2024 16:10:14 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e430ff7defba95ef2e40c2a2623032a3
4df33994f03cf02626fdfe9c6a51a71f5fea6058
ea2bc04f18953a2d203b059f541bf8bfcd32c63d67b8e1113d927453d8cc9a58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EA2BC04F18953A2D203B059F541BF8BFCD32C63D67B8E1113D927453D8CC9A58"
Last-Modified: Sun, 07 Jul 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2997
Expires: Mon, 08 Jul 2024 17:00:11 GMT
Date: Mon, 08 Jul 2024 16:10:14 GMT
Connection: keep-alive

GET 3dsgate-dev.borica.bg/cgi-bin/cgi_link

193.41.190.104

200 OK

210 B

URL User Request GET HTTP/1.1
3dsgate-dev.borica.bg/cgi-bin/cgi_link
IP
193.41.190.104:443
ASN
#16193 BORICA AD

Certificate
IssuerSectigo Limited
Subject*.borica.bg
Fingerprint42:83:E3:7B:9B:6A:5B:D1:9F:D2:AE:53:EB:E3:3B:9D:F6:84:12:2B
ValidityTue, 08 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
210 B (210 bytes)
Hash
ca449d0cf41e41c871c619339bd42ceb
878ed3dd3070412604deb75eb96596adc414bd00
b3e60b0ace6d94ceaeac57b12713e5b282228e210ccdb0efab922a08a3f22806

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /cgi-bin/cgi_link HTTP/1.1
Host: 3dsgate-dev.borica.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 08 Jul 2024 16:10:15 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, ALLOW-FROM https://ecomtestpay.vivacom.bg/, ALLOW-FROM https://web.bulgariainsurance.bg/, ALLOW-FROM https://gateway-dev.zepter.app/, ALLOW-FROM http://samex_dev_test.adastrabg.com/admin/refund, ALLOW-FROM https://tours4you.online/, ALLOW-FROM https://is-bg.net/, ALLOW-FROM https://customs.bg/, ALOOW-FROM https://iqosbg3-stage.bylith.com/bg, ALLOW-FROM https://iqosbgstage-site.monolith.co.il, ALLOW-FROM https://vitaliy-velichko-ucbg-my-zadarma-com-preauto55.sipdc.net/pay/, ALLOW-FROM https://uslugi.io/, ALLOW-FROM https://www.racicbg.com/, ALLOW-FROM https://iqosbg3-stage.bylith.com/bg, ALLOW-FROM https://iqosbgstage-site.monolith.co.il, ALLOW-FROM https://*.sellavi.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src https: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' *.borica.bg *.vivacom.bg *.bulgariainsurance.bg *.zepter.app *.adastrabg.com tours4you.online *.customs.bg *.is-bg.net iqosbg3-stage.bylith.com iqosbgstage-site.monolith.co.il vitaliy-velichko-ucbg-my-zadarma-com-preauto55.sipdc.net *.uslugi.io *.racicbg.com *.stage.bylith.com *.dev.bylith.com *.sellavi.com
Referrer-Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: http://samex_dev_test.adastrabg.com
Content-Length: 210
Content-Type: text/html
Via: 1.1 3dsgate-dev.borica.bg
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

GET 3dsgate-dev.borica.bg/favicon.ico

193.41.190.104

404 Not Found

1.0 kB

URL GET HTTP/1.1
3dsgate-dev.borica.bg/favicon.ico
IP
193.41.190.104:443
ASN
#16193 BORICA AD

Requested by
https://3dsgate-dev.borica.bg/cgi-bin/cgi_link
Certificate
IssuerSectigo Limited
Subject*.borica.bg
Fingerprint42:83:E3:7B:9B:6A:5B:D1:9F:D2:AE:53:EB:E3:3B:9D:F6:84:12:2B
ValidityTue, 08 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT

File type
XML 1.0 document, ASCII text, with CRLF line terminators
Size
1.0 kB (1015 bytes)
Hash
fe697870753c477dd7136ee65b26c886
d6211b21d249b5f410c3a0bb9dcf99e1a92180d3
18f6a90a218fab9c8a3b9cc02f6c33bd7960b7a4ac7d8b7138ba6dd78d6c78f2

Detections

Analyzer	Verdict	Alert
urlquery	scam	Scam - Fake AntiVirus / Security software

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3dsgate-dev.borica.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3dsgate-dev.borica.bg/cgi-bin/cgi_link
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 08 Jul 2024 16:10:15 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN, ALLOW-FROM https://ecomtestpay.vivacom.bg/, ALLOW-FROM https://web.bulgariainsurance.bg/, ALLOW-FROM https://gateway-dev.zepter.app/, ALLOW-FROM http://samex_dev_test.adastrabg.com/admin/refund, ALLOW-FROM https://tours4you.online/, ALLOW-FROM https://is-bg.net/, ALLOW-FROM https://customs.bg/, ALOOW-FROM https://iqosbg3-stage.bylith.com/bg, ALLOW-FROM https://iqosbgstage-site.monolith.co.il, ALLOW-FROM https://vitaliy-velichko-ucbg-my-zadarma-com-preauto55.sipdc.net/pay/, ALLOW-FROM https://uslugi.io/, ALLOW-FROM https://www.racicbg.com/, ALLOW-FROM https://iqosbg3-stage.bylith.com/bg, ALLOW-FROM https://iqosbgstage-site.monolith.co.il, ALLOW-FROM https://*.sellavi.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src https: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' *.borica.bg *.vivacom.bg *.bulgariainsurance.bg *.zepter.app *.adastrabg.com tours4you.online *.customs.bg *.is-bg.net iqosbg3-stage.bylith.com iqosbgstage-site.monolith.co.il vitaliy-velichko-ucbg-my-zadarma-com-preauto55.sipdc.net *.uslugi.io *.racicbg.com *.stage.bylith.com *.dev.bylith.com *.sellavi.com
Referrer-Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: http://samex_dev_test.adastrabg.com
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Via: 1.1 3dsgate-dev.borica.bg
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d7b2c37e4b6c062d80ad32046f42d3d8
131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c
317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2"
Last-Modified: Mon, 08 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10131
Expires: Mon, 08 Jul 2024 18:59:07 GMT
Date: Mon, 08 Jul 2024 16:10:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d7b2c37e4b6c062d80ad32046f42d3d8
131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c
317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2"
Last-Modified: Mon, 08 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10131
Expires: Mon, 08 Jul 2024 18:59:07 GMT
Date: Mon, 08 Jul 2024 16:10:16 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers