IP23.33.119.10:0 ASN#20940 Akamai International B.V.
Hash3ce85b1d34b1e8024ca9a37cff66221a 39236c242bdb2053821ca7b473582450acff9b39 4efba0f7a3c02e999ff66fdeea5e0170ef5feb724739a1eeb9b4719772c0deac
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4EFBA0F7A3C02E999FF66FDEEA5E0170EF5FEB724739A1EEB9B4719772C0DEAC"
Last-Modified: Sun, 14 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12512
Expires: Mon, 15 Jul 2024 22:14:46 GMT
Date: Mon, 15 Jul 2024 18:46:14 GMT
Connection: keep-alive
|
IP23.33.119.65:0 ASN#20940 Akamai International B.V.
Hash80ee007415e4a9cd9ff180ee56d4fd90 08276896e8774d12a699400ffe88939d02acd056 b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9991
Expires: Mon, 15 Jul 2024 21:32:47 GMT
Date: Mon, 15 Jul 2024 18:46:16 GMT
Connection: keep-alive
|
IP23.33.119.65:0 ASN#20940 Akamai International B.V.
Hash80ee007415e4a9cd9ff180ee56d4fd90 08276896e8774d12a699400ffe88939d02acd056 b76186c793cde690af253f9096553d00dffd54dc33faf5b9a7059b5ce61de651
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B76186C793CDE690AF253F9096553D00DFFD54DC33FAF5B9A7059B5CE61DE651"
Last-Modified: Sat, 13 Jul 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9991
Expires: Mon, 15 Jul 2024 21:32:47 GMT
Date: Mon, 15 Jul 2024 18:46:16 GMT
Connection: keep-alive
|
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash605f75342b00eb6976c834c47462409d 2f60b175907fe5615418b5ae40b5cdada246ba15 dbcb3d82158174d8ad119ea7a3a20e460f0c6123d49cb5696972a2fad522f29f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DBCB3D82158174D8AD119EA7A3A20E460F0C6123D49CB5696972A2FAD522F29F"
Last-Modified: Mon, 15 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17397
Expires: Mon, 15 Jul 2024 23:36:13 GMT
Date: Mon, 15 Jul 2024 18:46:16 GMT
Connection: keep-alive
|
| secureline.avast.tools.avcdn.net/tools/avast/secureline/avast_secureline_setup.exe | 95.101.10.56 | 200 OK | 22 MB |
URL User Request GET HTTP/1.1secureline.avast.tools.avcdn.net/tools/avast/secureline/avast_secureline_setup.exe IP95.101.10.56:80 ASN#20940 Akamai International B.V.
File typePE32 executable (GUI) Intel 80386, for MS Windows, 8 sections Size22 MB (21672280 bytes) Hashce90be472f92d40fc459614478d30f63 130957d86529a80bc0842b5a0826ff0bdb360a3a 5430fa010aeb4b37605070bf0e4b077362953aa2759f3d5b49050b8905e5946a
NIDS | Severity | Alert | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP |
GET /tools/avast/secureline/avast_secureline_setup.exe HTTP/1.1
Host: secureline.avast.tools.avcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/octet-stream
Content-Length: 21672280
Last-Modified: Wed, 23 Oct 2019 08:06:28 GMT
ETag: "5db00a04-14ab158"
Accept-Ranges: bytes
Date: Mon, 15 Jul 2024 18:46:14 GMT
Connection: keep-alive
|