IP 23.36.76.226:0
ASN#20940 Akamai International B.V.
Hashb4e7d529107c1c5044860fb7b56942ca dceacb49fd49caaa8aaa4e403f2516696467fe24 d5e5dfe382059e479448fbd9adc4d0130f6fa669a454173c6fbc377f23397312
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D5E5DFE382059E479448FBD9ADC4D0130F6FA669A454173C6FBC377F23397312"
Last-Modified: Sat, 27 Jul 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5924
Expires: Mon, 29 Jul 2024 13:13:56 GMT
Date: Mon, 29 Jul 2024 11:35:12 GMT
Connection: keep-alive
|
| agentinstall.fleetdeck.io/fleetdeck-agent-XC56ENJT5wJiVGUcaYwJZE.exe |  54.240.174.106 | 200 OK | 4.1 MB |
URL User Request GET HTTP/2agentinstall.fleetdeck.io/fleetdeck-agent-XC56ENJT5wJiVGUcaYwJZE.exe IP54.240.174.106:443
CertificateIssuerAmazon Subjectfleetdeck.io FingerprintD9:02:9F:25:F1:18:61:2C:EF:64:AD:C7:D4:F7:D0:E0:A6:4D:9E:9A ValiditySun, 22 Oct 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections Size4.1 MB (4081208 bytes) Hash6752481fd300dea0187308723e547b1b fb93016273f1b24f6e653300f1ffe5d3f3ae20e6 4d3ffa138d22ca0a04b8076de0a5ab8ae420f56573ee4345d2dd342bc34247bb
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | Detect files is `SliverFox` malware |
GET /fleetdeck-agent-XC56ENJT5wJiVGUcaYwJZE.exe HTTP/1.1
Host: agentinstall.fleetdeck.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-msdownload
content-length: 4081208
date: Mon, 29 Jul 2024 11:35:14 GMT
last-modified: Mon, 29 Jul 2024 11:34:59 GMT
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="Yjg0OWZjMTUtNzUxNS00MDI2LWIyNWUtODcwOWQ5NDM4MWM5"
etag: "6752481fd300dea0187308723e547b1b"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fNchSwVf2uhIrBcD6Ua9czKYoKxqiEfoXuMmIs3nt2pP81ZuNTK4MQ==
X-Firefox-Spdy: h2
|
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashfe86340c305817b173f7c0f3f59c795b bae41a5fad9f6cf6e13281eb7d567d6103f292b3 310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14466
Expires: Mon, 29 Jul 2024 15:36:20 GMT
Date: Mon, 29 Jul 2024 11:35:14 GMT
Connection: keep-alive
|
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashfe86340c305817b173f7c0f3f59c795b bae41a5fad9f6cf6e13281eb7d567d6103f292b3 310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14466
Expires: Mon, 29 Jul 2024 15:36:20 GMT
Date: Mon, 29 Jul 2024 11:35:14 GMT
Connection: keep-alive
|