Report - file.lact.ru/f1/s/17/85/basic/1575/758/Test_Informatsiya_Informatsionnyie

Report Overview

Submitted URL
file.lact.ru/f1/s/17/85/basic/1575/758/Test_Informatsiya_Informatsionnyie_protsessyi.exe?t=1483087037
IP
95.181.182.182
ASN
#210756 EdgeCenter LLC
Submitted
2024-07-27 02:21:23
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06	2024-07-26	2.6 kB	7.1 kB	23.36.76.226
e6.o.lencr.org	unknown	2020-06-29	2024-06-07	2024-07-26	326 B	727 B	23.36.76.226
file.lact.ru	unknown	2006-12-21	2022-03-11	2022-09-30	555 B	466 kB	95.181.182.182
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-07-26	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
file.lact.ru/f1/s/17/85/basic/1575/758/Test_Informatsiya_Informatsionnyie_protsessyi.exe?t=1483087037
IP
95.181.182.182
ASN
#210756 EdgeCenter LLC

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
465 kB (465332 bytes)
Hash
90289496a6ab19e8b1719edf3c35b552
04890b4a7357a4cdc2e6285f0c76c7ee99bee068
0e8aa00ec07a1403f207e3dd8ede35161231b32bbbe087df17e282daf34856b3

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/68

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
577f20b1ad1240dc12215f4d93e53b8f
4fb6d79b9c4adb8f712073e9662ceae41a4f097c
523bc00bcd3cc12a640ebce3df80c0aed9fc552c4be5bae1831c00b9027ce0c0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "523BC00BCD3CC12A640EBCE3DF80C0AED9FC552C4BE5BAE1831C00B9027CE0C0"
Last-Modified: Wed, 24 Jul 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6273
Expires: Sat, 27 Jul 2024 04:05:31 GMT
Date: Sat, 27 Jul 2024 02:20:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
559312780d7c69aabb31f612abe74b95
0d0356dc28789b5b2b0164783f2c79b6b7b82f6a
20293009653baaf415bde5c2223feb0a6562281a1dfbcc6af42d844341da6d26

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "20293009653BAAF415BDE5C2223FEB0A6562281A1DFBCC6AF42D844341DA6D26"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15969
Expires: Sat, 27 Jul 2024 06:47:07 GMT
Date: Sat, 27 Jul 2024 02:20:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8f4e7b75de1ed909fa79bbcdafccceac
274c1ea75520a0ea06e19a7e692c034baae2cdc1
62cc974e51b62480f576b53853f8f24bfc873687c02bc23c1713956d4b96c0b1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "62CC974E51B62480F576B53853F8F24BFC873687C02BC23C1713956D4B96C0B1"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6687
Expires: Sat, 27 Jul 2024 04:12:25 GMT
Date: Sat, 27 Jul 2024 02:20:58 GMT
Connection: keep-alive

e6.o.lencr.org/

23.36.76.226

345 B

URL
e6.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
7818d86ef72240e578d149f79f4ac1cd
8d81cb6e20f227777bebfc5ad8d5f678501a3108
7c47717b9288b3e68d24ce000506eb56c27f01f69510b627f3c405812580bdd0

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7C47717B9288B3E68D24CE000506EB56C27F01F69510B627F3C405812580BDD0"
Last-Modified: Wed, 24 Jul 2024 19:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=941
Expires: Sat, 27 Jul 2024 02:36:40 GMT
Date: Sat, 27 Jul 2024 02:20:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
63094f4b48473c45fcd1f13b2f97601f
94df164306834598ffe6426d5f2d61251b6de6b0
e3341fc834f728243f18be4cc3dd969a7d1752e3f805e358afa4df63419dc403

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E3341FC834F728243F18BE4CC3DD969A7D1752E3F805E358AFA4DF63419DC403"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11632
Expires: Sat, 27 Jul 2024 05:34:51 GMT
Date: Sat, 27 Jul 2024 02:20:59 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0b6f864b0a3d0cf483b0830bdb98cded
12564f2826ce74a640c3b65ef52d12f21c8e6f3c
d32892cb09f33f4057712b1c1b511af5ea5528cd0f23ba90858d659ec4fcd190

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D32892CB09F33F4057712B1C1B511AF5EA5528CD0F23BA90858D659EC4FCD190"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2159
Expires: Sat, 27 Jul 2024 02:56:58 GMT
Date: Sat, 27 Jul 2024 02:20:59 GMT
Connection: keep-alive

file.lact.ru/f1/s/17/85/basic/1575/758/Test_Informatsiya_Informatsionnyie_protsessyi.exe?t=1483087037

95.181.182.182

200 OK

465 kB

URL User Request GET HTTP/2
file.lact.ru/f1/s/17/85/basic/1575/758/Test_Informatsiya_Informatsionnyie_protsessyi.exe?t=1483087037
IP
95.181.182.182:443
ASN
#210756 EdgeCenter LLC

Certificate
IssuerLet's Encrypt
Subjectfile.lact.ru
FingerprintDD:41:3F:07:06:7F:5A:C3:B8:AF:51:5C:69:B8:28:35:B4:27:FB:54
ValidityFri, 28 Jun 2024 09:06:46 GMT - Thu, 26 Sep 2024 09:06:45 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
465 kB (465332 bytes)
Hash
90289496a6ab19e8b1719edf3c35b552
04890b4a7357a4cdc2e6285f0c76c7ee99bee068
0e8aa00ec07a1403f207e3dd8ede35161231b32bbbe087df17e282daf34856b3

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/68

HTTP Headers

GET /f1/s/17/85/basic/1575/758/Test_Informatsiya_Informatsionnyie_protsessyi.exe?t=1483087037 HTTP/1.1
Host: file.lact.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jul 2024 02:20:59 GMT
content-type: application/octet-stream
content-length: 465332
last-modified: Wed, 09 Dec 2015 14:09:32 GMT
etag: "5668361c-719b4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cache: MISS
x-node: m9-up-gc72
accept-ranges: bytes
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
91392416ed946eb8b26810ff46d7e57e
8ce21a441df1ac09da4ebf098eaf47e2d74bbff0
5d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6795
Expires: Sat, 27 Jul 2024 04:14:16 GMT
Date: Sat, 27 Jul 2024 02:21:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
91392416ed946eb8b26810ff46d7e57e
8ce21a441df1ac09da4ebf098eaf47e2d74bbff0
5d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6704
Expires: Sat, 27 Jul 2024 04:12:45 GMT
Date: Sat, 27 Jul 2024 02:21:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
91392416ed946eb8b26810ff46d7e57e
8ce21a441df1ac09da4ebf098eaf47e2d74bbff0
5d153b40d51555b8f2717f7e56bfbe3be25b1b38a18b31715eea4ddff345f98a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D153B40D51555B8F2717F7E56BFBE3BE25B1B38A18B31715EEA4DDFF345F98A"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6704
Expires: Sat, 27 Jul 2024 04:12:45 GMT
Date: Sat, 27 Jul 2024 02:21:01 GMT
Connection: keep-alive

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain; p384ecdsa=kmvpChjzeF-4EpJg0CqZfwxEzLFm0mIXVZb-n7gEpZ8utglhsZj0BCjbAUX5wwTXccx00YczmmiWkrhEjF5SsVLQS951be21wIlnC1pbrolKtVtkbFCCQ63gCVdBC63n
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Sat, 27 Jul 2024 02:20:38 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 39
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN