| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash2b7af8743a0baccf520f7d3c63f9aa03 d531f4d4c3b83565dbe8f972052708201df0d668 542b016f56d55ac6e101e5930905ac5873ab375bb530ae7f2dbbbe98f4663926
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "542B016F56D55AC6E101E5930905AC5873AB375BB530AE7F2DBBBE98F4663926"
Last-Modified: Thu, 01 Aug 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4719
Expires: Thu, 01 Aug 2024 16:25:37 GMT
Date: Thu, 01 Aug 2024 15:06:58 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash44e4b90088be23610d96d270d377406d ce7ab232af453bb960a97435173b3ab09a376054 31567666bda7db348cd6e2ad94576da2c7240872f45e969fd6a52cf14440e95b
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "31567666BDA7DB348CD6E2AD94576DA2C7240872F45E969FD6A52CF14440E95B"
Last-Modified: Thu, 01 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8507
Expires: Thu, 01 Aug 2024 17:28:45 GMT
Date: Thu, 01 Aug 2024 15:06:58 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashd8c8330168da4a9d503ddb04a4df6f87 08502623c14dd495434507146b62dd062e06c609 f37f00b9679113ac2b3b7d43e4d3afa8f3b1861b9f0b31744641771257b5714f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F37F00B9679113AC2B3B7D43E4D3AFA8F3B1861B9F0B31744641771257B5714F"
Last-Modified: Thu, 01 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6153
Expires: Thu, 01 Aug 2024 16:49:31 GMT
Date: Thu, 01 Aug 2024 15:06:58 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hasha4d6b926b81d6d764f45acb544ca4e54 f123a7aae8e5c35edfde0506e9ae0d129b65f28b 6a327a87f207fd32257661671310e329c10e67ee895c4afc67b197ceb2af19b0
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6A327A87F207FD32257661671310E329C10E67EE895C4AFC67B197CEB2AF19B0"
Last-Modified: Thu, 01 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3034
Expires: Thu, 01 Aug 2024 15:57:32 GMT
Date: Thu, 01 Aug 2024 15:06:58 GMT
Connection: keep-alive
|
|
| raw.githubusercontent.com/zusyaku/malware-collection-part-2/main/dobrota_clean.exe | 185.199.109.133 | 200 OK | 8.1 MB |
URL User Request GET HTTP/2raw.githubusercontent.com/zusyaku/malware-collection-part-2/main/dobrota_clean.exe IP185.199.109.133:443
CertificateIssuerDigiCert Inc Subject*.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections Size8.1 MB (8118243 bytes) Hashc8b999419a3c103270290e99189f794c 90148745b61d2c77c1694e43f11faaa9a3d05a0a 9093ff3bc7e78cfe84cadc3a993eeb1c15ce497e94efdcf51c1adcafd0aedf18
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | Detects an SFX archive with automatic script execution | VirusTotal | malicious | |
GET /zusyaku/malware-collection-part-2/main/dobrota_clean.exe HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: W/"7e0956c767490beb9c0c72d8f7a7611b4da42bc6bb700798aed6724198fc1bc9"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 1CB3:0DE7:8E3836:953C49:66ABA492
accept-ranges: bytes
date: Thu, 01 Aug 2024 15:06:59 GMT
via: 1.1 varnish
x-served-by: cache-hel1410030-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1722524819.743067,VS0,VE466
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: ca5906d10ecd8a2073465af753a926822469b3b4
expires: Thu, 01 Aug 2024 15:11:59 GMT
source-age: 0
content-length: 8118243
X-Firefox-Spdy: h2
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash7b71bbce2c5e563fde3afb60497eb33b ffe77143d7aae5b966b693211336919b872de46a 5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F"
Last-Modified: Thu, 01 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6326
Expires: Thu, 01 Aug 2024 16:52:26 GMT
Date: Thu, 01 Aug 2024 15:07:00 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash7b71bbce2c5e563fde3afb60497eb33b ffe77143d7aae5b966b693211336919b872de46a 5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F"
Last-Modified: Thu, 01 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6326
Expires: Thu, 01 Aug 2024 16:52:26 GMT
Date: Thu, 01 Aug 2024 15:07:00 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash7b71bbce2c5e563fde3afb60497eb33b ffe77143d7aae5b966b693211336919b872de46a 5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F"
Last-Modified: Thu, 01 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6326
Expires: Thu, 01 Aug 2024 16:52:26 GMT
Date: Thu, 01 Aug 2024 15:07:00 GMT
Connection: keep-alive
|
|