Report - github.com/anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip

Report Overview

Visited public
2024-08-28 08:05:08
Tags
URL
github.com/anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-27 18:12:09	1.6 kB	4.4 kB	23.36.77.32
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-27 18:12:12	981 B	2.7 kB	23.36.76.226
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-08-26 10:52:48	534 B	4.3 kB	140.82.121.4
objects.githubusercontent.com	134060	2014-02-06	2021-11-01 22:34:29	2024-08-27 16:21:30	988 B	14 MB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240828T080437Z&X-Amz-Expires=300&X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=788602973&response-content-disposition=attachment%3B%20filename%3Dexm.zip&response-content-type=application%2Foctet-stream
IP
185.199.109.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
14 MB (13896079 bytes)
Hash
de4e8080f24bde2d50836aba1efaebb0
4dc443ba1e8f9cdeae72e8c4c5b1694bb91d942d
5c2c664bd6bd9f53124f827b6831e268824d78dbc2af4969774412743cd4f028

Archive (18)

Filename

Md5

File type

autoruns.chm

2c099793584365b8897fca7a4fa397e8

MS Windows HtmlHelp Data

Autoruns.exe

17bd13edd536269c417ba8e1b4534fbe

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Autoruns64.exe

6ae8e963b33ee52df761412b451b2962

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Autoruns64a.exe

d518661b0940e2464aa8d3073599ab89

PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections

autorunsc.exe

1d4611e03d8f32ae08cf8ade9a958729

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

autorunsc64.exe

848e852089ba84056308e184b034c302

PE32+ executable (console) x86-64, for MS Windows, 7 sections

autorunsc64a.exe

0c790f64e69f9d9a4cbde5e21f1a4e93

PE32+ executable (console) Aarch64, for MS Windows, 6 sections

Eula.txt

8c24c4084cdc3b7e7f7a88444a012bfc

Unicode text, UTF-8 (with BOM) text, with very long lines (518), with CRLF line terminators

EXMservice.exe

ab2dfff7a07b6bfc8158d8ebd047eb06

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

FortniteSettings.exe

a39de0d010e9d34de70abad81f031e23

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Exm_Premium_Profile_V4.nip

d5563eaeb8f6e5dbfb2d01fd24b7c8d5

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

nv.config

ce6d0bc7328b0fab08de80f292c1eaa4

XML 1.0 document, ASCII text

nvidiaProfileInspector.exe

ff5f39370b67a274cb58ba7e2039d2e2

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Reference.xml

1a8493bff2d17c83e299101954dcb562

XML 1.0 document, ASCII text, with CRLF line terminators

Exm_Premium_Power_Plan_V3.pow

abec2ceb9e8425172e1c7bbabbaf8eb1

MS Windows registry file, NT/2000 or above

Wub.exe

82aff8883099cf75462057c4e47e88ac

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Wub.ini

a16bf55cd2ef7d9e56565b0ed1aa208a

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Wub_x64.exe

9d6778f7f274f7ecd4e7e875a7268b64

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
YARAhub by abuse.ch	malware	meth_get_eip
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).

JavaScript (0)

HTTP Transactions (10)

	URL	IP	Response	Size
	r11.o.lencr.org/	23.36.77.32		504 B
URL r11.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash a5c8e602d1c34dad6d2bf031b1922353 5326666dceb77fd224fb1b5d8ab3eeeee07cea4d 8d2071964c9d8a7e8e5e0c36bc5d82199123ce55059a79ffede86b59a9cb8db5 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "8D2071964C9D8A7E8E5E0C36BC5D82199123CE55059A79FFEDE86B59A9CB8DB5" Last-Modified: Mon, 26 Aug 2024 02:33:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2666 Expires: Wed, 28 Aug 2024 08:49:02 GMT Date: Wed, 28 Aug 2024 08:04:36 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 35888f142e8c995a2a992b24009a2cee 8315b1d92f868af492e04ea1d0846ee9fc0328e7 5a2f5a87f6408bbc11020231759db8eeb24c28c0890da8f3ee2565d87b0e1e4c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "5A2F5A87F6408BBC11020231759DB8EEB24C28C0890DA8F3EE2565D87B0E1E4C" Last-Modified: Mon, 26 Aug 2024 02:36:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6575 Expires: Wed, 28 Aug 2024 09:54:11 GMT Date: Wed, 28 Aug 2024 08:04:36 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash f7c4be8bd45166d9a6c01c9002cb0b35 e057803eec2aa279d12d5a361903b66e7eccbb86 0e7a047f2a11f5db27830e9b2b2f9ac4578f8bc34e2a5ac00e194f0ac5e3e4fb HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "0E7A047F2A11F5DB27830E9B2B2F9AC4578F8BC34E2A5AC00E194F0AC5E3E4FB" Last-Modified: Mon, 26 Aug 2024 02:34:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=20328 Expires: Wed, 28 Aug 2024 13:43:25 GMT Date: Wed, 28 Aug 2024 08:04:37 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 5816ac10e25df6aba223283feef4fcc4 341fac36b46eefae0d822171e880f6dc52392a3f 73dd3e76893c7d3e9789faa480774dfada70bad4e7f2ee0e2f05dd03e37167c8 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "73DD3E76893C7D3E9789FAA480774DFADA70BAD4E7F2EE0E2F05DD03E37167C8" Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5889 Expires: Wed, 28 Aug 2024 09:42:46 GMT Date: Wed, 28 Aug 2024 08:04:37 GMT Connection: keep-alive`

	github.com/anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip	140.82.121.4	302 Found	0 B
URL User Request GET HTTP/2 github.com/anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip IP 140.82.121.4:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: GitHub.com date: Wed, 28 Aug 2024 08:04:37 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240828T080437Z&X-Amz-Expires=300&X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=788602973&response-content-disposition=attachment%3B%20filename%3Dexm.zip&response-content-type=application%2Foctet-stream cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com .rel.tunnels.api.visualstudio.com wss://.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: F97A:3243EC:2602E4F:26E548B:66CEDA15 X-Firefox-Spdy: h2

	objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240828T080437Z&X-Amz-Expires=300&X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=788602973&response-content-disposition=attachment%3B%20filename%3Dexm.zip&response-content-type=application%2Foctet-stream	185.199.109.133	200 OK	14 MB
URL User Request GET HTTP/2 objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240828T080437Z&X-Amz-Expires=300&X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=788602973&response-content-disposition=attachment%3B%20filename%3Dexm.zip&response-content-type=application%2Foctet-stream IP 185.199.109.133:443 ASN #54113 FASTLY Certificate IssuerDigiCert Inc Subject.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 14 MB (13896079 bytes) Hash de4e8080f24bde2d50836aba1efaebb0 4dc443ba1e8f9cdeae72e8c4c5b1694bb91d942d 5c2c664bd6bd9f53124f827b6831e268824d78dbc2af4969774412743cd4f028 HTTP Headers GET /github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240828T080437Z&X-Amz-Expires=300&X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=788602973&response-content-disposition=attachment%3B%20filename%3Dexm.zip&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/octet-stream last-modified: Mon, 26 Aug 2024 17:28:02 GMT etag: "0x8DCC5F4703D5796" server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: b0d2954b-101e-0054-69e2-f7ae02000000 x-ms-version: 2020-10-02 x-ms-creation-time: Mon, 26 Aug 2024 17:28:02 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob content-disposition: attachment; filename=exm.zip x-ms-server-encrypted: true via: 1.1 varnish, 1.1 varnish fastly-restarts: 1 accept-ranges: bytes age: 0 date: Wed, 28 Aug 2024 08:04:38 GMT x-served-by: cache-iad-kjyo7100134-IAD, cache-hel1410034-HEL x-cache: HIT, MISS x-cache-hits: 33, 0 x-timer: S1724832278.940294,VS0,VE97 content-length: 13896079 X-Firefox-Spdy: h2

	r11.o.lencr.org/	23.33.119.57		504 B
URL r11.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 0192c7488a56c1b9f50decbbc7c6e924 7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec 571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167" Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3292 Expires: Wed, 28 Aug 2024 08:59:31 GMT Date: Wed, 28 Aug 2024 08:04:39 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.33.119.57		504 B
URL r11.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 0192c7488a56c1b9f50decbbc7c6e924 7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec 571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167" Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3292 Expires: Wed, 28 Aug 2024 08:59:31 GMT Date: Wed, 28 Aug 2024 08:04:39 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.33.119.57		504 B
URL r11.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 0192c7488a56c1b9f50decbbc7c6e924 7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec 571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167" Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3292 Expires: Wed, 28 Aug 2024 08:59:31 GMT Date: Wed, 28 Aug 2024 08:04:39 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.33.119.57		504 B
URL r11.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 0192c7488a56c1b9f50decbbc7c6e924 7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec 571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167" Last-Modified: Mon, 26 Aug 2024 02:38:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3292 Expires: Wed, 28 Aug 2024 08:59:31 GMT Date: Wed, 28 Aug 2024 08:04:39 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (18)

Detections

JavaScript (0)

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash