Report - agarbot.ovh/ext/ext-prod.zip?1722011764

Report Overview

Visited public
2024-07-26 17:43:14
Tags
URL
agarbot.ovh/ext/ext-prod.zip?1722011764
Finishing URL
about:privatebrowsing
IP / ASN
172.67.68.159
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-26 18:12:16	2.0 kB	5.3 kB	23.33.119.27
agarbot.ovh	215209	2015-10-30	2015-11-07 23:08:24	2022-10-28 15:06:49	493 B	188 kB	104.26.11.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
agarbot.ovh/ext/ext-prod.zip?1722011764
IP
104.26.11.97
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
188 kB (187602 bytes)
Hash
ca8d0568c68ba0e397eb72e81a2bcfd6
0c3f2fc3102fbc8f370f5d5d0f6aa9d6ade6f9df
8384657555ff1f0ff81f7c0a174f61f808354d0d3209292385ebbc2ef9628781

Archive (17)

Modified	Filename	Size	Md5	File type
2024-04-21 20:06	manifest.json	1.7 kB	6967f6927a670e26c60f0062c204912f	JSON text data
2023-12-18 14:23	agarclient.js	135 kB	2c0fd76a5639cd204be4f32b25fb66da	JavaScript source, ASCII text, with very long lines (65536), with no line terminators
2023-12-18 14:27	back.js	2.8 kB	ccb2de041ceccc99d37f9eb8ff98d406	JavaScript source, ASCII text, with very long lines (2792), with no line terminators
2019-11-07 19:57	background.html	537 B	0d66c00510cf3f30ca327c6d665cfe31	HTML document, ASCII text, with CRLF line terminators
2024-04-21 19:57	content.js	24 kB	edc6ca2543a0cb8596571c71b0e58203	JavaScript source, ASCII text, with very long lines (23778), with no line terminators
2019-11-07 19:42	contentscript.js	197 B	08bf6f24ec08cd4ccb3c248e6b4b9109	ASCII text, with CRLF line terminators
2019-11-03 23:50	grecapcha.js	763 B	36306edc952b8278309901e850db1844	JavaScript source, ASCII text, with very long lines (763), with no line terminators
2016-07-01 18:40	jquery.js	294 kB	f3b9e41afb2e172769c3638ebb77708f	JavaScript source, ASCII text
2021-03-08 13:20	nouislider.css	6.1 kB	48bfc939d8cd15b1e424303a76d835ac	ASCII text, with CRLF line terminators
2021-03-08 13:21	nouislider.js	102 kB	eea6c2f892ef686507ec416a6850316d	JavaScript source, ASCII text, with CRLF line terminators
2019-05-06 17:38	socket.io.js	62 kB	e1d5904149bb2f5d90a03ec537d3ea62	JavaScript source, ASCII text, with very long lines (32031), with CRLF line terminators
2019-10-18 20:26	ui.css	15 kB	b48f262fabd7d68e6fd3b8d9dd28e79f	ASCII text, with very long lines (5816), with CRLF line terminators
2021-03-08 13:38	wNumb.js	9.8 kB	7055b89b52a32492c3cb8542146a389c	JavaScript source, ASCII text, with CRLF line terminators
2020-08-24 21:46	messages.json	1.8 kB	6ca24736c1b96caaf9664ea5206281d2	JSON text data
2016-01-02 12:32	icon128.png	8.0 kB	b277a2ad995d09242b4c22b4e5dfece4	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
2016-01-02 12:32	icon16.png	724 B	cabf5f7aae6df5e6fed645376fa3ddfd	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
2016-01-02 12:32	icon48.png	2.6 kB	d8e9ec65a487f61d67485a11d621e249	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/61

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
577f20b1ad1240dc12215f4d93e53b8f
4fb6d79b9c4adb8f712073e9662ceae41a4f097c
523bc00bcd3cc12a640ebce3df80c0aed9fc552c4be5bae1831c00b9027ce0c0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "523BC00BCD3CC12A640EBCE3DF80C0AED9FC552C4BE5BAE1831C00B9027CE0C0"
Last-Modified: Wed, 24 Jul 2024 18:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7602
Expires: Fri, 26 Jul 2024 18:43:26 GMT
Date: Fri, 26 Jul 2024 16:36:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
21fba4953d0a666a4844d872097cb8f4
80ac64ff700d5d02eb9901123ecd64f02c9e3ec2
f5c60f75b60eb8ef8e42e66fcad10e8df5759fe29bad30a23871fb7c1da61456

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F5C60F75B60EB8EF8E42E66FCAD10E8DF5759FE29BAD30A23871FB7C1DA61456"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12016
Expires: Fri, 26 Jul 2024 19:57:00 GMT
Date: Fri, 26 Jul 2024 16:36:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8f4e7b75de1ed909fa79bbcdafccceac
274c1ea75520a0ea06e19a7e692c034baae2cdc1
62cc974e51b62480f576b53853f8f24bfc873687c02bc23c1713956d4b96c0b1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "62CC974E51B62480F576B53853F8F24BFC873687C02BC23C1713956D4B96C0B1"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13585
Expires: Fri, 26 Jul 2024 20:23:09 GMT
Date: Fri, 26 Jul 2024 16:36:44 GMT
Connection: keep-alive

agarbot.ovh/ext/ext-prod.zip?1722011764

104.26.11.97

200 OK

188 kB

URL User Request GET HTTP/2
agarbot.ovh/ext/ext-prod.zip?1722011764
IP
104.26.11.97:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectagarbot.ovh
FingerprintFD:85:2F:42:84:3D:FA:29:E0:96:B0:5E:F3:CB:D5:35:BC:ED:9C:DA
ValidityThu, 25 Jul 2024 02:35:26 GMT - Wed, 23 Oct 2024 02:35:25 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
188 kB (187602 bytes)
Hash
ca8d0568c68ba0e397eb72e81a2bcfd6
0c3f2fc3102fbc8f370f5d5d0f6aa9d6ade6f9df
8384657555ff1f0ff81f7c0a174f61f808354d0d3209292385ebbc2ef9628781

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/61

HTTP Headers

GET /ext/ext-prod.zip?1722011764 HTTP/1.1
Host: agarbot.ovh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jul 2024 16:36:44 GMT
content-type: application/zip
content-length: 187602
last-modified: Sun, 21 Apr 2024 18:07:39 GMT
etag: "662555eb-2dcd2"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yp59WdPSy%2FHEXBFnBZmd7z0NtBv9nZ7d903LGVkM%2Fm7wDGh6vEXyhoEGwD4rUDoHrKB6nghw0Z5qBTgZjDiaxyCRJ%2B7VymsO5cIiI%2F30%2FE%2Bh9wD0rdg%2BoN2DPmdA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a95cf73eae356b7-OSL
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b1e4e1a92df74669a74711c4eaef2acc
a26f28116849cc857a0e31e3495f659e0cd36ac4
77f9d9afcb4a72b62085fa7ca04adb0007edaec1ab4bde5c4b82272a786a6cad

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "77F9D9AFCB4A72B62085FA7CA04ADB0007EDAEC1AB4BDE5C4B82272A786A6CAD"
Last-Modified: Wed, 24 Jul 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17705
Expires: Fri, 26 Jul 2024 21:31:50 GMT
Date: Fri, 26 Jul 2024 16:36:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
edb57be0536524541d7ac5d4ee6b5585
a34a54318477c70e34c9f5e27cba428b4530b05b
895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2996
Expires: Fri, 26 Jul 2024 17:26:43 GMT
Date: Fri, 26 Jul 2024 16:36:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
edb57be0536524541d7ac5d4ee6b5585
a34a54318477c70e34c9f5e27cba428b4530b05b
895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2996
Expires: Fri, 26 Jul 2024 17:26:43 GMT
Date: Fri, 26 Jul 2024 16:36:47 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (17)

Detections

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers