| r10.o.lencr.org/ |  23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb38672175b47aa9644bbcee9f6947113 4cdf55da3f293a7bc81d3327a7437c99c073a977 eb528ca147d5816b33619c0a84781118a4d23e0624be6736d5dd0af02311756c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB528CA147D5816B33619C0A84781118A4D23E0624BE6736D5DD0AF02311756C"
Last-Modified: Tue, 10 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7020
Expires: Fri, 13 Sep 2024 11:31:32 GMT
Date: Fri, 13 Sep 2024 09:34:32 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6f417a1a5ebcee1534c03d401bc1e686 8044ec315b73dfc62fbba88aa848b26e6b9d0572 797b7242665c53d103116e758891ec7b61c10602e290a9f1bb0f190148860c7b
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "797B7242665C53D103116E758891EC7B61C10602E290A9F1BB0F190148860C7B"
Last-Modified: Thu, 12 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15682
Expires: Fri, 13 Sep 2024 13:55:54 GMT
Date: Fri, 13 Sep 2024 09:34:32 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashbc8db5dd6e1f6265c6f1233759c2b928 590e7f3a557d4739a724fed744a6521a4d50a2e8 0d4263632d9c683a030ee57aa35c7d06c71185e1cc00082e83881f55b20d2c9b
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0D4263632D9C683A030EE57AA35C7D06C71185E1CC00082E83881F55B20D2C9B"
Last-Modified: Thu, 12 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6473
Expires: Fri, 13 Sep 2024 11:22:25 GMT
Date: Fri, 13 Sep 2024 09:34:32 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash412d9004c8151860eda05974aee9639c 3e566016927f2bc8db38f5c3ad492183f62b14dd 6d656552984346a0504288ce7a94c63ee549f1d712ed11469f60da8ec3ad7ce9
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6D656552984346A0504288CE7A94C63EE549F1D712ED11469F60DA8EC3AD7CE9"
Last-Modified: Thu, 12 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5502
Expires: Fri, 13 Sep 2024 11:06:15 GMT
Date: Fri, 13 Sep 2024 09:34:33 GMT
Connection: keep-alive
|
|
| GET github.com/pankoza2-pl/salinewin.exe-Malware/raw/main/salinewin.zip |  140.82.121.3 | 302 Found | 0 B |
URL User Request GET HTTP/2github.com/pankoza2-pl/salinewin.exe-Malware/raw/main/salinewin.zip IP140.82.121.3:443
CertificateIssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pankoza2-pl/salinewin.exe-Malware/raw/main/salinewin.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: GitHub.com
date: Fri, 13 Sep 2024 09:34:16 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/main/salinewin.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 84E0:5D967:6785445:6986627:66E40729
X-Firefox-Spdy: h2
|
|
| GET raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/main/salinewin.zip |  185.199.108.133 | 200 OK | 208 kB |
URL User Request GET HTTP/2raw.githubusercontent.com/pankoza2-pl/salinewin.exe-Malware/main/salinewin.zip IP185.199.108.133:443
CertificateIssuerDigiCert Inc Subject*.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT
File typeZip archive data, at least v2.0 to extract, compression method=deflate Size208 kB (208112 bytes) Hash19a966f0b86c67659b15364e89f3748b 94075399f5f8c6f73258024bf442c0bf8600d52b b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | malicious | |
GET /pankoza2-pl/salinewin.exe-Malware/main/salinewin.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"50f34d81f936f494a5cc2ce2db298d597bb6a05b89a19c82c31cedb34276b491"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 3B18:370150:19DD67F:1B01825:66E40718
accept-ranges: bytes
date: Fri, 13 Sep 2024 09:34:33 GMT
via: 1.1 varnish
x-served-by: cache-hel1410027-HEL
x-cache: HIT
x-cache-hits: 1
x-timer: S1726220073.229227,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 1ffae1201aa8ab83ea34ed41c41827c1a4da7dfe
expires: Fri, 13 Sep 2024 09:39:33 GMT
source-age: 16
content-length: 208112
X-Firefox-Spdy: h2
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash168d290815a20e464291c1d0c5277d95 4ae4ab90f60788a17dff631a381fc920823e458e e319cc1080efb5754f0ec12e0be18d9248eb697a82d65b2775239e3ddfb36a6c
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E319CC1080EFB5754F0EC12E0BE18D9248EB697A82D65B2775239E3DDFB36A6C"
Last-Modified: Thu, 12 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3669
Expires: Fri, 13 Sep 2024 10:35:44 GMT
Date: Fri, 13 Sep 2024 09:34:35 GMT
Connection: keep-alive
|
|