IP 23.36.77.32:0
ASN#20940 Akamai International B.V.
Hashb7dbdd91e33b4b40b990affe38907ed8 8c1dc814dfd071e0c4dcfc0f5429eb7c221d609a 842512e65717b866647d52bc726c962cc42c7e2027c53a2b5b79d7b86d2e50fc
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "842512E65717B866647D52BC726C962CC42C7E2027C53A2B5B79D7B86D2E50FC"
Last-Modified: Sun, 30 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5100
Expires: Tue, 02 Jul 2024 00:55:07 GMT
Date: Mon, 01 Jul 2024 23:30:07 GMT
Connection: keep-alive
|
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashf6d043d7b5e98906db1fe2695e98859c 154db889ef567d2839bb7eaa15818cd546495b4f f4fcc79261acda8e1cb81b9fc6524ee560b60740b0cf8107308dc82750dc079a
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F4FCC79261ACDA8E1CB81B9FC6524EE560B60740B0CF8107308DC82750DC079A"
Last-Modified: Sat, 29 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16248
Expires: Tue, 02 Jul 2024 04:00:56 GMT
Date: Mon, 01 Jul 2024 23:30:08 GMT
Connection: keep-alive
|
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashcbf18fc0b8495e9002d75d18377ee564 26efedcb55b771589d559b798261c86a87c0b313 3358d5f916c82bb4d1a67b717d2a280302e3f54a687893b0c2556c93616cbdfb
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3358D5F916C82BB4D1A67B717D2A280302E3F54A687893B0C2556C93616CBDFB"
Last-Modified: Sat, 29 Jun 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14401
Expires: Tue, 02 Jul 2024 03:30:09 GMT
Date: Mon, 01 Jul 2024 23:30:08 GMT
Connection: keep-alive
|
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2424
Expires: Tue, 02 Jul 2024 00:10:34 GMT
Date: Mon, 01 Jul 2024 23:30:10 GMT
Connection: keep-alive
|
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc4b71305103f33b56dd398fb1f3fa9fe 6237cf96ced2a5d69a73769180ae8250221727ea 4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2424
Expires: Tue, 02 Jul 2024 00:10:34 GMT
Date: Mon, 01 Jul 2024 23:30:10 GMT
Connection: keep-alive
|
| file.mydrivers.com/DG_2012_SP6_3025U2.exe |  221.194.141.151 | 200 OK | 30 MB |
URL User Request GET HTTP/1.1file.mydrivers.com/DG_2012_SP6_3025U2.exe IP221.194.141.151:80 ASN#4837 CHINA UNICOM China169 Backbone
File typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections Size30 MB (29530040 bytes) Hash5948f56b79aefc296deed00acc86d37a 9e4143f1462cb6dbfc8fe973c3cb3e6f659f98f9 c4a2cc8b2646122fc91b03e4189dfc5eedfcd48ec14fc2d23c77a5abb066f03a
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | malicious | |
| NIDS | Severity | Alert |
|---|
| suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | | suricata | low | ET INFO EXE - Served Attached HTTP |
GET /DG_2012_SP6_3025U2.exe HTTP/1.1
Host: file.mydrivers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 01 Jul 2024 23:30:10 GMT
Content-Type: application/x-msdownload
Content-Length: 29530040
Connection: keep-alive
Server: openresty
CloudServiceDiscount: CDN
x-obs-request-id: 0000019029D02E33B0274BF249AC297B
x-obs-replication-status: COMPLETED
ETag: "5948f56b79aefc296deed00acc86d37a"
Last-Modified: Fri, 04 Aug 2023 07:03:50 GMT
Content-Disposition: attachment
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS1KHaItWxRsOWlFlMLISEdv1svcr2bA
X-CCDN-Expires: 31097904
via: CHN-HElangfang-AREACUCC2-CACHE9[3],CHN-HElangfang-AREACUCC2-CACHE73[0,TCP_HIT,0],CHN-HElangfang-GLOBAL6-CACHE122[49],CHN-HElangfang-GLOBAL6-CACHE53[0,TCP_HIT,47]
x-hcs-proxy-type: 1
X-CCDN-CacheTTL: 31536000
nginx-hit: 1
Age: 438107
Accept-Ranges: bytes
|