Report - tools.cam-do.com/SpeedOut/SpeedOut_0.5.exe?_gl=1*8f3kxb*_gcl_au*MTExNzA5OTY3NS4xNzI4OTMyMjU2*_ga*NzkzMDEwNTI4LjE3Mjg5MzIyNDk.*_ga_CL0YHT0K3C*MTcyODkzMjI0OS4xLjEuMTcyODkzMjgyNy4yMS4wLjA.

Report Overview

Visitedpublic

2024-10-14 19:08:01

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06	2024-10-13	1.3 kB	3.5 kB	23.33.119.57
tools.cam-do.com	unknown	2011-02-24	2017-01-30	2020-06-17	639 B	323 B	198.49.23.144
tools.constructiontimelapsecamera.com	unknown	2018-04-27	2019-05-16	2024-01-11	433 B	279 B	198.185.159.145
portal.cam-do.com	unknown	unknown	No data	No data	497 B	1.1 MB	139.59.130.207
r11.o.lencr.org	unknown	2020-06-29	2024-06-07	2024-10-13	654 B	1.8 kB	23.33.119.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

portal.cam-do.com/SpeedOut/SpeedOut_0.5.exe

IP / ASN

139.59.130.207

#14061 DIGITALOCEAN-ASN

File Overview

File TypePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections

Size1.1 MB (1127936 bytes)

MD56ba01267ad7dc4dd6160511bb374f489

SHA1222d50c15e9e0cd6a4a9155f193e1e341c0646bf

SHA25629bd4b77c2ed3fa2de9002a8a519400c8f948296730a665ed278177cbd6ba73d

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/70

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

200 OK

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-14

Last Seen2024-10-15

Times Seen9989

Size504 B (504 bytes)

MD58c678121da7ea2edc90ea014cf3552af

SHA13d76ebd2a3aba8dab56e3c15310551e9b226e249

SHA2561839e2eb73c24c27fda8e6bf4715b73ce52cc1c059bd1dfd9b739e71409cda3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1839E2EB73C24C27FDA8E6BF4715B73CE52CC1C059BD1DFD9B739E71409CDA3B"
Last-Modified: Mon, 14 Oct 2024 08:07:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3681
Expires: Mon, 14 Oct 2024 20:08:56 GMT
Date: Mon, 14 Oct 2024 19:07:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

200 OK

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-15

Times Seen8364

Size504 B (504 bytes)

MD54ef646b0e9b7327e4a942f9294833f80

SHA1292c5eafd5f9d4c35b11f0f3d456cdbe77e30c21

SHA256eb25c0ba5c8244185a6c004482f85ef91889d1f4f368d44bf009bb957e776f28

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB25C0BA5C8244185A6C004482F85EF91889D1F4F368D44BF009BB957E776F28"
Last-Modified: Sun, 13 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3865
Expires: Mon, 14 Oct 2024 20:12:00 GMT
Date: Mon, 14 Oct 2024 19:07:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

200 OK

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-14

Last Seen2024-10-14

Times Seen2590

Size504 B (504 bytes)

MD5521dc7800117b7a6d6d3e6aaee9736f9

SHA11eb0d411dd585112dc15f959e5db333b1239e5a0

SHA25644a7dab7219af152264298720b8ae894517d016c9db41dfba3d290d5a27b102a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "44A7DAB7219AF152264298720B8AE894517D016C9DB41DFBA3D290D5A27B102A"
Last-Modified: Mon, 14 Oct 2024 07:03:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4051
Expires: Mon, 14 Oct 2024 20:15:06 GMT
Date: Mon, 14 Oct 2024 19:07:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

200 OK

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-15

Times Seen4857

Size504 B (504 bytes)

MD5c23e39db05be15386fa548ca7b2c453a

SHA1f74dde624032b136a3decaa16f09a97402ab226f

SHA25642554f548afd03e7799c63539fce43e4bfa688b54b894b564ac51ba30cbaf6f3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "42554F548AFD03E7799C63539FCE43E4BFA688B54B894B564AC51BA30CBAF6F3"
Last-Modified: Sun, 13 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3811
Expires: Mon, 14 Oct 2024 20:11:06 GMT
Date: Mon, 14 Oct 2024 19:07:35 GMT
Connection: keep-alive

GET tools.cam-do.com/SpeedOut/SpeedOut_0.5.exe?_gl=1*8f3kxb*_gcl_au*MTExNzA5OTY3NS4xNzI4OTMyMjU2*_ga*NzkzMDEwNTI4LjE3Mjg5MzIyNDk.*_ga_CL0YHT0K3C*MTcyODkzMjI0OS4xLjEuMTcyODkzMjgyNy4yMS4wLjA.

198.49.23.144

302 Found

0 B

URL

tools.cam-do.com/SpeedOut/SpeedOut_0.5.exe?_gl=1*8f3kxb*_gcl_au*MTExNzA5OTY3NS4xNzI4OTMyMjU2*_ga*NzkzMDEwNTI4LjE3Mjg5MzIyNDk.*_ga_CL0YHT0K3C*MTcyODkzMjI0OS4xLjEuMTcyODkzMjgyNy4yMS4wLjA.

IP / ASN

198.49.23.144

#53831 SQUARESPACE

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606738

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjecttools.cam-do.com

FingerprintC9:90:D0:D0:E4:77:0B:D9:74:11:2F:52:CE:F1:CC:FA:F6:7B:EB:13

ValidityMon, 16 Sep 2024 22:05:05 GMT - Sun, 15 Dec 2024 22:05:04 GMT

HTTP Headers

GET /SpeedOut/SpeedOut_0.5.exe?_gl=1*8f3kxb*_gcl_au*MTExNzA5OTY3NS4xNzI4OTMyMjU2*_ga*NzkzMDEwNTI4LjE3Mjg5MzIyNDk.*_ga_CL0YHT0K3C*MTcyODkzMjI0OS4xLjEuMTcyODkzMjgyNy4yMS4wLjA. HTTP/1.1
Host: tools.cam-do.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
age: 0
date: Mon, 14 Oct 2024 19:07:36 GMT
location: http://tools.constructiontimelapsecamera.com/SpeedOut/SpeedOut_0.5.exe
server: Squarespace
set-cookie: crumb=BY/tzxmxkVcMNTdjNDljYzJiOGRkNGE2OTIxNjU0OGNhM2E0NDIw;Secure;Path=/
x-contextid: oSnNT1P7/CT0h3a74
content-length: 0
X-Firefox-Spdy: h2

GET tools.constructiontimelapsecamera.com/SpeedOut/SpeedOut_0.5.exe

198.185.159.145

302 Found

0 B

URL

tools.constructiontimelapsecamera.com/SpeedOut/SpeedOut_0.5.exe

IP / ASN

198.185.159.145

#53831 SQUARESPACE

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606738

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /SpeedOut/SpeedOut_0.5.exe HTTP/1.1
Host: tools.constructiontimelapsecamera.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Age: 0
Content-Length: 0
Date: Mon, 14 Oct 2024 19:07:36 GMT
Location: https://portal.cam-do.com/SpeedOut/SpeedOut_0.5.exe
Server: Squarespace
Set-Cookie: crumb=BXFcn+IqEnICZDg0YTI0N2MxNzhjOTkxOGU3MzYzM2JiOTFkMzZi;Path=/
X-Contextid: hSe1NEKE/YXJLfKpK

GET portal.cam-do.com/SpeedOut/SpeedOut_0.5.exe

139.59.130.207

200 OK

1.1 MB

URL

portal.cam-do.com/SpeedOut/SpeedOut_0.5.exe

IP / ASN

139.59.130.207

#14061 DIGITALOCEAN-ASN

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections

First Seen2023-04-11

Last Seen2025-05-18

Times Seen9

Size1.1 MB (1127936 bytes)

MD56ba01267ad7dc4dd6160511bb374f489

SHA1222d50c15e9e0cd6a4a9155f193e1e341c0646bf

SHA25629bd4b77c2ed3fa2de9002a8a519400c8f948296730a665ed278177cbd6ba73d

Certificate Info

IssuerLet's Encrypt

Subjectportal.cam-do.com

FingerprintA4:86:43:94:BF:9B:04:FB:89:5F:CA:FC:38:82:23:DA:06:4C:0C:B0

ValiditySun, 15 Sep 2024 05:43:56 GMT - Sat, 14 Dec 2024 05:43:55 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/70

HTTP Headers

GET /SpeedOut/SpeedOut_0.5.exe HTTP/1.1
Host: portal.cam-do.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 14 Oct 2024 19:07:37 GMT
content-type: application/octet-stream
content-length: 1127936
last-modified: Tue, 17 Sep 2024 21:34:37 GMT
etag: "66e9f5ed-113600"
accept-ranges: bytes
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.33.119.27

200 OK

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-14

Times Seen5289

Size504 B (504 bytes)

MD5241105d8fc709e6bd1be3519f5b7866f

SHA1fa41e9781f5c9c82f9a3feb36e44ed02216c1011

SHA25649a0d47bc68becfb87efb3d9271f71a04b3fb324f50bb793a9d012dbe3f0030e

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "49A0D47BC68BECFB87EFB3D9271F71A04B3FB324F50BB793A9D012DBE3F0030E"
Last-Modified: Sat, 12 Oct 2024 11:02:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5216
Expires: Mon, 14 Oct 2024 20:34:34 GMT
Date: Mon, 14 Oct 2024 19:07:38 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

200 OK

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-13

Last Seen2024-10-14

Times Seen5289

Size504 B (504 bytes)

MD5241105d8fc709e6bd1be3519f5b7866f

SHA1fa41e9781f5c9c82f9a3feb36e44ed02216c1011

SHA25649a0d47bc68becfb87efb3d9271f71a04b3fb324f50bb793a9d012dbe3f0030e

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "49A0D47BC68BECFB87EFB3D9271F71A04B3FB324F50BB793A9D012DBE3F0030E"
Last-Modified: Sat, 12 Oct 2024 11:02:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5216
Expires: Mon, 14 Oct 2024 20:34:34 GMT
Date: Mon, 14 Oct 2024 19:07:38 GMT
Connection: keep-alive