Report - download.afirstsoft.com/downloads/afirstsoft-pdf

Report Overview

Visited public
2024-08-07 00:51:23
Tags
Submit Tags
URL
download.afirstsoft.com/downloads/afirstsoft-pdf_8379.exe?rnclid=11722556800012568501
Finishing URL
about:privatebrowsing
IP / ASN
104.18.16.57
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown				2.0 kB	5.3 kB	23.36.76.226
download.afirstsoft.com	unknown				539 B	2.3 MB	104.18.17.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
75efd2f3585f3075b07d7001e610bf02
afeabc51586d1efe3d02337b8a43741c0d5a79b5
26b1b697a9cff033ffa5ef52c9261a48313b206b2093d4d0aa6a9d3e9d24ab15

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26B1B697A9CFF033FFA5EF52C9261A48313B206B2093D4D0AA6A9D3E9D24AB15"
Last-Modified: Tue, 06 Aug 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4871
Expires: Wed, 07 Aug 2024 02:12:08 GMT
Date: Wed, 07 Aug 2024 00:50:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
364e0d4e7956b61b144a82620b9fee26
8d45d1cf6f1805ae7308ae92b1676839bcc84dc2
167eb76ed650b4d8ed7747252181955a5803628ec02ca02edfe509b1b403786b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "167EB76ED650B4D8ED7747252181955A5803628EC02CA02EDFE509B1B403786B"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4624
Expires: Wed, 07 Aug 2024 02:08:01 GMT
Date: Wed, 07 Aug 2024 00:50:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e7a128439c6dec237227cc4b883a2c99
7794fc9e9bc964823a96cec60a2ec829dbce9919
f0a648a200fc7849174d4b74c6fbfee82b5bd098c9c9cae7084bdafaba169e3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0A648A200FC7849174D4B74C6FBFEE82B5BD098C9C9CAE7084BDAFABA169E3B"
Last-Modified: Tue, 06 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Wed, 07 Aug 2024 02:31:53 GMT
Date: Wed, 07 Aug 2024 00:50:58 GMT
Connection: keep-alive

GET download.afirstsoft.com/downloads/afirstsoft-pdf_8379.exe?rnclid=11722556800012568501

104.18.17.57

200 OK

2.3 MB

URL User Request GET HTTP/2
download.afirstsoft.com/downloads/afirstsoft-pdf_8379.exe?rnclid=11722556800012568501
IP
104.18.17.57:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectafirstsoft.com
Fingerprint7A:5D:30:9E:89:41:5C:1D:5D:72:E2:40:A4:CA:44:CF:6B:6B:CB:EC
ValidityThu, 11 Jul 2024 05:27:39 GMT - Wed, 09 Oct 2024 06:27:25 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
2.3 MB (2309656 bytes)
Hash
e5563b730bc888251b95c8f1adfbf7a6
63ca8293b0c4f61c4c30f0eba1ea204d48866e35
26c9fee85c6fbe837c807e5634872d0d717e60cc9e97ab9e6fb0f393e0d5ae59

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/59

HTTP Headers

GET /downloads/afirstsoft-pdf_8379.exe?rnclid=11722556800012568501 HTTP/1.1
Host: download.afirstsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 07 Aug 2024 00:50:58 GMT
content-type: application/octet-stream
content-length: 2309656
cf-ray: 8af346897893568b-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 2014
cache-control: public, max-age=691200
content-disposition: attachment;filename=afirstsoft-pdf_11722556800012568501.exe
etag: "66a8cce9-233e18"
expires: Thu, 15 Aug 2024 00:50:58 GMT
last-modified: Tue, 30 Jul 2024 11:22:17 GMT
vary: Accept-Encoding
set-cookie: __cf_bm=zIFxq2ICnXQCHBJ7YytjkidXFDc.8WlkIcWEfzvBgR8-1722991858-1.0.1.1-ffeqb_53jAA085eJHDgWsyDnPIA8AjT_sKeekUDDv1xK4TPTDvfF5_DIOpEx3F2UNgvRwykrqIOTfaRydbBLKA; path=/; expires=Wed, 07-Aug-24 01:20:58 GMT; domain=.afirstsoft.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ad08a2764470070a728a228f5cca3296
3e8d448130fe3c6ad6e88a0ff3dd170855740e6f
c508461997b3781963d5494bb2517544c6ad0b2a8029d1a1009a6bb3ff6b0fd7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C508461997B3781963D5494BB2517544C6AD0B2A8029D1A1009A6BB3FF6B0FD7"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17533
Expires: Wed, 07 Aug 2024 05:43:11 GMT
Date: Wed, 07 Aug 2024 00:50:58 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
460334cc4e5b7d0e9bae1a2db2ad27cd
b0a331b5252d61b68e687dc25581842a360aac4f
8e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2385
Expires: Wed, 07 Aug 2024 01:30:45 GMT
Date: Wed, 07 Aug 2024 00:51:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
460334cc4e5b7d0e9bae1a2db2ad27cd
b0a331b5252d61b68e687dc25581842a360aac4f
8e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2385
Expires: Wed, 07 Aug 2024 01:30:45 GMT
Date: Wed, 07 Aug 2024 00:51:00 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers