| r10.o.lencr.org/ |  23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash958365f13a7c9c28b36a627ba4bb6988 7be2ef560d38e1108a0568e27c637bb3f1c3ba93 7c4568d9d4d6a64ec9f5f43f410373d3c6fb8969a5a5a876087f46b0e713647f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7C4568D9D4D6A64EC9F5F43F410373D3C6FB8969A5A5A876087F46B0E713647F"
Last-Modified: Mon, 23 Sep 2024 13:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4451
Expires: Mon, 23 Sep 2024 19:45:49 GMT
Date: Mon, 23 Sep 2024 18:31:38 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash72e206e9b89445fb2fb4031a6abe6169 a18bebfb86a71685bd817c15e348cfb5ea438c72 856f85441e043130f88668be6cf68110187856f17999bddc4332437d383c79b6
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "856F85441E043130F88668BE6CF68110187856F17999BDDC4332437D383C79B6"
Last-Modified: Mon, 23 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17362
Expires: Mon, 23 Sep 2024 23:21:00 GMT
Date: Mon, 23 Sep 2024 18:31:38 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashac5bb00c5084cf045ab1804337159860 6aa3dc582782c4ed67debf8b6c18b003c07971b9 d11b8e8ec087f14efcd43ebc717ab118e0da9dc5e72775b9a51a971789ceb1cd
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D11B8E8EC087F14EFCD43EBC717AB118E0DA9DC5E72775B9A51A971789CEB1CD"
Last-Modified: Sun, 22 Sep 2024 14:41:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15696
Expires: Mon, 23 Sep 2024 22:53:14 GMT
Date: Mon, 23 Sep 2024 18:31:38 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashc6c7d535128f9eb2ec6dcd3d7d62919a 5aaa50926b462ccfc32d84db180a9af68e4d6b46 d498f9efc3307515c07f69fe4e630319e60c13d37700b7f35297c9b8d442b690
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D498F9EFC3307515C07F69FE4E630319E60C13D37700B7F35297C9B8D442B690"
Last-Modified: Sun, 22 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3983
Expires: Mon, 23 Sep 2024 19:38:01 GMT
Date: Mon, 23 Sep 2024 18:31:38 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash8ab80371465a057b549a046eb6f97853 0ccf179fc8a2f02fc91bdb73161837daf6f5c08a e8d786bfe63e0db6078c37a721dcd2c244ca27d70e5ecc8d99ccea1755073729
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E8D786BFE63E0DB6078C37A721DCD2C244CA27D70E5ECC8D99CCEA1755073729"
Last-Modified: Sun, 22 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2840
Expires: Mon, 23 Sep 2024 19:18:59 GMT
Date: Mon, 23 Sep 2024 18:31:39 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe51a0dfd13659e0a6d1fa3b725697292 455e36a94744a05bacfab40de4c371ed63d36166 64798d0211994a7771889d81f63aacaafd7e128ab1231441aa69c17870149eed
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "64798D0211994A7771889D81F63AACAAFD7E128AB1231441AA69C17870149EED"
Last-Modified: Sun, 22 Sep 2024 01:14:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 24 Sep 2024 00:31:39 GMT
Date: Mon, 23 Sep 2024 18:31:39 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash783d8759e48ca5283d591c5ca5f9f0e0 6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5 0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5827
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 18:31:40 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash783d8759e48ca5283d591c5ca5f9f0e0 6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5 0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5827
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 18:31:40 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash783d8759e48ca5283d591c5ca5f9f0e0 6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5 0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5827
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 18:31:40 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash783d8759e48ca5283d591c5ca5f9f0e0 6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5 0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5827
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 18:31:40 GMT
Connection: keep-alive
|
|
| www.cofaso.com/download/RustDesk.exe |  89.252.180.91 | 200 OK | 21 MB |
URL User Request GET HTTP/1.1www.cofaso.com/download/RustDesk.exe IP89.252.180.91:443 ASN#42846 GNET Internet Telekomunikasyon A.S.
CertificateIssuerLet's Encrypt Subjectcofaso.com FingerprintDE:D0:83:0A:A2:BA:04:AF:69:8C:82:16:7A:5F:6D:17:56:7C:D9:C2 ValidityWed, 31 Jul 2024 16:28:49 GMT - Tue, 29 Oct 2024 16:28:48 GMT
File typePE32+ executable (GUI) x86-64, for MS Windows, 7 sections Size21 MB (20667280 bytes) Hash5d667ee8a8833a8d0d88e74baf40b481 1c15c368e8ba7e6145a9d058517f2f0bc32e3336 04f61d92f0723aadbd6410e329197b7a3d245b8a31ae5f71224946aa83ef3db8
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | suspicious | |
GET /download/RustDesk.exe HTTP/1.1
Host: www.cofaso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Jul 2024 09:56:17 GMT
Accept-Ranges: bytes
ETag: "9a7284bd41d4da1:0"
Server: Microsoft-IIS/8.5
X-Powered-By-Plesk: PleskWin
X-FRAME-OPTIONS: DENY
Date: Mon, 23 Sep 2024 18:30:25 GMT
Content-Length: 20667280
|
|