504 B IP
ASN #20940 Akamai International B.V.
Hash c0fde0756f59aaa5fa85a62f5f528e74
3c2d990e14054ee3b407cc37d77e255533d91ed6
ca44d6619deb0e020993a84c6bfbf1993bf096b13863b706dc8a826499348276
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CA44D6619DEB0E020993A84C6BFBF1993BF096B13863B706DC8A826499348276"
Last-Modified: Wed, 19 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2354
Expires: Sat, 22 Jun 2024 16:35:24 GMT
Date: Sat, 22 Jun 2024 15:56:10 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash f0269d61bdfd971c035a90020cb9f629
06631fd5df5a9bd3b9673361601cc37a34e64f69
47b785dc0588f89f6a0bd23143e340c2fa04f194c59853f63e8b937964655373
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "47B785DC0588F89F6A0BD23143E340C2FA04F194C59853F63E8B937964655373"
Last-Modified: Sat, 22 Jun 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16607
Expires: Sat, 22 Jun 2024 20:32:57 GMT
Date: Sat, 22 Jun 2024 15:56:10 GMT
Connection: keep-alive
GET www.dropbox.com/scl/fi/dyfzjkjnvnrhs6kqx4gsg/caffeine32.exe?rlkey=d1dtrjzjbdwl0ttwxmgzqt5pb&dl=1
302 Found 17 B URL User Request GET HTTP/2 www.dropbox.com/scl/fi/dyfzjkjnvnrhs6kqx4gsg/caffeine32.exe?rlkey=d1dtrjzjbdwl0ttwxmgzqt5pb&dl=1
IP
Certificate IssuerDigiCert Inc
Subject*.dropbox.com
Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43
ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type exported SGML document, ASCII text, with no line terminators
Hash 0f2ac93b07c396febb0557f67f264c69
c8291ab5cb1212f5c502cd06eaa8651d8c62f83e
018d5fc3e4611f8d14809e5f6fadeb737b95e1ee91fb3407065d9c2c354c33ec
GET /scl/fi/dyfzjkjnvnrhs6kqx4gsg/caffeine32.exe?rlkey=d1dtrjzjbdwl0ttwxmgzqt5pb&dl=1 HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-security-policy: style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; frame-ancestors 'self' https://*.dropbox.com ; font-src https://* data: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; base-uri 'self' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js blob: ; connect-src https://* ws://127.0.0.1:*/ws wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; img-src https://* data: blob: ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://apis.google.com/js/ 'nonce-4R2cG5hpOSFuQuc43WpPFIJ2mUU=' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss:, script-src 'unsafe-eval' 'strict-dynamic' 'nonce-4R2cG5hpOSFuQuc43WpPFIJ2mUU=' 'nonce-59pzIEBre7lL8ln0fmwFffrSaOc=' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic
content-type: text/html; charset=utf-8
location: https://uc64ed98ab9133652690ea250cde.dl.dropboxusercontent.com/cd/0/get/CVWFFVOxEFDq4VSkExPk25mEvF4t0xP56f5E5L3jYemQkubUYYtweV-8Jz2m7-0ebPZdnV_lW-4Xihh2eyjPESbUVIKY5tFuVowfcEA2Oqo8r1D4-WcNbTif2Twh7ubhrA8FfbLg3V4tw268WhPzCzce/file?dl=1#
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MzMxOTM4MjkxNzM5MjQ1OTUwMTk3MTk4NTc0NzIxOTc2OTE4NTU1; Path=/; Expires=Thu, 21 Jun 2029 15:56:11 GMT; HttpOnly; Secure; SameSite=None
t=iNFq-TmaRP0urY1MTwzZVe4K; Path=/; Domain=dropbox.com; Expires=Sun, 22 Jun 2025 15:56:11 GMT; HttpOnly; Secure; SameSite=None
__Host-js_csrf=iNFq-TmaRP0urY1MTwzZVe4K; Path=/; Expires=Sun, 22 Jun 2025 15:56:11 GMT; Secure; SameSite=None
__Host-ss=5QxCFklyXg; Path=/; Expires=Sun, 22 Jun 2025 15:56:11 GMT; HttpOnly; Secure; SameSite=Strict
locale=en; Path=/; Domain=dropbox.com; Expires=Thu, 21 Jun 2029 15:56:11 GMT
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noimageindex
x-xss-protection: 1; mode=block
content-length: 17
date: Sat, 22 Jun 2024 15:56:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: envoy
cache-control: no-cache, no-store
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 2eaed1357be347878807ea9058015373
X-Firefox-Spdy: h2
333 kB URL uc64ed98ab9133652690ea250cde.dl.dropboxusercontent.com/cd/0/get/CVWFFVOxEFDq4VSkExPk25mEvF4t0xP56f5E5L3jYemQkubUYYtweV-8Jz2m7-0ebPZdnV_lW-4Xihh2eyjPESbUVIKY5tFuVowfcEA2Oqo8r1D4-WcNbTif2Twh7ubhrA8FfbLg3V4tw268WhPzCzce/file?dl=1
IP
File type PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size 333 kB (332800 bytes)
Hash 6f6092c8c588dadebc6018ea5bacf7dd
b22255e30e3a3c3effa7c2b6edeb084aa09c270a
40e0fbf29eff616be93e22c20aef7a66e3f193b269c929571487d3f4b4133cdf
Analyzer Verdict Alert VirusTotal suspicious
GET /cd/0/get/CVWFFVOxEFDq4VSkExPk25mEvF4t0xP56f5E5L3jYemQkubUYYtweV-8Jz2m7-0ebPZdnV_lW-4Xihh2eyjPESbUVIKY5tFuVowfcEA2Oqo8r1D4-WcNbTif2Twh7ubhrA8FfbLg3V4tw268WhPzCzce/file?dl=1 HTTP/1.1
Host: uc64ed98ab9133652690ea250cde.dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/binary
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="caffeine32.exe"; filename*=UTF-8''caffeine32.exe
content-security-policy: sandbox
etag: 1661481821030724d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 163
x-webkit-csp: sandbox
date: Sat, 22 Jun 2024 15:56:12 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 332800
x-dropbox-response-origin: far_remote
x-dropbox-request-id: de1d6e46cdc243c19c18aaad3a5e7dc2
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash 6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6097
Expires: Sat, 22 Jun 2024 17:37:50 GMT
Date: Sat, 22 Jun 2024 15:56:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6097
Expires: Sat, 22 Jun 2024 17:37:50 GMT
Date: Sat, 22 Jun 2024 15:56:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6097
Expires: Sat, 22 Jun 2024 17:37:50 GMT
Date: Sat, 22 Jun 2024 15:56:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6097
Expires: Sat, 22 Jun 2024 17:37:50 GMT
Date: Sat, 22 Jun 2024 15:56:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6097
Expires: Sat, 22 Jun 2024 17:37:50 GMT
Date: Sat, 22 Jun 2024 15:56:13 GMT
Connection: keep-alive
GET uc64ed98ab9133652690ea250cde.dl.dropboxusercontent.com/cd/0/get/CVWFFVOxEFDq4VSkExPk25mEvF4t0xP56f5E5L3jYemQkubUYYtweV-8Jz2m7-0ebPZdnV_lW-4Xihh2eyjPESbUVIKY5tFuVowfcEA2Oqo8r1D4-WcNbTif2Twh7ubhrA8FfbLg3V4tw268WhPzCzce/file?dl=1
200 OK 333 kB URL User Request GET HTTP/2 uc64ed98ab9133652690ea250cde.dl.dropboxusercontent.com/cd/0/get/CVWFFVOxEFDq4VSkExPk25mEvF4t0xP56f5E5L3jYemQkubUYYtweV-8Jz2m7-0ebPZdnV_lW-4Xihh2eyjPESbUVIKY5tFuVowfcEA2Oqo8r1D4-WcNbTif2Twh7ubhrA8FfbLg3V4tw268WhPzCzce/file?dl=1
IP
Certificate IssuerDigiCert Inc
Subject*.dl.dropboxusercontent.com
Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40
ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size 333 kB (332800 bytes)
Hash 6f6092c8c588dadebc6018ea5bacf7dd
b22255e30e3a3c3effa7c2b6edeb084aa09c270a
40e0fbf29eff616be93e22c20aef7a66e3f193b269c929571487d3f4b4133cdf
Analyzer Verdict Alert VirusTotal suspicious
GET /cd/0/get/CVWFFVOxEFDq4VSkExPk25mEvF4t0xP56f5E5L3jYemQkubUYYtweV-8Jz2m7-0ebPZdnV_lW-4Xihh2eyjPESbUVIKY5tFuVowfcEA2Oqo8r1D4-WcNbTif2Twh7ubhrA8FfbLg3V4tw268WhPzCzce/file?dl=1 HTTP/1.1
Host: uc64ed98ab9133652690ea250cde.dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/binary
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="caffeine32.exe"; filename*=UTF-8''caffeine32.exe
content-security-policy: sandbox
etag: 1661481821030724d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 163
x-webkit-csp: sandbox
date: Sat, 22 Jun 2024 15:56:12 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 332800
x-dropbox-response-origin: far_remote
x-dropbox-request-id: de1d6e46cdc243c19c18aaad3a5e7dc2
X-Firefox-Spdy: h2
157.245.113.153
23.36.76.226