| zerossl.ocsp.sectigo.com/ | 172.64.149.23 | | 316 B |
URL zerossl.ocsp.sectigo.com/ IP172.64.149.23:0
Hash8154a3a4343fea900f94de8eb3214cd7 4ac9b3a6b7d66649194ab6c03ff1010a1c9fe714 a02d1f094a9261492b97b8b36fd73f953d70ac9af11c576affb696a22432d3c0
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 00:38:09 GMT
Content-Type: application/ocsp-response
Content-Length: 316
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 18:20:56 GMT
Expires: Wed, 03 Apr 2024 18:20:55 GMT
Etag: "4ac9b3a6b7d66649194ab6c03ff1010a1c9fe714"
Cache-Control: max-age=495166,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 86bbcba1fd56b50f-OSL
|
| clientfile.jijidown.com/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782 | 120.55.98.203 | 302 Found | 161 B |
URL User Request GET HTTP/2clientfile.jijidown.com/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782 IP120.55.98.203:443 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerZeroSSL Subject*.jijidown.com Fingerprint10:CE:11:4F:42:BA:79:C4:89:41:0F:44:F4:A8:65:92:FB:7C:10:4C ValidityThu, 01 Feb 2024 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb25d5e7ec72fe7c181c56fe286b44875 10f16139f7f5e07bd4a2f49ae4c1a407df5578b6 99d6333713dc294a4d960b71cbdecfcd89d57960c2715ceb2b289199b5fe9297
GET /PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782 HTTP/1.1
Host: clientfile.jijidown.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.14.2
date: Fri, 29 Mar 2024 00:38:09 GMT
content-type: text/html
content-length: 161
location: https://jfile-b.jijidown.com:4433/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782
X-Firefox-Spdy: h2
|
| jfile-b.jijidown.com:4433/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782 | 222.186.139.31 | 200 OK | 1.6 MB |
URL User Request GET HTTP/1.1jfile-b.jijidown.com:4433/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782 IP222.186.139.31:4433
CertificateIssuerZeroSSL Subject*.jijidown.com Fingerprint10:CE:11:4F:42:BA:79:C4:89:41:0F:44:F4:A8:65:92:FB:7C:10:4C ValidityThu, 01 Feb 2024 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections Size1.6 MB (1565184 bytes) Hash63c6a09fac52fe61d6cf3113b6e2f464 e1ee58cdbe982d61424a18da5242206000bad6e4 f592a5ed1882a7df9bee018c11cfef5b8939897d65fd143a3e1ecd286815b847
Analyzer | Verdict | Alert | VirusTotal | suspicious | |
GET /PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=18064782 HTTP/1.1
Host: jfile-b.jijidown.com:4433
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty/1.21.4.3
Date: Fri, 29 Mar 2024 00:38:10 GMT
Content-Type: application/octet-stream
Content-Length: 1565184
Last-Modified: Thu, 30 Dec 2021 08:37:03 GMT
Connection: keep-alive
ETag: "61cd6faf-17e200"
Accept-Ranges: bytes
|