| getdstudio.org/dl/Carrion[V1I6kMQQg].exe | 78.46.163.214 | 200 OK | 76 MB |
URL User Request GET HTTP/2getdstudio.org/dl/Carrion[V1I6kMQQg].exe IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections Size76 MB (75472040 bytes) Hashd36ee1d19ac7a733e73c8aa2642fa125 8bffebf20df83bd175b8bed4a7c44f453b62039a a2aea5ea35b719b030c12f4ca562aa510906f15c7bba59c6e270e01dc316fef8
Analyzer | Verdict | Alert | VirusTotal | malicious | |
GET /dl/Carrion[V1I6kMQQg].exe HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getdstudio.org/dl/Carrion[V1I6kMQQg].exe
Cookie: __h_clearance=d334a3a8f56160ff3b361246599a0ae2658d03ad135e8daa0935a459b275e37c.1715282944
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:06 GMT
content-type: application/x-msdownload
content-length: 75472040
last-modified: Thu, 02 Nov 2023 11:03:33 GMT
vary: Accept-Encoding
etag: "65438205-47f9ca8"
x-xss-protection: 1; mode=block
x-frame-options: DENY
X-Firefox-Spdy: h2
|
|
| getdstudio.org/dl/Carrion[V1I6kMQQg].exe | 78.46.163.214 | 200 OK | 9.7 kB |
URL User Request GET HTTP/2getdstudio.org/dl/Carrion[V1I6kMQQg].exe IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typeHTML document, ASCII text, with very long lines (858) Hash427d2a2d9fb2b84fab3048281adb76a2 36642ded46a30a643c18cb4ef6a752fa5b2b99f0 d3f79e1c30ecd2c24d55d2b319998498ee79f52d701daec42d2dd844396a9a24
GET /dl/Carrion[V1I6kMQQg].exe HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-encoding: br
X-Firefox-Spdy: h2
|
|
| services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US | 54.230.111.129 | | 82 B |
URL services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US IP54.230.111.129:0
Hash4f822d39c269d2c47e3174b6c6bad3b7 d56bd07959c766e9c18faa9cf1070548f9236b65 cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3
GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Thu, 09 May 2024 19:17:16 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: 14ea1f6f803b407b95824733c2eae128
content-security-policy: default-src 'none'; media-src https://videos.cdn.mozilla.net; connect-src 'self' https://*.google-analytics.com; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; form-action 'self'; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; frame-src https://www.recaptcha.net/recaptcha/; font-src 'self' https://addons.mozilla.org/static-server/; object-src 'none'; child-src https://www.recaptcha.net/recaptcha/; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kelVVB7Cdq3flXoz5_xFpBTLZRNIi-wffBxyoiCO9e950KmxTz7plA==
age: 734
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 42 B |
URL aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text Hashf8f24fa0c857d8f2ee493e131b85ab62 cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6 e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f
GET /update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:30 GMT
content-type: text/xml; charset=utf-8
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| getdstudio.org/favicon.ico | 78.46.163.214 | 200 OK | 15 kB |
URL GET HTTP/2getdstudio.org/favicon.ico IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://getdstudio.org/dl/Carrion[V1I6kMQQg].exe CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Hash757db4de13a26a547433bfa48d69d31f d5b8a5e18d6b9f8727f93f9f7249815b81e6b752 6da14f8a185f27867be8f406256cd1c7e80d3708a36cd702c34dc482e0214826
GET /favicon.ico HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getdstudio.org/dl/Carrion[V1I6kMQQg].exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:02 GMT
content-type: image/x-icon
last-modified: Wed, 26 Apr 2023 08:25:21 GMT
vary: Accept-Encoding
etag: W/"6448dff1-3aee"
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-encoding: br
X-Firefox-Spdy: h2
|
|
| getdstudio.org/botd/api.js | 78.46.163.214 | 200 OK | 1.5 kB |
URL GET HTTP/2getdstudio.org/botd/api.js IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://getdstudio.org/dl/Carrion[V1I6kMQQg].exe CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typeJavaScript source, ASCII text, with very long lines (1584), with no line terminators Hasha078461c82578febece04ec869fb9f2a f93824bc49262acd3c511b1e870bf7d8bdebc950 04d420a46f9d3ef43ef21e847ceeb803370c3c57aa1d11aa99fd8a205f9b16a3
GET /botd/api.js HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getdstudio.org/dl/Carrion[V1I6kMQQg].exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:02 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 27 Aug 2023 13:09:16 GMT
vary: Accept-Encoding
etag: W/"64eb4afc-5e8"
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-encoding: br
X-Firefox-Spdy: h2
|
|
| getdstudio.org/favicon.ico | 78.46.163.214 | 200 OK | 15 kB |
URL GET HTTP/2getdstudio.org/favicon.ico IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://getdstudio.org/dl/Carrion[V1I6kMQQg].exe CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typeMS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Hash757db4de13a26a547433bfa48d69d31f d5b8a5e18d6b9f8727f93f9f7249815b81e6b752 6da14f8a185f27867be8f406256cd1c7e80d3708a36cd702c34dc482e0214826
GET /favicon.ico HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getdstudio.org/dl/Carrion[V1I6kMQQg].exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:02 GMT
content-type: image/x-icon
last-modified: Wed, 26 Apr 2023 08:25:21 GMT
vary: Accept-Encoding
etag: W/"6448dff1-3aee"
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-encoding: br
X-Firefox-Spdy: h2
|
|
| getdstudio.org/botd/post.php | 78.46.163.214 | 200 OK | 103 B |
URL POST HTTP/2getdstudio.org/botd/post.php IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://getdstudio.org/dl/Carrion[V1I6kMQQg].exe CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hasheb37f785573b6f2d845714c03ecf62d1 418ba89f1ea96bee8f7ba218f21310d48272579d 81839ed188fb68b263f752d4076ba0541a5b2c66e2901102e0ac2c91089a4fec
POST /botd/post.php HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded;
Content-Length: 74
Origin: https://getdstudio.org
DNT: 1
Connection: keep-alive
Referer: https://getdstudio.org/dl/Carrion[V1I6kMQQg].exe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-encoding: br
X-Firefox-Spdy: h2
|
|
| getdstudio.org/botd/static/challenges.css | 78.46.163.214 | 200 OK | 6.6 kB |
URL GET HTTP/2getdstudio.org/botd/static/challenges.css IP78.46.163.214:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://getdstudio.org/dl/Carrion[V1I6kMQQg].exe CertificateIssuerLet's Encrypt Subjectgetdstudio.org Fingerprint99:4B:F7:80:42:CF:6D:D1:B8:A5:1F:88:19:05:8B:C5:02:F2:86:14 ValidityFri, 19 Apr 2024 03:27:01 GMT - Thu, 18 Jul 2024 03:27:00 GMT
File typeASCII text, with very long lines (6608), with no line terminators Hashf0fd80732479959c893cfd7380f594bd 04111102f46bc02c195561743b3f41b4d5a349ca 704e70fc0fd54cb83a1100d48093680b73e0d3c45a32dc326c38355185aaf37f
GET /botd/static/challenges.css HTTP/1.1
Host: getdstudio.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getdstudio.org/dl/Carrion[V1I6kMQQg].exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:29:02 GMT
content-type: text/css
last-modified: Sun, 27 Aug 2023 10:50:10 GMT
vary: Accept-Encoding
etag: W/"64eb2a62-19c8"
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-encoding: br
X-Firefox-Spdy: h2
|
|