| download.cyberghostvpn.com/windows/CyberGhostVPNSetup.exe |  104.20.1.14 | 200 OK | 130 kB |
URL User Request GET HTTP/2download.cyberghostvpn.com/windows/CyberGhostVPNSetup.exe IP104.20.1.14:443
CertificateIssuerGoDaddy.com, Inc. Subject*.cyberghostvpn.com Fingerprint1C:40:EE:F5:16:6A:7F:1D:14:9E:95:0C:1A:00:13:0D:04:B9:05:0A ValidityMon, 08 Jan 2024 08:42:14 GMT - Wed, 08 Jan 2025 08:42:14 GMT
File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections Size130 kB (130264 bytes) Hashfd093f3100a56b710c50d41667da7e2b 5ec9063e4380f642d2a551da76fd4d3f00fd4c96 f6dfae75fd23c0446ec1721994cf2530c66bd76366423176414747b39153bf58
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
GET /windows/CyberGhostVPNSetup.exe HTTP/1.1
Host: download.cyberghostvpn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 20 Apr 2024 15:40:49 GMT
content-type: application/x-msdownload
content-length: 130264
x-amz-id-2: 1ipuLJEsCzztwU51caNtluTD3hjqInB4H0Yp2XxIwhbVAcNc6CavnRvb6AqdWpL8FbocEkEF2eE=
x-amz-request-id: 59W047YKXPV36SR9
last-modified: Mon, 13 Nov 2023 09:29:09 GMT
etag: "fd093f3100a56b710c50d41667da7e2b"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
cf-cache-status: HIT
age: 941361
expires: Sun, 20 Apr 2025 15:40:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
set-cookie: _cfuvid=fbtViC1eQOC2.JpjllxtQgSS6WPOJmdGP3AulS5o8.Y-1713627649053-0.0.1.1-604800000; path=/; domain=.cyberghostvpn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87763c2688797130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| indir.gezginler.net/i/13054/31333035345f323032342d30342d3230/ | 104.26.2.149 | 302 Found | 130 kB |
URL User Request GET HTTP/2indir.gezginler.net/i/13054/31333035345f323032342d30342d3230/ IP104.26.2.149:443
CertificateIssuerGoogle Trust Services LLC Subjectgezginler.net Fingerprint45:E5:29:45:A0:E1:3E:53:E2:B1:61:88:99:F0:F4:0D:5D:F5:B8:FF ValiditySat, 09 Mar 2024 03:30:36 GMT - Fri, 07 Jun 2024 04:28:26 GMT
Size130 kB (130264 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i/13054/31333035345f323032342d30342d3230/ HTTP/1.1
Host: indir.gezginler.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 20 Apr 2024 15:40:49 GMT
content-type: text/html; charset=UTF-8
location: https://download.cyberghostvpn.com/windows/CyberGhostVPNSetup.exe
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVBEu5dHn4gI1965Kt%2FzzMChiTZu8wAeTyUtENy6sUxlEtRMO4T5zb%2BB4YfoCagQbAoeJ%2BcIrgkl1m1SeK6jdHwlzdNuS8xvvpQbMe5Oc%2FzI4acvi5dpTSPM7Ql7sWBr31kyjd4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87763c255f0756c0-OSL
X-Firefox-Spdy: h2
|