| www.maxqda.de/updates/MAXQDA11_Setup.exe | 87.106.126.119 | 301 Moved Permanently | 324 B |
URL User Request GET HTTP/2www.maxqda.de/updates/MAXQDA11_Setup.exe IP87.106.126.119:443
CertificateIssuerLet's Encrypt Subjectmaxqda.de FingerprintF5:01:49:00:9F:69:E7:F0:36:23:75:DB:C6:0D:92:53:9B:9B:D9:95 ValiditySat, 16 Mar 2024 19:29:56 GMT - Fri, 14 Jun 2024 19:29:55 GMT
File typeHTML document, ASCII text Hash69ea9f446a339dfaeb3af2ce34eaeda8 0905059f04703de465beca806001c65eadcf3e37 59816b792b2f79eecf34020a9420515b5ae801b423b3128498f05f2ebc419e6f
GET /updates/MAXQDA11_Setup.exe HTTP/1.1
Host: www.maxqda.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 09 May 2024 01:30:04 GMT
content-type: text/html; charset=iso-8859-1
content-length: 324
x-frame-options: SAMEORIGIN
location: https://www.maxqda.com/de/updates/MAXQDA11_Setup.exe
x-powered-by: PleskLin
X-Firefox-Spdy: h2
|
| www.maxqda.com/de/updates/MAXQDA11_Setup.exe | 87.106.126.119 | 302 Found | 302 B |
URL User Request GET HTTP/2www.maxqda.com/de/updates/MAXQDA11_Setup.exe IP87.106.126.119:443
CertificateIssuerLet's Encrypt Subjectmaxqda.com Fingerprint7D:E6:1A:D7:59:21:5C:CE:D6:F7:3A:F7:78:63:58:A7:65:0C:90:39 ValidityTue, 12 Mar 2024 07:25:42 GMT - Mon, 10 Jun 2024 07:25:41 GMT
File typeHTML document, ASCII text Hash8675dbf80aa4baadeddb9187d397b05a db08f7160f78a34b030ba74aceffda1943012389 7c68a4ad1bdc19397c8976277908ae4d970af3daf1bba112bf861a0d9400f2f8
GET /de/updates/MAXQDA11_Setup.exe HTTP/1.1
Host: www.maxqda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Thu, 09 May 2024 01:30:04 GMT
content-type: text/html; charset=iso-8859-1
content-length: 302
x-frame-options: SAMEORIGIN
location: https://www.maxqda.com/_updates/11/MAXQDA11_Setup.exe
x-powered-by: PleskLin
X-Firefox-Spdy: h2
|
| www.maxqda.com/_updates/11/MAXQDA11_Setup.exe | 87.106.126.119 | 200 OK | 786 kB |
URL User Request GET HTTP/2www.maxqda.com/_updates/11/MAXQDA11_Setup.exe IP87.106.126.119:443
CertificateIssuerLet's Encrypt Subjectmaxqda.com Fingerprint7D:E6:1A:D7:59:21:5C:CE:D6:F7:3A:F7:78:63:58:A7:65:0C:90:39 ValidityTue, 12 Mar 2024 07:25:42 GMT - Mon, 10 Jun 2024 07:25:41 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections Size786 kB (786432 bytes) Hashfa3c9078b8976d6c420c3926c245ea26 198cdcb485ed3e9955868e033055f95839017d5a 94ae6c48a0979ae246496087ff874fdb049b3a74435b0ecb18559c007f4823aa
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | Detect files is `SliverFox` malware |
GET /_updates/11/MAXQDA11_Setup.exe HTTP/1.1
Host: www.maxqda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 01:30:04 GMT
content-type: application/x-msdownload
content-length: 87736600
last-modified: Tue, 12 Mar 2024 06:33:43 GMT
etag: "65eff747-53ac118"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
|