| tj.shwswl.cn/3dm_cjzg.exe?auth_key=1685451059-0-0-2d79bf4f945496276373b0467100949f | 14.29.101.169 | | 35 MB |
URL tj.shwswl.cn/3dm_cjzg.exe?auth_key=1685451059-0-0-2d79bf4f945496276373b0467100949f IP14.29.101.169:0
File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections Size35 MB (35082864 bytes) Hash946470dd80f2707b21fa4208aa7dda77 d7e777494ac6e9588f27be64483809526e14c390 92b1e1051f22ade13dad39e6b114bdaeb9c3fd9ae962a54d7ec96126ee85b560
Analyzer | Verdict | Alert | VirusTotal | malicious | |
GET /3dm_cjzg.exe?auth_key=1685451059-0-0-2d79bf4f945496276373b0467100949f HTTP/1.1
Host: tj.shwswl.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 08:22:32 GMT
content-type: application/octet-stream
content-length: 35082864
last-modified: Fri, 15 Jan 2021 07:17:55 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
accept-ranges: bytes
cache-control: max-age=86400
ctl-cache-status: HIT from hb-wuhan9-ca01, HIT from gd-guangzhou8-ca01
request-id: 6639e4c8645b19d77c671366c522928b
etag: "600141a3-2175270"
age: 16028
X-Firefox-Spdy: h2
|
| services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US | 54.230.111.63 | | 82 B |
URL services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US IP54.230.111.63:0
Hash4f822d39c269d2c47e3174b6c6bad3b7 d56bd07959c766e9c18faa9cf1070548f9236b65 cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3
GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Tue, 07 May 2024 08:03:57 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: 02e92a02defe4524b9a515be06d5ff7b
content-security-policy: connect-src 'self' https://*.google-analytics.com; font-src 'self' https://addons.mozilla.org/static-server/; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; form-action 'self'; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; default-src 'none'; child-src https://www.recaptcha.net/recaptcha/; frame-src https://www.recaptcha.net/recaptcha/; object-src 'none'; media-src https://videos.cdn.mozilla.net; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Dd3wbZCxHRCrVx88YgeQdh4RP9SnKJddzJfMeUsw1ew6dlqyZey4Qw==
age: 1142
X-Firefox-Spdy: h2
|
| aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 42 B |
URL aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text Hashf8f24fa0c857d8f2ee493e131b85ab62 cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6 e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f
GET /update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
via: 1.1 google
date: Tue, 07 May 2024 08:21:39 GMT
content-type: text/xml; charset=utf-8
age: 80
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|