IP 47.246.3.19:0
ASN#24429 Zhejiang Taobao Network Co.,Ltd
Hashe28c4f07e6c3a4558990a384adfbec3e acea3d13b3ecdd610d471d4c5c4ede683c601cd7 b94fd81c0fb6cddf745490e3ac68a6c877eb768b4278f0af5639a4801e6c3169
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 00:53:33 GMT
Ali-Swift-Global-Savetime: 1713315213
Via: cache37.l2fr1[231,231,200-0,M], cache37.l2fr1[232,0], cache9.ru4[289,288,200-0,M], cache9.ru4[290,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 17 Apr 2024 00:53:33 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039d17133152133148979e
|
| fs-im-kefu.7moor-fs1.com/29397395/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1689167714192/1.txt |  175.6.201.100 | 200 OK | 57 kB |
URL User Request GET HTTP/2fs-im-kefu.7moor-fs1.com/29397395/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1689167714192/1.txt IP175.6.201.100:443
CertificateIssuerTrustAsia Technologies, Inc. Subject*.7moor.com FingerprintB1:79:FC:E2:23:EA:76:67:61:95:D3:5C:E1:46:39:27:B7:D2:0D:58 ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Hash66b31907f6055af0dfc34e5bd1de421f d431e3256b8a59a7d129631a8ae2228c59d4db86 f919630a088fa2a533c1b55ad752a9e04a77c3f979e548678b20e5170127b38d
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | meth_stackstrings | | VirusTotal | malicious | |
GET /29397395/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1689167714192/1.txt HTTP/1.1
Host: fs-im-kefu.7moor-fs1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Byte-nginx
content-type: text/plain
content-length: 56730
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
age: 2185738
cache-control: public, max-age=31536000
content-disposition: inline; filename="1.txt"; filename*=utf-8''1.txt
content-encoding: gzip
content-md5: ZrMZB/YFWvDfw05b0d5CHw==
content-transfer-encoding: binary
etag: "FtQx4yVrilmn0SljGoriIoxZ1NuG.gz"
last-modified: Wed, 12 Jul 2023 13:15:14 GMT
vary: Accept-Encoding
via: cache67.sdqdmp,cache04.hyct
x-bdcdn-cache-status: TCP_MISS,TCP_HIT
x-log: X-Log
x-m-log: QNM:jjh3247;SRCPROXY:jjh3253;SRC:7/304;SRCPROXY:7/304;QNM3:8/304
x-m-reqid: OIEAACjgeCYxJ78X
x-qiniu-zone: 0
x-qnm-cache: Miss
x-reqid: f34AAADdqCUxJ78X
x-request-id: 5352bea0d5f25c8df8b34c4e4934e9f2
x-request-ip: 91.90.42.154
x-response-cache: parent_hit
x-response-cinfo: 91.90.42.154
x-svr: IO
x-tt-trace-tag: id=5
date: Wed, 17 Apr 2024 00:53:33 GMT
X-Firefox-Spdy: h2
|
| fs-im-kefu.7moor-fs1.com/favicon.ico | 175.6.201.100 | 404 Not Found | 30 B |
URL GET HTTP/2fs-im-kefu.7moor-fs1.com/favicon.ico IP175.6.201.100:443
Requested byhttps://fs-im-kefu.7moor-fs1.com/29397395/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1689167714192/1.txt CertificateIssuerTrustAsia Technologies, Inc. Subject*.7moor.com FingerprintB1:79:FC:E2:23:EA:76:67:61:95:D3:5C:E1:46:39:27:B7:D2:0D:58 ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
Hashdae2f3dd9baf239b45dd8bc1408e67de 5e415fd3ee90548957bb73ce748eca52a65a01b3 63f167d2adce5d2b33fc90c8a437615e605ac1ab3dd8b6e028dbc502da3b663e
GET /favicon.ico HTTP/1.1
Host: fs-im-kefu.7moor-fs1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fs-im-kefu.7moor-fs1.com/29397395/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1689167714192/1.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: Byte-nginx
content-type: application/json
content-length: 30
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
date: Wed, 17 Apr 2024 00:53:34 GMT
via: cache52.tzmp,cache04.hyct
x-bdcdn-cache-status: TCP_MISS,TCP_MISS
x-log: X-Log
x-m-log: QNM:jjh3238;SRCPROXY:jjh3253;SRC:5/404;SRCPROXY:5/404;QNM3:6/404
x-m-reqid: aj8AACukvTcc68YX
x-qnm-cache: Miss
x-reqid: H0wAAADB7zcc68YX
x-request-id: 7841f984a40c34fe86eec25dc52298af
x-request-ip: 91.90.42.154
x-response-cache: miss
x-response-cinfo: 91.90.42.154
x-svr: IO
x-tt-trace-tag: id=5
X-Firefox-Spdy: h2
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=7FUe-DYeBj0UmRJGcESMvhKjzODAM0jMzo6ramLn7rUB9ObR7anfdMxLRwbyPYK6OEpOcKUt8ET_hgRNfp8r8JhbXA4q1TPgR-BzDfDeRrzdmfbFTtCJ2XroLfG9EAfc
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
content-length: 444
date: Wed, 17 Apr 2024 00:53:01 GMT
age: 50
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|