IP210.74.41.123:0 ASN#58866 China Financial Certification Authority
Hash35d6b1556017bc0ea23949df738b663f 4498aa21b6f5d269aaae3f51ffb709aee67385ed 4f2d56c3dd11712b2b3444eb0d31710a1af51cd5585e4f2d2ef7277884bca621
POST /ocsp HTTP/1.1
Host: ocsp.cfca.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: sslgw
Date: Wed, 08 May 2024 10:39:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1487
Connection: keep-alive
Content-transfer-encoding: binary
ETag: "4498aa21b6f5d269aaae3f51ffb709aee67385ed"
last-modified: Wed, 08 May 2024 08:03:00 GMT
expires: Thu, 09 May 2024 12:03:00 GMT
cache-control: public, no-transform, must-revalidate
|
| www.hxb.com.cn/chinese/upload/HXB_B2B_Ast.exe | 163.181.157.120 | 200 OK | 5.4 MB |
URL User Request GET HTTP/1.1www.hxb.com.cn/chinese/upload/HXB_B2B_Ast.exe IP163.181.157.120:443 ASN#24429 Zhejiang Taobao Network Co.,Ltd
CertificateIssuerChina Financial Certification Authority Subjectwww.hxb.com.cn FingerprintD4:20:01:FE:03:41:E6:DD:F5:BC:13:FC:7D:7E:A9:A6:F6:B9:AD:D9 ValiditySat, 23 Mar 2024 10:24:42 GMT - Fri, 11 Apr 2025 07:56:32 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Size5.4 MB (5434864 bytes) Hashc9ec640c466dc36363fe0fa23a9b7734 2e54120c47d94669d2093581a768f734393b32a0 9e5dc8a67a921c30f76ab5ae96b4ff589e6d7a5d83d615721855c78fda8e0665
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | Detect files is `SliverFox` malware | VirusTotal | suspicious | |
GET /chinese/upload/HXB_B2B_Ast.exe HTTP/1.1
Host: www.hxb.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/octet-stream
Content-Length: 5434864
Connection: keep-alive
Set-Cookie: acw_tc=a3b5839e17151647698007697eaf8d1ccff0eaceb30842b40c3a635ffb;path=/;HttpOnly;Max-Age=3600
cdn_sec_tc=a3b5839e17151647698007697eaf8d1ccff0eaceb30842b40c3a635ffb;path=/;HttpOnly;Max-Age=3600
HttpOnly;Secure;
BIGipServerpool_hxb_web_8080=!kjpt/qw3CF7fd8au/o4Shj9p/fG6Uz3PvPFTjaSmQeQr0xUKALREGlAuzM4lyP9eVpUiyO5BtVMtMjg=; path=/; Secure
Date: Wed, 08 May 2024 10:39:30 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN, DENY
Last-Modified: Thu, 19 Sep 2019 07:22:33 GMT
ETag: "52edf0-592e2d1339977"
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://www.hxb.com.cn
X-XSS-Protection: 1; mode=block
Content-Security-Policy: require-sri-for 'script';require-sri-for 'style';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=3600;includeSubDomains;
Referer-Policy: origin;
X-Permitted-Cross-Domain-Policies: master-only;
X-Download-Options: noopen;
Via: 1.1 ID-0314217205453702 uproxy-6, cache26.l2de2[746,746,200-0,M], cache15.l2de2[747,0], ens-cache8.de7[760,759,200-0,M], ens-cache10.de7[761,0]
Ali-Swift-Global-Savetime: 1715164770
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 08 May 2024 10:39:30 GMT
X-Swift-CacheTime: 604800
Timing-Allow-Origin: *
EagleId: a3b5839e17151647698007697e
|