| nicolascoolman.eu/wp-updates/ZHPFix2.exe | 109.234.162.18 | 301 Moved Permanently | 0 B |
URL User Request GET HTTP/2nicolascoolman.eu/wp-updates/ZHPFix2.exe IP109.234.162.18:443
CertificateIssuerLet's Encrypt Subjectnicolascoolman.eu FingerprintFF:94:39:97:48:68:5A:32:87:29:3E:C1:A9:1A:16:05:95:6F:17:9B ValidityThu, 14 Mar 2024 09:14:17 GMT - Wed, 12 Jun 2024 09:14:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-updates/ZHPFix2.exe HTTP/1.1
Host: nicolascoolman.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Tue, 07 May 2024 21:50:31 GMT
content-type: text/html; charset=UTF-8
content-length: 0
expires: Tue, 07 May 2024 22:50:31 GMT
cache-control: max-age=3600
x-redirect-by: redirection
set-cookie: __wpdm_client=c11170dca089cc3d7eb6d01a7f1a1068; path=/; domain=nicolascoolman.eu; secure; HttpOnly
strEtLUhgdbbx_session_activity=0; expires=Tue, 07-May-2024 22:50:31 GMT; Max-Age=3600; path=/
strEtLUhgdbbx_tracking_activity=1715118631; expires=Wed, 07-May-2025 21:50:31 GMT; Max-Age=31536000; path=/
strEtLUhgdbbx_online_activity=3344-1715118631-1405; expires=Tue, 07-May-2024 21:53:31 GMT; Max-Age=180; path=/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
location: /wp-content/uploads/wp-updates/ZHPFix2.exe
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
server: o2switch-PowerBoost-v3
X-Firefox-Spdy: h2
|
| nicolascoolman.eu/wp-content/uploads/wp-updates/ZHPFix2.exe | 109.234.162.18 | 200 OK | 1.8 MB |
URL User Request GET HTTP/2nicolascoolman.eu/wp-content/uploads/wp-updates/ZHPFix2.exe IP109.234.162.18:443
CertificateIssuerLet's Encrypt Subjectnicolascoolman.eu FingerprintFF:94:39:97:48:68:5A:32:87:29:3E:C1:A9:1A:16:05:95:6F:17:9B ValidityThu, 14 Mar 2024 09:14:17 GMT - Wed, 12 Jun 2024 09:14:16 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Size1.8 MB (1772744 bytes) Hashd2389821330d3d12ea0e6ceacf8283dd 3f0a37d220e444d6c8d2f16a1081860642922112 ec141a06354610bf5cdc385b3bd6d019701e65322022432662cf6e5fb7c43498
Analyzer | Verdict | Alert | Public InfoSec YARA rules | malware | Identifies compiled AutoIT script (as EXE). | VirusTotal | suspicious | |
GET /wp-content/uploads/wp-updates/ZHPFix2.exe HTTP/1.1
Host: nicolascoolman.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __wpdm_client=c11170dca089cc3d7eb6d01a7f1a1068; strEtLUhgdbbx_session_activity=0; strEtLUhgdbbx_tracking_activity=1715118631; strEtLUhgdbbx_online_activity=3344-1715118631-1405
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 21:50:31 GMT
content-type: application/x-msdownload
content-length: 1772744
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
last-modified: Wed, 29 Mar 2023 20:28:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: null
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
x-content-security-policy: img-src *; media-src * data:;
x-permitted-cross-domain-policies: none
cache-control: public
server: o2switch-PowerBoost-v3
accept-ranges: bytes
X-Firefox-Spdy: h2
|