IP140.207.198.246:0 ASN#17621 China Unicom Shanghai network
Hashd267ecf92d04ddcd337d3f07d2a53d77 0b33fa7a253cdc8e842b317a44029c8872644241 8a00dbb001c06d7e9914b2446ca098cd505112f5c2e41494525da56854e53745
POST / HTTP/1.1
Host: ocsp.crlocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.9.14
Date: Sat, 11 May 2024 02:09:06 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Content-Transfer-Encoding: Binary
Last-modified: Thu, 09 May 2024 23:34:26 GMT
Expires: Thu, 16 May 2024 23:34:25 GMT
ETag: "0B33FA7A253CDC8E842B317A44029C8872644241"
cache-control: max-age=172800,public,no-transform,must-revalidate
|
| redirect.wggames.cn/WGC/360_Wargaming_Game_Center_Install_WOWS_CN.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061 | 8.133.125.31 | 302 Moved Temporarily | 138 B |
URL User Request GET HTTP/1.1redirect.wggames.cn/WGC/360_Wargaming_Game_Center_Install_WOWS_CN.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061 IP8.133.125.31:443 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerWoTrus CA Limited Subject*.wggames.cn Fingerprint79:41:CA:52:63:55:DA:8C:8A:CB:9E:F4:7E:1D:D0:9D:CB:8B:86:35 ValidityMon, 18 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /WGC/360_Wargaming_Game_Center_Install_WOWS_CN.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061 HTTP/1.1
Host: redirect.wggames.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 11 May 2024 02:09:07 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://qgcdl.qihucdn.com/wg/qgc360/prod/wgc_24.01.00.5433_cn/world_of_warships_install_cn.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061
|
IP8.133.125.31:0 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerWoTrus CA Limited Subject*.wggames.cn Fingerprint79:41:CA:52:63:55:DA:8C:8A:CB:9E:F4:7E:1D:D0:9D:CB:8B:86:35 ValidityMon, 18 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File typeHTML document, ASCII text Hashe3eb0a1df437f3f97a64aca5952c8ea0 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521
NIDS | Severity | Alert | suricata | medium | ET INFO Unconfigured nginx Access | suricata | medium | ET INFO Unconfigured nginx Access |
GET / HTTP/1.1
Host: redirect.wggames.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 11 May 2024 02:09:08 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 08 Jun 2020 13:25:31 GMT
Connection: keep-alive
ETag: "5ede3c4b-264"
Accept-Ranges: bytes
|
| qgcdl.qihucdn.com/wg/qgc360/prod/wgc_24.01.00.5433_cn/world_of_warships_install_cn.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061 | 61.170.79.223 | | 24 MB |
URL User Request GET qgcdl.qihucdn.com/wg/qgc360/prod/wgc_24.01.00.5433_cn/world_of_warships_install_cn.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061 IP61.170.79.223:0 ASN#4812 China Telecom Group
File typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 10 sections Size24 MB (23514456 bytes) Hash1010f510711fbf01cdd70d792923c5e8 f485fccad8c4be585765fd8e318534f6dc15e426 f6b95c4d47a62a23ebbe9c4b389299e805f04506d20ad571223ee14fbd332f8e
NIDS | Severity | Alert | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | low | ET INFO EXE - Served Attached HTTP | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | low | ET INFO EXE - Served Attached HTTP |
GET /wg/qgc360/prod/wgc_24.01.00.5433_cn/world_of_warships_install_cn.exe?website=1&pub_id=wows_baidu2_key_0061&xid=baidu/baidu2-sem///0061&sid=SIDnbPRKmJ5yopcqAuDe_ObcoyIN7h9ywdadQAj7lb5xBTaOs6y7ELwmAg2p5OPbk4jZLo1hmd3Hsz-0FRLToFNjyzo31PFo6oAK-92ZVOBa9b0onRJdXfxwD68bHJhycAaLvTQrdYJ4Uy6HQ&enctid=cckdmzkds96k&lpsn=+wows-wggames-cn-ddy12-html-website-1&foris=1&teclient=1625404022381616316&utm_source=sem_brand&utm_medium=sem&utm_campaign=5ga9y1tv&utm_content=wows_baidu2_key_0061 HTTP/1.1
Host: qgcdl.qihucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/octet-stream
Content-Length: 23514456
Connection: keep-alive
Date: Wed, 08 May 2024 04:01:35 GMT
Last-Modified: Wed, 10 Apr 2024 14:53:21 GMT
Expires: Fri, 07 Jun 2024 04:01:35 GMT
Cache-Control: max-age=2592000
Content-Disposition: attachment;filename=world_of_warships_install_cn_cckdmzkds96k.exe
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1715140895
Via: cache26.l2cn3160[0,16,200-0,H], cache74.l2cn3160[18,0], ens-cache9.cn6011[0,6,200-0,H], ens-cache28.cn6011[8,0]
Age: 252454
X-Cache: HIT TCP_HIT dirn:10:380637677
X-Swift-SaveTime: Sat, 11 May 2024 00:13:19 GMT
X-Swift-CacheTime: 2346496
Timing-Allow-Origin: *
EagleId: 3daa4f3017153933491203435e
|