IP 104.18.15.101:0
Hash634821758833625857c13bb16934fc2e 67b4a01580e62f774e7bc237bcad7bcdf6ab86b5 f61c79e94b9a45eb9b36e184894fedea51861b7a57cfbeaea7c809e1c7dbd3a8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 22:19:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 00:32:26 GMT
Expires: Sun, 04 Jun 2023 00:32:25 GMT
Etag: "67b4a01580e62f774e7bc237bcad7bcdf6ab86b5"
Cache-Control: max-age=527378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce9e0f02c7efac4-OSL
|
IP104.18.15.101:0
Hash634821758833625857c13bb16934fc2e 67b4a01580e62f774e7bc237bcad7bcdf6ab86b5 f61c79e94b9a45eb9b36e184894fedea51861b7a57cfbeaea7c809e1c7dbd3a8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 22:19:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 00:32:26 GMT
Expires: Sun, 04 Jun 2023 00:32:25 GMT
Etag: "67b4a01580e62f774e7bc237bcad7bcdf6ab86b5"
Cache-Control: max-age=527033,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce9e0f2afe3b527-OSL
|
| 42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_f3d9daf50a344b69b9d9f3bd759f99aa.txt |  34.102.176.152 | 200 OK | 31 MB |
URL User Request GET HTTP/242502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com/ugd/42502d_f3d9daf50a344b69b9d9f3bd759f99aa.txt IP34.102.176.152:443
CertificateIssuerSectigo Limited Subject*.usrfiles.com FingerprintA4:13:5D:EA:AC:2A:0C:0F:5B:A1:EA:A5:61:47:45:B1:E4:B3:D3:78 ValiditySat, 25 Feb 2023 00:00:00 GMT - Thu, 24 Aug 2023 23:59:59 GMT
File typePE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows\012- data Size31 MB (31137280 bytes) Hash1b9b394f8d9e7e56c9606667cdc4bc87 fd2d8bc2574b3018a99557fafc4fadd544fd1c17 dd72a7eebdd2d1cfabf430288d452fccfb90acc4d6956aa36194a35e9585b2c8
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | VirusTotal | 51/71 | |
GET /ugd/42502d_f3d9daf50a344b69b9d9f3bd759f99aa.txt HTTP/1.1
Host: 42502d2a-e7ed-4a16-9f11-33ffe6c54021.usrfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Sun, 28 May 2023 22:19:21 GMT
content-type: text/plain
content-length: 31137280
expires: Sun, 28 May 2023 23:19:21 GMT
cache-control: public, max-age=15552000, immutable
last-modified: Sun, 18 Sep 2022 18:06:17 GMT
etag: "1b9b394f8d9e7e56c9606667cdc4bc87"
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
timing-allow-origin: *
x-seen-by: gcp.us-central-1.media-router-84588bb8-64rks
x-robots-tag: noindex, nofollow
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|