GET download.edrawsoft.com/edrawmax_full9479.exe?_gl=1*b185a8*_gcl_aw*R0NMLjE2MjQ0MjkwMjYuQ2owS0NRandsTWFHQmhEM0FSSXNBUHZXZDZoS2VaS21aUjlhY2JkcllfSDFCS3lBSlhPRzdzZDdPTWVTSzdXb3NjbDgtS1I0dmdfUENtZ2FBcTFNRUFMd193Y0I.&_ga=2.268000206.1133085704.1624428717-1491010331.1624428717&_gac=1.61339358.1624429026.Cj0KCQjwlMaGBhD3ARIsAPvWd6hKeZKmZR9acbdrY_H1BKyAJXOG7sd7OMeSK7Woscl8-KR4vg_PCmgaAq1MEALw_wcB
302 Moved Temporarily 0 B URL User Request GET HTTP/1.1 download.edrawsoft.com/edrawmax_full9479.exe?_gl=1*b185a8*_gcl_aw*R0NMLjE2MjQ0MjkwMjYuQ2owS0NRandsTWFHQmhEM0FSSXNBUHZXZDZoS2VaS21aUjlhY2JkcllfSDFCS3lBSlhPRzdzZDdPTWVTSzdXb3NjbDgtS1I0dmdfUENtZ2FBcTFNRUFMd193Y0I.&_ga=2.268000206.1133085704.1624428717-1491010331.1624428717&_gac=1.61339358.1624429026.Cj0KCQjwlMaGBhD3ARIsAPvWd6hKeZKmZR9acbdrY_H1BKyAJXOG7sd7OMeSK7Woscl8-KR4vg_PCmgaAq1MEALw_wcB
IP
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectdownload.wondershare.net
Fingerprint24:27:CC:BB:2F:56:63:DC:93:47:40:6A:29:3F:C2:8E:14:7B:B9:87
ValidityTue, 18 Apr 2023 00:00:00 GMT - Thu, 18 Apr 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /edrawmax_full9479.exe?_gl=1*b185a8*_gcl_aw*R0NMLjE2MjQ0MjkwMjYuQ2owS0NRandsTWFHQmhEM0FSSXNBUHZXZDZoS2VaS21aUjlhY2JkcllfSDFCS3lBSlhPRzdzZDdPTWVTSzdXb3NjbDgtS1I0dmdfUENtZ2FBcTFNRUFMd193Y0I.&_ga=2.268000206.1133085704.1624428717-1491010331.1624428717&_gac=1.61339358.1624429026.Cj0KCQjwlMaGBhD3ARIsAPvWd6hKeZKmZR9acbdrY_H1BKyAJXOG7sd7OMeSK7Woscl8-KR4vg_PCmgaAq1MEALw_wcB HTTP/1.1
Host: download.edrawsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: Tengine
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Location: https://cbs.edrawsoft.com/go.php?track=download_start&name=edrawmax_full9479&pid=9479&back_url=https%3A%2F%2Fdownload.edrawsoft.com%2Finst%2Fedrawmax_setup_full9479.exe
X-Powered-By: akamai
Cache-Control: max-age=7776000
Expires: Tue, 12 Dec 2023 00:36:52 GMT
Date: Wed, 13 Sep 2023 00:36:52 GMT
Connection: keep-alive
GET cbs.edrawsoft.com/go.php?track=download_start&name=edrawmax_full9479&pid=9479&back_url=https%3A%2F%2Fdownload.edrawsoft.com%2Finst%2Fedrawmax_setup_full9479.exe
302 Found 0 B URL User Request GET HTTP/2 cbs.edrawsoft.com/go.php?track=download_start&name=edrawmax_full9479&pid=9479&back_url=https%3A%2F%2Fdownload.edrawsoft.com%2Finst%2Fedrawmax_setup_full9479.exe
IP
ASN #45102 Alibaba US Technology Co., Ltd.
Certificate IssuerDigiCert, Inc.
Subject*.edrawsoft.com
Fingerprint70:AB:EB:53:86:A5:F9:FB:75:91:B5:58:77:68:3B:01:6E:88:89:4D
ValidityMon, 15 May 2023 00:00:00 GMT - Thu, 13 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go.php?track=download_start&name=edrawmax_full9479&pid=9479&back_url=https%3A%2F%2Fdownload.edrawsoft.com%2Finst%2Fedrawmax_setup_full9479.exe HTTP/1.1
Host: cbs.edrawsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 13 Sep 2023 00:36:52 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://download.edrawsoft.com/inst/edrawmax_setup_full9479.exe
pragma: no-cache
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: PHPSESSID=a706994d23fd5fcf4cc69d38980cf9b6; path=/
ws_download=usage_23_1694565412761826484; expires=Fri, 22-Jul-2033 00:36:52 GMT; Max-Age=311040000; path=/; domain=edrawsoft.com
ws_download=usage_23_1694565412761826484; expires=Fri, 22-Jul-2033 00:36:52 GMT; Max-Age=311040000; path=/; domain=edrawsoft.com
download_type_9479=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=edrawsoft.com
download_type_9479=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=edrawsoft.com
download_id_9479=usage_23_1694565412761828871; expires=Fri, 22-Jul-2033 00:36:52 GMT; Max-Age=311040000; path=/; domain=edrawsoft.com
download_id_9479=usage_23_1694565412761828871; expires=Fri, 22-Jul-2033 00:36:52 GMT; Max-Age=311040000; path=/; domain=edrawsoft.com
track_id_9479=usage_23_1694565412761825612; expires=Tue, 02-Sep-2025 00:36:52 GMT; Max-Age=62208000; path=/; domain=edrawsoft.com
track_id_9479=usage_23_1694565412761825612; expires=Tue, 02-Sep-2025 00:36:52 GMT; Max-Age=62208000; path=/; domain=edrawsoft.com
cache-control: max-age=5184000
expires: Sun, 12 Nov 2023 00:36:52 GMT
last-modified: Wed, 13 Sep 2023 00:36:52 GMT
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
IP
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectdownload.wondershare.net
Fingerprint24:27:CC:BB:2F:56:63:DC:93:47:40:6A:29:3F:C2:8E:14:7B:B9:87
ValidityTue, 18 Apr 2023 00:00:00 GMT - Thu, 18 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash a208d3371f139b54e9ab9c9d3bf2403b
055b2b0bfa684ec610aa75a12af397ffa5e13169
a5c4c3a5c8545790b862f43267420372a57ba2d6ad10747702b3a9f494c866cc
GET / HTTP/1.1
Host: download.edrawsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: text/html
Last-Modified: Wed, 09 Mar 2022 03:39:18 GMT
ETag: "62282166-319"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 474
Cache-Control: max-age=6718038
Expires: Wed, 29 Nov 2023 18:44:12 GMT
Date: Wed, 13 Sep 2023 00:36:54 GMT
Connection: keep-alive
Vary: Accept-Encoding
GET download.edrawsoft.com/inst/edrawmax_setup_full9479.exe
1.8 MB URL User Request GET download.edrawsoft.com/inst/edrawmax_setup_full9479.exe
IP
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectdownload.wondershare.net
Fingerprint24:27:CC:BB:2F:56:63:DC:93:47:40:6A:29:3F:C2:8E:14:7B:B9:87
ValidityTue, 18 Apr 2023 00:00:00 GMT - Thu, 18 Apr 2024 23:59:59 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size 1.8 MB (1788408 bytes)
Hash 65079245782f17c67feb88fcd2950048
e650a7531d1e027c368a2ed64bb050929b549e0c
0c5755b3f40485be747fe16bad49a64be7dea3e85a4ae9111fff50da8cb19c78
Analyzer Verdict Alert VirusTotal suspicious
NIDS Severity Alert suricata high ET POLICY PE EXE or DLL Windows file download HTTP
GET /inst/edrawmax_setup_full9479.exe HTTP/1.1
Host: download.edrawsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: ws_download=usage_23_1694565412761826484; download_id_9479=usage_23_1694565412761828871; track_id_9479=usage_23_1694565412761825612
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/octet-stream
Content-Length: 1788408
Last-Modified: Tue, 08 Nov 2022 04:48:11 GMT
ETag: "6369df8b-1b49f8"
Accept-Ranges: bytes
Cache-Control: max-age=7776000
Expires: Tue, 12 Dec 2023 00:36:55 GMT
Date: Wed, 13 Sep 2023 00:36:55 GMT
Connection: keep-alive
23.36.76.210
8.209.73.211