IP 104.18.38.66:0
Hash9b2deaaccf34ac1887a081dc22300c4d 44cb106143c391c9f30dd092ecf0e7caf5c77ed7 704d0e5ba085e7228b11391e81c18d5649ab485b8b65877d5f1407778397a514
POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 00:29:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 26 Nov 2023 18:12:59 GMT
Expires: Sun, 03 Dec 2023 18:12:58 GMT
Etag: "44cb106143c391c9f30dd092ecf0e7caf5c77ed7"
Cache-Control: max-age=496551,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82ce7f5e8e6756a8-OSL
|
IP104.18.38.66:0
Hash9b2deaaccf34ac1887a081dc22300c4d 44cb106143c391c9f30dd092ecf0e7caf5c77ed7 704d0e5ba085e7228b11391e81c18d5649ab485b8b65877d5f1407778397a514
POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 00:29:37 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 26 Nov 2023 18:12:59 GMT
Expires: Sun, 03 Dec 2023 18:12:58 GMT
Etag: "44cb106143c391c9f30dd092ecf0e7caf5c77ed7"
Cache-Control: max-age=496346,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82ce7f5d49450b41-OSL
|
| down.c2345.cn/%E4%B8%8A%E8%B4%A7/%E5%8D%83%E5%AF%BB%E4%B8%8A%E8%B4%A7.exe |  117.68.52.41 | 200 OK | 8.4 MB |
URL User Request GET HTTP/1.1down.c2345.cn/%E4%B8%8A%E8%B4%A7/%E5%8D%83%E5%AF%BB%E4%B8%8A%E8%B4%A7.exe IP117.68.52.41:80
File typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed\012- data Size8.4 MB (8390656 bytes) Hash5178e7d72117fe6774314c69176a198a e647f0372ba1e704cd1724b3c0f67d6442b9edbc 08683368b966feddd7abbb65a302258445d2bfc0fcd6b6212082880859ac7f46
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO Packed Executable Download | | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | | suricata | low | ET INFO EXE - Served Inline HTTP |
GET /%E4%B8%8A%E8%B4%A7/%E5%8D%83%E5%AF%BB%E4%B8%8A%E8%B4%A7.exe HTTP/1.1
Host: down.c2345.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Tue, 28 Nov 2023 00:29:37 GMT
Content-Type: application/x-msdownload
Content-Length: 8390656
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 04:38:02 GMT
ETag: "lsFcEjvwsVPFoxtke5S0Si4vfewr"
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Content-Disposition: inline; filename="千寻上货.exe"; filename*=utf-8''%E5%8D%83%E5%AF%BB%E4%B8%8A%E8%B4%A7.exe
Content-Md5: UXjn1yEX/md0MUxpF2oZig==
Content-Transfer-Encoding: binary
X-Log: X-Log
X-M-Log: QNM:fn268;SRCPROXY:fn270;SRC:21/304;SRCPROXY:21/304;QNM3:27
X-M-Reqid: YAYAAOyLdLNZepsX
X-Qiniu-Zone: 2
X-Qnm-Cache: Validate,Hit
X-Reqid: CwAAAAATZ7NZepsX
X-Svr: IO
Ohc-Global-Saved-Time: Tue, 28 Nov 2023 00:29:37 GMT
Ohc-Cache-HIT: hfct68 [2]
Ohc-File-Size: 8390656
X-Cache-Status: MISS
|