| zerossl.ocsp.sectigo.com/ |  104.18.14.101 | | 316 B |
URL zerossl.ocsp.sectigo.com/ IP104.18.14.101:0
Hashb1648ffc1f699f7fa4f68f2d9a26894a 67809afdf20ec7a86a8ddd2ccaa0220a2ee163f4 75b3aa9858bad20cea8c2becf6e48cd17c771a36476b221ea609af25ff065687
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 07:35:58 GMT
Content-Type: application/ocsp-response
Content-Length: 316
Connection: keep-alive
Last-Modified: Sat, 30 Sep 2023 11:52:26 GMT
Expires: Sat, 07 Oct 2023 11:52:25 GMT
Etag: "67809afdf20ec7a86a8ddd2ccaa0220a2ee163f4"
Cache-Control: max-age=360683,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 810382efdc8b56c1-OSL
|
| clientfile.jijidown.com/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 |  120.55.98.203 | 302 Found | 161 B |
URL User Request GET HTTP/2clientfile.jijidown.com/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 IP120.55.98.203:443 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerZeroSSL Subject*.jijidown.com FingerprintCE:18:AD:EF:B1:6E:2A:77:B2:4A:F4:08:9C:20:01:06:E6:EC:19:34 ValiditySun, 06 Aug 2023 00:00:00 GMT - Sat, 04 Nov 2023 23:59:59 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashb25d5e7ec72fe7c181c56fe286b44875 10f16139f7f5e07bd4a2f49ae4c1a407df5578b6 99d6333713dc294a4d960b71cbdecfcd89d57960c2715ceb2b289199b5fe9297
GET /PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 HTTP/1.1
Host: clientfile.jijidown.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.14.2
date: Tue, 03 Oct 2023 07:35:59 GMT
content-type: text/html
content-length: 161
location: http://222.186.139.95:4432/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583
X-Firefox-Spdy: h2
|
| 222.186.139.95:4432/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 | 222.186.139.95 | 200 OK | 1.6 MB |
URL User Request GET HTTP/1.1222.186.139.95:4432/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 IP222.186.139.95:4432
File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data Size1.6 MB (1565184 bytes) Hash63c6a09fac52fe61d6cf3113b6e2f464 e1ee58cdbe982d61424a18da5242206000bad6e4 f592a5ed1882a7df9bee018c11cfef5b8939897d65fd143a3e1ecd286815b847
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed | | VirusTotal | suspicious | |
GET /PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 HTTP/1.1
Host: 222.186.139.95:4432
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 03 Oct 2023 07:35:57 GMT
Content-Type: application/octet-stream
Content-Length: 1565184
Last-Modified: Thu, 01 Sep 2022 02:59:20 GMT
Connection: keep-alive
ETag: "63102008-17e200"
Accept-Ranges: bytes
|