| GET dangerlisten.com/c759c26ed61d632cd0d5b85f6a07b25e/35881367040156107868ae3b7424f39d.exe |  172.67.140.112 | 200 OK | 4.4 MB |
URL User Request GET HTTP/2dangerlisten.com/c759c26ed61d632cd0d5b85f6a07b25e/35881367040156107868ae3b7424f39d.exe IP172.67.140.112:443
CertificateIssuerGoogle Trust Services LLC Subjectdangerlisten.com FingerprintD3:40:4D:C8:45:7C:A8:3C:11:F2:C5:6F:E2:CD:B0:98:F5:A4:CF:B6 ValidityFri, 23 Feb 2024 14:18:21 GMT - Thu, 23 May 2024 14:18:20 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections Size4.4 MB (4433296 bytes) Hashd1bd061c26fdd34474da343dc8ca1a7e 7d23baff651642420970dc11ed17d0bbd3b78bd5 93ad252d92e7927ecea80ade6c5073e7bbb230fa4a9c07ef11ef168b04b79064
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed | | VirusTotal | malicious | |
GET /c759c26ed61d632cd0d5b85f6a07b25e/35881367040156107868ae3b7424f39d.exe HTTP/1.1
Host: dangerlisten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 15 Apr 2024 18:16:23 GMT
content-type: application/x-ms-dos-executable
content-length: 4433296
last-modified: Mon, 15 Apr 2024 15:52:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNIa0bko4Rq%2Fl5d4y3i%2FJ1cnp7hmvzeqiv6v1A%2FYEE0mm7%2F%2B0OzQwiVkViDmFiYh%2Ffegct%2B2nFPM%2BhYoPr30oUYpC10c7evO5ijMYhdiHEgbne%2F5l2Xjn%2B%2Fj3IqGfusumPfa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 874ded290a3856b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| GET operatinghub.com/35881367040156107868ae3b7424f39d.exe |  104.21.26.122 | 307 Temporary Redirect | 4.4 MB |
URL User Request GET HTTP/2operatinghub.com/35881367040156107868ae3b7424f39d.exe IP104.21.26.122:443
CertificateIssuerGoogle Trust Services LLC Subjectoperatinghub.com Fingerprint65:5E:73:64:1D:20:C0:EF:9D:03:89:E3:AA:BD:96:E3:3C:52:2E:9B ValidityFri, 23 Feb 2024 14:16:10 GMT - Thu, 23 May 2024 14:16:09 GMT
Size4.4 MB (4433296 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /35881367040156107868ae3b7424f39d.exe HTTP/1.1
Host: operatinghub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
date: Mon, 15 Apr 2024 18:16:23 GMT
content-type: text/html; charset=utf-8
location: https://dangerlisten.com/c759c26ed61d632cd0d5b85f6a07b25e/35881367040156107868ae3b7424f39d.exe
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDKFO02DJ23Py9%2B2yeMsXu8bY%2BPhymndvXJBflj8Nq%2BQjjMXjGUGp3PAuaExfZ2uf1srmkvQlL5wN0CPg8NlfNe1LHjNP5ezBehaUs3mx432hLAKhm10qcHfsSNPO8UAlGEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 874ded285ceeb4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|