| tmpfiles.org/dl/5625340/test.exe |  104.21.21.16 | 200 OK | 16 kB |
URL User Request GET HTTP/2tmpfiles.org/dl/5625340/test.exe IP104.21.21.16:443
CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeELF 64-bit LSB shared object, x86-64, version 1 (SYSV) Hashaa16ae64bc6a501f5f169ec588f6fb3f 0b62f217a28fff126c22ad459e522a083344c7f5 a001da3d0f8f56ccb0a2b2cec4949202b9f79b2bc94a8518b26a35820f57ae16
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | meth_peb_parsing | | Elastic Security YARA Rules | malware | Windows.Trojan.Metasploit | | Elastic Security YARA Rules | malware | Windows.Trojan.Metasploit | | Quad9 DNS | malicious | Sinkholed |
GET /dl/5625340/test.exe HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 15:48:05 GMT
content-type: application/x-sharedlib
content-length: 16432
content-disposition: inline; filename=test.exe
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6InFYa0hFakFjYVp6alBZUi9wZ3dybEE9PSIsInZhbHVlIjoiWDVXV1BseUcxSnlQWnVTVVRIVlg4bG1FYjhrcHpzSGw4WEgzS29ieFgvT1p2UnpSMW8raVpCcnhkR0pXQXhWL3B6YnI5ekFzM0xqaUNFMG5Meit3UTZMRFRmRkNPUmsyK0ZsYU9maG1lb1RIRGpaNmVsakdDWjQyR20wWXoyYjYiLCJtYWMiOiIzODFmZDI2NzQyMTEzYTVlMGQ5OTZhODQwNzUwYTdlMTM5N2RkODBiMWYwZjA3MTdmZmZjMWJiODQwMmZlODE0In0%3D; expires=Tue, 07-May-2024 17:48:05 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6IndEckd1dy9pV2NjcndGa1czblNKS2c9PSIsInZhbHVlIjoic29xL0tjM2J0T3hITGRPWEx2OGpHaVNvRnhVYnZMMGpObG5vWC9wMHUza28zdnBmMHk2NW1PeWdRN0t3VUkvbk5pNVVZVWNHYTRiU0ZzY1NqU3dsQWY5azBXUVpPMEFwOWlQSFF5TURXdW9melF6MzgwWFF3Q1d6TDYvUWFDT1EiLCJtYWMiOiJhNjc4MDkyNmQ2ZmEzYzRkOTNiODRlMDA5Y2QxYTQ0ZjE4YmMxMWY5NmUyMzU0NzIyZDM1MWMyMmUwNTk3ZmQxIn0%3D; expires=Tue, 07-May-2024 17:48:05 GMT; Max-Age=7200; path=/; httponly; samesite=lax
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=niBWFRrlfqw5AqFyMr9kt2hQMGjLx4rbY55ZLP39iGHZorQNQHLJa1C950M7MPWGHc%2BROBtA1AwQGp2oFoeui%2BeKtthKucmrIOGCXtf31TeoprPTAfDyBRU%2BnKLZInE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88025a2d8c4456bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
172.67.195.247