IP 192.124.249.23:0
Hash 75a64296ee63afda68d3e04bb9fba7f6
c64556b0e45256c090000e8e6497dc31d8bc1899
c1a21e9b7c6ab41afe033ce7b3e41bf03f59306cb13841b8a029306280892f17
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 04 May 2024 20:20:37 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 04 May 2024 08:11:25 GMT
Expires: Sun, 05 May 2024 08:11:25 GMT
ETag: "c64556b0e45256c090000e8e6497dc31d8bc1899"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.lohn-programm.de/cashw.exe
5.35.226.52200 OK 2.8 MB URL User Request GET HTTP/1.1 www.lohn-programm.de/cashw.exe
IP 5.35.226.52:443
ASN #20773 Host Europe GmbH
Certificate IssuerStarfield Technologies, Inc.
Subjectwww.lohn-programm.de
FingerprintB2:11:AE:93:A6:D4:74:BF:0E:5C:15:1F:83:9D:00:8A:F7:1B:DE:32
ValidityMon, 03 Jul 2023 23:01:19 GMT - Fri, 02 Aug 2024 23:01:19 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive, 4 sections
Size 2.8 MB (2765888 bytes)
Hash 54770b9b0553b254e0768927e573563d
62ee67eb9389241d614ff54dbd534f80a855a262
902904fde9da368d3f64222b2c529a3b2a063ccb8de403267eb6f253fdee18f1
Analyzer Verdict Alert VirusTotal suspicious
GET /cashw.exe HTTP/1.1
Host: www.lohn-programm.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 20:20:37 GMT
Content-Type: application/x-msdos-program
Content-Length: 2765888
Connection: keep-alive
Server: Apache
Last-Modified: Thu, 28 Mar 2024 13:39:19 GMT
ETag: "2a3440-614b8a66dba61"
Accept-Ranges: bytes