IP 101.33.29.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.flash.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Location: https://www.flash.cn/
Content-Length: 0
X-NWS-LOG-UUID: 3279725665644350758
Connection: keep-alive
Server: Lego Server
Date: Mon, 22 May 2023 15:59:40 GMT
X-Cache-Lookup: Return Directly
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 96256900400bf31ef8b6c65d9126be8d
df724936551d31ec749b22c3660b923fb8b6e0f7
3d52c1022ec51d63686fd3b404dcda68820ee0d333d68e045814c08f5506a819
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Mon, 22 May 2023 15:49:47 GMT
Ali-Swift-Global-Savetime: 1684770587
Via: cache21.l2de2[0,-1,200-0,H], cache19.l2de2[1,0], cache2.se1[23,23,200-0,M], cache2.se1[24,0]
Age: 594
X-Cache: MISS TCP_REFRESH_MISS dirn:3:228625376
X-Swift-SaveTime: Mon, 22 May 2023 15:59:41 GMT
X-Swift-CacheTime: 3006
Timing-Allow-Origin: *
EagleId: 2ff62c9616847711815805063e
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 96256900400bf31ef8b6c65d9126be8d
df724936551d31ec749b22c3660b923fb8b6e0f7
3d52c1022ec51d63686fd3b404dcda68820ee0d333d68e045814c08f5506a819
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Mon, 22 May 2023 15:49:47 GMT
Ali-Swift-Global-Savetime: 1684770587
Via: cache21.l2de2[0,0,200-0,H], cache5.l2de2[0,0], cache7.se1[32,31,200-0,M], cache7.se1[34,0]
Age: 594
X-Cache: MISS TCP_REFRESH_MISS dirn:5:132426826
X-Swift-SaveTime: Mon, 22 May 2023 15:59:41 GMT
X-Swift-CacheTime: 3006
Timing-Allow-Origin: *
EagleId: 2ff62c9b16847711815822194e
IP 101.33.29.224:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (467)
Hash 1bda305c61b0decf1834208935b9ddba
3555c887bae49d7dd6ef570d25c64b718bc60bc5
441768f0036519cdb19da4cb925fc37078d7f5e91429a92b7c35862dcfed754c
GET / HTTP/1.1
Host: www.flash.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: Lego Server
Date: Mon, 22 May 2023 15:59:41 GMT
Cache-Control: public, max-age=86400
Content-Length: 5999
X-NWS-LOG-UUID: 8517129436105184548
Connection: keep-alive
X-Cache-Lookup: Cache Hit, Hit From Inner Cluster
www.flash.cn/cdm/latest/flashplayerax_install_cn.exe
101.33.29.225200 OK 2.3 MB URL User Request GET HTTP/1.1 www.flash.cn/cdm/latest/flashplayerax_install_cn.exe
IP 101.33.29.225:443
Certificate IssuerDigiCert Inc
Subjectizhongcheng.cn
FingerprintC3:57:A3:B4:B9:5B:4E:ED:C5:11:AE:59:83:A3:05:43:40:78:E4:29
ValidityTue, 28 Feb 2023 00:00:00 GMT - Sat, 30 Mar 2024 23:59:59 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed\012- data
Size 2.3 MB (2307568 bytes)
Hash 2163f52d2372f53c82078b17d28b06d7
634e79338cade035b89dedcbed921c2177ef9cc7
e7fde3305ebc6422ac47275a29f070b25db4a2eb9d041f8d8749cfbb149d8e0c
Analyzer Verdict Alert fortinet Malware
VirusTotal 4/71
GET /cdm/latest/flashplayerax_install_cn.exe HTTP/1.1
Host: www.flash.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Last-Modified: Tue, 14 Mar 2023 13:57:37 GMT
Etag: "9018ee8c17cc25bbb602bb6003177eda-3"
Content-Type: application/x-msdownload
Content-Length: 2307568
Accept-Ranges: bytes
X-NWS-LOG-UUID: 18026100983874379300
Connection: keep-alive
Server: Lego Server
Date: Mon, 22 May 2023 15:59:41 GMT
X-Cache-Lookup: Cache Hit