| tmpfiles.org/dl/5670994/663bb32c94d58-exploit.bin | 104.21.21.16 | 200 OK | 84 kB |
URL User Request GET HTTP/2tmpfiles.org/dl/5670994/663bb32c94d58-exploit.bin IP104.21.21.16:443
CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash3c1dcf39aae86e9c3d6f126e4eaa702c 5984cac4cf86e3858077f0a6cba77d044d53e47d db0ddf69bc67462fb9835d423b32b83cd88978c6ccbe62e374cb9375d2a1b879
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dl/5670994/663bb32c94d58-exploit.bin HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:34:20 GMT
content-type: text/plain; charset=UTF-8
content-disposition: inline; filename=663bb32c94d58-exploit.bin
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6IlVhMEROcStXQTVkYmhydDJjekhRSnc9PSIsInZhbHVlIjoiWTB4bkpvUFJZZjRpS2VqSGxaNWRtYUl6MmIzb3pXenZ5OHg4SmNBWTFqejBmUkRRYnZyQTRyV0RJazlSSFR2cDFZZHdFd1NRZnZJM2dKS2ZVaHpZZmVQWloyOHNESCtPQW40SDRFanIwK3RkS2xxSmhhSWUrZEJGUFhjcm80UHoiLCJtYWMiOiIyMDU5ODkyMjY2YTYxZjI0Njk1OTg3YjkyMjlkNDlmNzMwODBlNzVmZWMyMTdhZjViZWMyOGFmMzQ2MmRkMzY2In0%3D; expires=Wed, 08-May-2024 19:34:20 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6IndxcTllZHBnS3hiNUNwMTBqNXd1UFE9PSIsInZhbHVlIjoiYlVwd2p2ZFc4RDQvdWNKL0ZwOFgxbExBRFI0NEtBbytuZFUyZlY3cHlTVjMzRTVkRzlDZGg5NXlGQzZ3bW9FOFlETExON0FiRCt3Q0Q4SXBQSlNjZ1Y3SXZ5WWRBRTBNa1ovWmhZaERURU5lb1ZaUUFMSlJPeVhCL2tTanNqa3EiLCJtYWMiOiI0NzM1ZWNiZjZiNzU5NDIzNGFlN2ZlYjkwY2NkNDdlZTZhOWQyNTc5ZDNkNTdjYzBhMDY0MTgwYzYzMzNlMDgyIn0%3D; expires=Wed, 08-May-2024 19:34:20 GMT; Max-Age=7200; path=/; httponly; samesite=lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mQDUpY06YNf8nfY3qNb9YDGir4AgPtCUBEughM2hfB86EsdFHSW4GXV3OtcSJUVboiRAeSQlKdxOHoQVQtKjM7IqW%2BnarmTOjXP4I9KA%2FSKuuLDMFFDs3YnuTje5f20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b33308ac8b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
IP104.21.21.16:443
Requested byhttps://tmpfiles.org/dl/5670994/663bb32c94d58-exploit.bin CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash641276e2d4d0995c8262223f1fdda3d2 4f3f8f324f842e21d6921fffef2be2370cba9c49 5c039a5032f66daf0ad7ccaf04589686dfcc0b580113c1c6a9cff06ed4ce676d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/dl/5670994/663bb32c94d58-exploit.bin
Cookie: XSRF-TOKEN=eyJpdiI6IlVhMEROcStXQTVkYmhydDJjekhRSnc9PSIsInZhbHVlIjoiWTB4bkpvUFJZZjRpS2VqSGxaNWRtYUl6MmIzb3pXenZ5OHg4SmNBWTFqejBmUkRRYnZyQTRyV0RJazlSSFR2cDFZZHdFd1NRZnZJM2dKS2ZVaHpZZmVQWloyOHNESCtPQW40SDRFanIwK3RkS2xxSmhhSWUrZEJGUFhjcm80UHoiLCJtYWMiOiIyMDU5ODkyMjY2YTYxZjI0Njk1OTg3YjkyMjlkNDlmNzMwODBlNzVmZWMyMTdhZjViZWMyOGFmMzQ2MmRkMzY2In0%3D; tmpfiles_session=eyJpdiI6IndxcTllZHBnS3hiNUNwMTBqNXd1UFE9PSIsInZhbHVlIjoiYlVwd2p2ZFc4RDQvdWNKL0ZwOFgxbExBRFI0NEtBbytuZFUyZlY3cHlTVjMzRTVkRzlDZGg5NXlGQzZ3bW9FOFlETExON0FiRCt3Q0Q4SXBQSlNjZ1Y3SXZ5WWRBRTBNa1ovWmhZaERURU5lb1ZaUUFMSlJPeVhCL2tTanNqa3EiLCJtYWMiOiI0NzM1ZWNiZjZiNzU5NDIzNGFlN2ZlYjkwY2NkNDdlZTZhOWQyNTc5ZDNkNTdjYzBhMDY0MTgwYzYzMzNlMDgyIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 17:34:20 GMT
content-type: image/x-icon
last-modified: Fri, 10 Feb 2017 21:01:32 GMT
etag: W/"589e2a2c-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 45
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l80exVDZxe6UgqW46AGVjYXgyMKarPRHU0sRwTPwJYlhU22e2pcM4MBwCwTiGWA4UR3f%2BwOJpSGmrQtp7FBlxk1wp4b%2FqAPBy7jxrVQbGbXODLYvR%2BMaCjx6fn9POGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b3333187cb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|