504 B IP
ASN #20940 Akamai International B.V.
Hash 13ea5888d3245867e3b2271529ae3a07
2ac08d083a3db9818f13427caf2afd6ffe844e19
5c2f7da36674ccad93a922282c4cc5dc25ffe3e17206be2fc0e1dfa98181fd46
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C2F7DA36674CCAD93A922282C4CC5DC25FFE3E17206BE2FC0E1DFA98181FD46"
Last-Modified: Thu, 22 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13165
Expires: Fri, 23 Aug 2024 03:40:57 GMT
Date: Fri, 23 Aug 2024 00:01:32 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 133a8ab4e8c45f320352685e01db9625
a24555e329796c47c106c0f55d1d8807f652b257
9e748e8be620ce31ed3909b9574b05b4f49bd396482d89699218408c95294d97
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9E748E8BE620CE31ED3909B9574B05B4F49BD396482D89699218408C95294D97"
Last-Modified: Wed, 21 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3685
Expires: Fri, 23 Aug 2024 01:02:57 GMT
Date: Fri, 23 Aug 2024 00:01:32 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 8541cd70139dfda2d95ed0b4e252f586
38437f949815bd7b58655cc9dba515e53a6abee6
21b5b0e771d125bc1d1cd5b12f7bb8567f86c7ab1fe44c531bb98e84a62bfdf0
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "21B5B0E771D125BC1D1CD5B12F7BB8567F86C7AB1FE44C531BB98E84A62BFDF0"
Last-Modified: Thu, 22 Aug 2024 09:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3790
Expires: Fri, 23 Aug 2024 01:04:42 GMT
Date: Fri, 23 Aug 2024 00:01:32 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash fa24406b28144f03c66e0892b293241b
64ec25a3e583dcd2ea13558272ac7badebbfc3d6
8d1b5de3eaf9d4ae520c30cb01548286eeb9853665444c34be6caac091af5638
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8D1B5DE3EAF9D4AE520C30CB01548286EEB9853665444C34BE6CAAC091AF5638"
Last-Modified: Wed, 21 Aug 2024 03:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14483
Expires: Fri, 23 Aug 2024 04:02:56 GMT
Date: Fri, 23 Aug 2024 00:01:33 GMT
Connection: keep-alive
GET download.niuxuezhang.cn/go/screen-recorder_3861.exe?trackpage=https://www.niuxuezhang.cn/screenrecorder-tips/screen-recording-meeting-record-tengx.html
302 Moved Temporarily 221 B URL User Request GET HTTP/1.1 download.niuxuezhang.cn/go/screen-recorder_3861.exe?trackpage=https://www.niuxuezhang.cn/screenrecorder-tips/screen-recording-meeting-record-tengx.html
IP
ASN #4812 China Telecom Group
Certificate IssuerDigiCert, Inc.
Subjectdownload.niuxuezhang.cn
Fingerprint77:65:04:06:F1:BC:2B:70:78:9B:5D:D7:E4:2A:12:CC:1F:B6:32:82
ValidityWed, 20 Mar 2024 00:00:00 GMT - Wed, 19 Mar 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash de892df7d0306b279823c1669e6fa7c0
2e61db1776c9110a62a848159d94ef050c80bc07
ec4ffe25f0a8dad25083be5f2bdf1614f75f8fcb8141a44f1de202ec202e4e46
GET /go/screen-recorder_3861.exe?trackpage=https://www.niuxuezhang.cn/screenrecorder-tips/screen-recording-meeting-record-tengx.html HTTP/1.1
Host: download.niuxuezhang.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: Tengine
Content-Type: text/html
Content-Length: 221
Connection: keep-alive
Date: Fri, 23 Aug 2024 00:01:34 GMT
Location: https://go.niuxuezhang.cn/go?c=download&a=track&name=screen-recorder_3861.exe&back_url=https://download.niuxuezhang.cn/downloads/screen-recorder.exe
Via: cache4.l2cn3022[143,143,302-0,M], cache48.l2cn3022[145,0], vcache21.cn6013[253,252,302-0,M], vcache2.cn6013[262,0]
Ali-Swift-Global-Savetime: 1724371294
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 23 Aug 2024 00:01:34 GMT
X-Swift-CacheTime: 0
Accept-Ranges: bytes
Timing-Allow-Origin: *
EagleId: 3daa511617243712943271498e
504 B IP
ASN #20940 Akamai International B.V.
Hash 663683cf83257c4867434f1b98db8939
f0ca9dbee82d2d4031edbf65bc9aa36d25264687
42b541fd8690abf306d19e5601a846c6b5a6c494342f17fe60b6048a340cd67d
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "42B541FD8690ABF306D19E5601A846C6B5A6C494342F17FE60B6048A340CD67D"
Last-Modified: Tue, 20 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8081
Expires: Fri, 23 Aug 2024 02:16:16 GMT
Date: Fri, 23 Aug 2024 00:01:35 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 663683cf83257c4867434f1b98db8939
f0ca9dbee82d2d4031edbf65bc9aa36d25264687
42b541fd8690abf306d19e5601a846c6b5a6c494342f17fe60b6048a340cd67d
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "42B541FD8690ABF306D19E5601A846C6B5A6C494342F17FE60B6048A340CD67D"
Last-Modified: Tue, 20 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8081
Expires: Fri, 23 Aug 2024 02:16:16 GMT
Date: Fri, 23 Aug 2024 00:01:35 GMT
Connection: keep-alive
GET go.niuxuezhang.cn/go?c=download&a=track&name=screen-recorder_3861.exe&back_url=https://download.niuxuezhang.cn/downloads/screen-recorder.exe
302 Found 441 B URL User Request GET HTTP/1.1 go.niuxuezhang.cn/go?c=download&a=track&name=screen-recorder_3861.exe&back_url=https://download.niuxuezhang.cn/downloads/screen-recorder.exe
IP
Certificate IssuerGoogle Trust Services
Subjectniuxuezhang.cn
FingerprintCE:2D:3D:76:C5:21:63:97:25:41:15:D6:04:79:88:2F:EA:3A:14:40
ValidityFri, 05 Jul 2024 08:02:15 GMT - Thu, 03 Oct 2024 09:01:21 GMT
File type HTML document, ASCII text
Hash 473ce5b4f065cd112190e960f6dc9769
acfb1a93ea716f12f5c8b068719e8a2a690c73a7
566a71bfdb3d70c20bab244d4bd2a2f66bf27c169a1da3d551268e640790047f
GET /go?c=download&a=track&name=screen-recorder_3861.exe&back_url=https://download.niuxuezhang.cn/downloads/screen-recorder.exe HTTP/1.1
Host: go.niuxuezhang.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 23 Aug 2024 00:01:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
location: https://download.niuxuezhang.cn/downloads/screen-recorder.exe
set-cookie: XSRF-TOKEN=eyJpdiI6IlluZVhHT2ZcL2lOWFNhNVlKYjBFek1BPT0iLCJ2YWx1ZSI6IlIwaWlhdyt2Tnh4WFJZQXZlWnJuT0M0b1wvajhLMnlVZkRHaFVGUll2TVlsNENVdzF6RXFmV1JnR05zblpTbkpxRmpKbGtHWThtR2dTTWFwMWNJTit4TXF1RmgrS3lWd1ozdGVQTzFtQ1FSemdRdlUwMUJsRmxVckUxM1JlXC9VRzUiLCJtYWMiOiJiYzNmNTAyNzE4YzE1OWIxZDdhYjVhNTJjOTE1MzhmOWQ3MGUwNjhmZTMyYjM1NDRlZDlkODA1YzhkNGExMmY4In0%3D; expires=Fri, 23-Aug-2024 02:01:35 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6IlRQcUdkVytMNm5cL1wvcnorOU55T3VLUT09IiwidmFsdWUiOiJmcTlPSE8xSTlvU1ZCeG9KWnZuREZkY0srNXlcL3lwNXdKcEpGWkoxNWNKSUFRN0V1UVB6WEpqTFB0Q2t3NkRYZ29HM0RBTnk4K0REVWFsVnhFYXZWUEMyUEVSK0ZobmthTERTZDVZcGU0UVJ2RUtMYWdwc1k2TzRlKzE3Q0cxclEiLCJtYWMiOiJjMDZiMmNiOGM3NWEyZWM1ZTE4ZjY2MGY3YWViZDVlY2QyNmEyN2IyZjlkOTEwNzJmOWI4NWEwYTkxYmM5YWYxIn0%3D; expires=Fri, 23-Aug-2024 02:01:35 GMT; Max-Age=7200; path=/; httponly
x-envoy-upstream-service-time: 150
CF-Cache-Status: DYNAMIC
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8b76d430fa30b521-OSL
GET download.niuxuezhang.cn/downloads/screen-recorder.exe
200 OK 2.0 MB URL User Request GET HTTP/1.1 download.niuxuezhang.cn/downloads/screen-recorder.exe
IP
ASN #4812 China Telecom Group
Certificate IssuerDigiCert, Inc.
Subjectdownload.niuxuezhang.cn
Fingerprint77:65:04:06:F1:BC:2B:70:78:9B:5D:D7:E4:2A:12:CC:1F:B6:32:82
ValidityWed, 20 Mar 2024 00:00:00 GMT - Wed, 19 Mar 2025 23:59:59 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size 2.0 MB (2045712 bytes)
Hash d3081627c17f7d24258a1b0a5f2a5d07
35fdfe0cceb60716c5f9f1232bc1bbe4e38216ec
ab606cdd7bb2c1bdad233f6c62e88d112d3cc6db271a74845c6395358fdb1ab0
Analyzer Verdict Alert VirusTotal malicious
GET /downloads/screen-recorder.exe HTTP/1.1
Host: download.niuxuezhang.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/octet-stream
Content-Length: 2045712
Connection: keep-alive
Date: Fri, 23 Aug 2024 00:01:35 GMT
Via: cache23.l2cn3022[171,171,304-0,H], cache79.l2cn3022[173,0], vcache11.cn6013[343,343,200-0,H], vcache2.cn6013[352,0]
Last-Modified: Tue, 14 Nov 2023 10:31:00 GMT
ETag: "65534c64-1f3710"
Age: 0
Ali-Swift-Global-Savetime: 1724371295
X-Cache: HIT TCP_REFRESH_HIT dirn:9:176274540 mlen:0
X-Swift-SaveTime: Fri, 23 Aug 2024 00:01:35 GMT
X-Swift-CacheTime: 172800
Accept-Ranges: bytes
Timing-Allow-Origin: *
EagleId: 3daa511617243712953906731e
61.170.81.238
23.33.119.57
104.18.19.209