| yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe | 188.114.97.1 | 521 No Reason Phrase | 6.8 kB |
URL User Request GET HTTP/2yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectyukn8896103.vip Fingerprint9A:0D:06:93:0C:36:2F:92:0D:01:38:FE:F4:D9:19:32:74:16:49:95 ValidityMon, 25 Mar 2024 04:56:38 GMT - Sun, 23 Jun 2024 04:56:37 GMT
File typeHTML document, ASCII text, with very long lines (394) Hash79635eebccac96b71b1a723faebedffd 2e5a28111b0e95622d63e9c7dd6be24afd7bcc3d 442b1d755b7bea816e99c3fa4d27ce5c9199726d78bf7547d654b7f235f83d12
GET /setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe HTTP/1.1
Host: yukn8896103.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 521 No Reason Phrase
date: Fri, 19 Apr 2024 07:11:43 GMT
content-type: text/html; charset=UTF-8
content-length: 6827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyJCVsMkomSyIDE%2BL7Dv0wDYMdTy0WM7hpA7FeSbbLrc1F52%2FMNssAx0ewEAb3I5rLMzGQM97VFpV%2BAsmsxgq073wfB2dc%2FPhmkzmoUmBdPc%2FliYjx39Nd25cEU39z4tG84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 876b1504aa9c1c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe | 188.114.97.1 | 521 No Reason Phrase | 3.2 MB |
URL User Request GET HTTP/2yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectyukn8896103.vip Fingerprint9A:0D:06:93:0C:36:2F:92:0D:01:38:FE:F4:D9:19:32:74:16:49:95 ValidityMon, 25 Mar 2024 04:56:38 GMT - Sun, 23 Jun 2024 04:56:37 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Size3.2 MB (3218944 bytes) Hasha00a6d454b00565f15fbe204c216d26e 9e5569add1f812e126d61b4d24ba15fa3bcd9932 98f6289b84fa85ae1489f7f0d1a8759eae90fb781c388800d01d0c68ab9fee7e
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | meth_get_eip | VirusTotal | malicious | |
GET /setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe HTTP/1.1
Host: yukn8896103.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 07:11:44 GMT
Content-Type: application/octet-stream
Content-Length: 3218944
Connection: keep-alive
ETag: a09c3822a794cf3e15dfa68d91252d49
Last-Modified: Fri, 19 Apr 2024 06:40:32 GMT
Content-Disposition: attachment; filename*=UTF-8''setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe; filename=setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe
CF-Cache-Status: BYPASS
Set-Cookie: HFS_SID_=Z8ObQjQr5kAAAIBopOrTPw; path=/; HttpOnly
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wtwUhT%2FKuEIfqD98shY9UOO%2FQRc2lr4SU3%2BuXq9UUuUwgZ%2FdvEXaqlcroAdlHEIZktYm3NsjYUbilCFpnnsJgFd5ZD%2BOHr7JbI2gzWakdGaUmm3lwOlTtUe%2FuJtJOHp1KG0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876b15075f55b4eb-OSL
alt-svc: h2=":443"; ma=60
|