IP210.74.41.123:0 ASN#58866 China Financial Certification Authority
Hash90afdc15621b4d59fe43e504c7e2c50b b52954981c6a85a4538158a7e26b6a3cee436834 b82b5b6ae9c47d7a38b3a3513a19a382859c309b065d7ecf54b61cd03631699e
POST /ocsp HTTP/1.1
Host: ocsp.cfca.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: sslgw
Date: Thu, 09 May 2024 02:56:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1487
Connection: keep-alive
Content-transfer-encoding: binary
ETag: "b52954981c6a85a4538158a7e26b6a3cee436834"
last-modified: Thu, 09 May 2024 00:03:00 GMT
expires: Fri, 10 May 2024 04:03:00 GMT
cache-control: public, no-transform, must-revalidate
|
IP210.74.41.123:0 ASN#58866 China Financial Certification Authority
Hash3cebcd6096bcdcb021e79604dde65569 656bc0daa77e272737a6cedd877cf2e8c586c622 03bdc8960ca33c5c110ef9bc3a9d6e11e7b3fe30b10f290ec9545d6afc8b94d5
POST /ocsp HTTP/1.1
Host: ocsp.cfca.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: sslgw
Date: Thu, 09 May 2024 02:56:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1487
Connection: keep-alive
Content-transfer-encoding: binary
ETag: "656bc0daa77e272737a6cedd877cf2e8c586c622"
last-modified: Thu, 09 May 2024 00:03:00 GMT
expires: Fri, 10 May 2024 04:03:00 GMT
cache-control: public, no-transform, must-revalidate
|
| www.xjrccb.com.cn/corbank/ocx/serverfile/CW_USBKey.exe | 222.82.235.196 | 200 OK | 739 kB |
URL User Request GET HTTP/1.1www.xjrccb.com.cn/corbank/ocx/serverfile/CW_USBKey.exe IP222.82.235.196:443
CertificateIssuerChina Financial Certification Authority Subject*.xjrccb.com.cn Fingerprint28:F3:39:83:BC:F1:0A:F0:17:A5:96:E5:9E:17:D8:E4:E3:B9:33:C4 ValiditySat, 23 Mar 2024 10:13:45 GMT - Wed, 26 Feb 2025 06:47:38 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections Size739 kB (738896 bytes) Hashd9f38d365b7710b2ce6f5110ab51b090 a99bf69be60de3a70a52863832b2a3e6a49d1da4 2ec6ee841febd37853ac022b3b06f587cf4dd7fdbf2f5d3932122a9715218790
Analyzer | Verdict | Alert | VirusTotal | suspicious | |
GET /corbank/ocx/serverfile/CW_USBKey.exe HTTP/1.1
Host: www.xjrccb.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Set-Cookie: AlteonP=AMkQShYgG6yP41oCDhTpEQ$$; Secure
Server: nginx/1.21.1
Date: Thu, 09 May 2024 02:52:00 GMT
Content-Type: application/octet-stream
Content-Length: 738896
Last-Modified: Fri, 01 Sep 2023 15:59:06 GMT
ETag: "64f20a4a-b4650"
Accept-Ranges: bytes
Connection: Keep-alive
Via: 1.1 ID-0001544135664210 uproxy-3
|