| sqdownd.onlinedown.net/down/chilunzc5.7.exe |  121.17.124.118 | 403 Forbidden | 263 B |
URL User Request GET HTTP/1.1sqdownd.onlinedown.net/down/chilunzc5.7.exe IP121.17.124.118:80 ASN#4837 CHINA UNICOM China169 Backbone
File typeXML 1.0 document text\012- XML document, ASCII text, with no line terminators Hash1824de317dbcc717e252ffefb07f2e41 a58f357d27be2ac61a359c2860a574cb9322fa04 83539c0aa3dd38f42181e70d97fe519e94d772f62acf99ea0beb6ccd69d0f227
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | |
GET /down/chilunzc5.7.exe HTTP/1.1
Host: sqdownd.onlinedown.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sun, 14 May 2023 03:24:47 GMT
Content-Type: application/xml
Content-Length: 263
Connection: keep-alive
Server: openresty
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
CloudServiceDiscount: CDN
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSqFQZMjW25Kd3kQs4ZMSnbloJ5CPbRU
x-amz-request-id: 00000188184A11B89053E99F290CBE0C
x-reserved-indicator: 361
X-CCDN-Origin-Time: 134
Age: 1
via: CHN-HEhengshui-AREACUCC3-CACHE25[159],CHN-HEhengshui-AREACUCC3-CACHE26[155,TCP_MISS,157],CHN-TJ-GLOBAL1-CACHE74[145],CHN-TJ-GLOBAL1-CACHE79[134,TCP_MISS,139]
x-hcs-proxy-type: 0
X-CCDN-CacheTTL: 2592000
|
| sqdownd.onlinedown.net/down/chilunzc5.7.exe | 120.52.95.249 | 403 Forbidden | 263 B |
URL User Request GET HTTP/1.1sqdownd.onlinedown.net/down/chilunzc5.7.exe IP120.52.95.249:80 ASN#133119 China Unicom IP network
File typeXML 1.0 document text\012- XML document, ASCII text, with no line terminators Hash22540fd394aad75b5dce12f50dcc3aa5 8848928c6dedacce24f450b1fd4571556ff94a39 5d0a24ba30cdd57cc685adc163541ba622279fa24b95fdde8fbd7502c3a330ca
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | |
GET /down/chilunzc5.7.exe HTTP/1.1
Host: sqdownd.onlinedown.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sun, 14 May 2023 03:24:48 GMT
Content-Type: application/xml
Content-Length: 263
Connection: keep-alive
Server: openresty
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
CloudServiceDiscount: CDN
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSavARRJlbqshB7b/voZp/68LeCHvqQF
x-amz-request-id: 00000188184A14E99058AB109836E056
x-reserved-indicator: 361
X-CCDN-Origin-Time: 144
Age: 1
via: CHN-HElangfang-AREACUCC1-CACHE4[156],CHN-HElangfang-AREACUCC1-CACHE26[154,TCP_MISS,155],CHN-TJ-GLOBAL1-CACHE13[149],CHN-TJ-GLOBAL1-CACHE79[144,TCP_MISS,146]
x-hcs-proxy-type: 0
X-CCDN-CacheTTL: 2592000
|
| sqdownd.onlinedown.net/favicon.ico | 121.17.124.126 | 403 Forbidden | 263 B |
URL GET HTTP/1.1sqdownd.onlinedown.net/favicon.ico IP121.17.124.126:80 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://sqdownd.onlinedown.net/down/chilunzc5.7.exe
File typeXML 1.0 document text\012- XML document, ASCII text, with no line terminators Hashd42701402bfdaa6f6c73b504c90e83ae f858b1a9236ff6bc6eacb209a93885cca66860d6 2c5c67d6a0f12466096fc9f0fbf7d8695d611524fc3dd05a8a53ae9dd92fe4b7
GET /favicon.ico HTTP/1.1
Host: sqdownd.onlinedown.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sqdownd.onlinedown.net/down/chilunzc5.7.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sun, 14 May 2023 03:24:48 GMT
Content-Type: application/xml
Content-Length: 263
Connection: keep-alive
Server: openresty
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
CloudServiceDiscount: CDN
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSntyUtfcu9LX7t4GS1EjNLMt/urtGV8
x-amz-request-id: 00000188184A173B90075BA5165A9254
x-reserved-indicator: 361
X-CCDN-Origin-Time: 115
Age: 1
via: CHN-HEhengshui-AREACUCC3-CACHE7[138],CHN-HEhengshui-AREACUCC3-CACHE15[134,TCP_MISS,136],CHN-TJ-GLOBAL1-CACHE30[123],CHN-TJ-GLOBAL1-CACHE15[115,TCP_MISS,119]
x-hcs-proxy-type: 0
X-CCDN-CacheTTL: 86400
|