IP 104.18.14.101:0
Hash 2c69d7872d4e7d54b99a141adbae9386
2fa70889ed1a1e5854508a9b1a86414035ca1c50
c8ab7270a04a15c147ba80636c804c807d0f37996b1532ec6fe21b60c1ccb605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 May 2023 14:09:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 25 May 2023 07:53:15 GMT
Expires: Thu, 01 Jun 2023 07:53:14 GMT
Etag: "2fa70889ed1a1e5854508a9b1a86414035ca1c50"
Cache-Control: max-age=495199,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cd6993d5f620b02-OSL
app.kiwidisk.com/setup.exe
42.99.129.238200 OK 217 B URL User Request GET HTTP/1.1 app.kiwidisk.com/setup.exe
IP 42.99.129.238:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6c1691a516d8e122e8732c7a01c150d3
7e554d7cfa1ca252c8eb7f0fee143a9f43584f42
abe0b9d0c60ed31dcccd056f2e8010b0bce9c851340528ca09d37553e32f4fa6
NIDS Severity Alert suricata high ET POLICY PE EXE or DLL Windows file download HTTP
GET /setup.exe HTTP/1.1
Host: app.kiwidisk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 26 May 2023 14:09:55 GMT
Server: Apache/2.2.15 (CentOS)
Location: http://app.kiwidisk.com/setup.exe
Content-Length: 217
Keep-Alive: timeout=10, max=3072
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
app.kiwidisk.com/setup.exe
42.99.129.238200 OK 5.7 MB URL User Request GET HTTP/1.1 app.kiwidisk.com/setup.exe
IP 42.99.129.238:80
File type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\012- data
Size 5.7 MB (5723904 bytes)
Hash 41b195535119815b766bf443b2b905dd
6db3575c8c62d284d7564ab3424603fe506b7add
ca4980c9c7c9c35534bbf89c795c8dc67d564b8fa23c6054d8258c71eee86505
Analyzer Verdict Alert VirusTotal 2/67
NIDS Severity Alert suricata high ET POLICY PE EXE or DLL Windows file download HTTP
GET /setup.exe HTTP/1.1
Host: app.kiwidisk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 May 2023 14:09:55 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 28 Sep 2021 01:54:29 GMT
ETag: "421e2a-575700-5cd047e795f40"
Accept-Ranges: bytes
Content-Length: 5723904
Keep-Alive: timeout=10, max=3072
Connection: Keep-Alive
Content-Type: application/octet-stream