| dl.jisupdftoword.com/jisupdftoword_setup.exe |  39.106.227.135 | 302 Found | 4.3 MB |
URL User Request GET dl.jisupdftoword.com/jisupdftoword_setup.exe IP39.106.227.135:443 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerLet's Encrypt Subjectjisupdftoword.com FingerprintF4:57:F8:25:4F:57:CE:25:68:D5:AA:2C:75:9E:47:DC:FA:09:76:9E ValidityThu, 20 Feb 2025 01:55:50 GMT - Wed, 21 May 2025 01:55:49 GMT
Size4.3 MB (4253776 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jisupdftoword_setup.exe HTTP/1.1
Host: dl.jisupdftoword.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.24.0 (Ubuntu)
date: Mon, 31 Mar 2025 11:50:33 GMT
content-type: text/html; charset=utf-8
content-length: 137
location: https://dlc.jisupdftoword.com/jisupdftoword_setup.exe?auth_key=1743421863-10894-0-cbb0ad84cca751a4c1be87dcf8bcbeed
x-ratelimit-limit: 50
x-ratelimit-remaining: 49
x-ratelimit-reset: 1743508233
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
| dlc.jisupdftoword.com/jisupdftoword_setup.exe?auth_key=1743421863-10894-0-cbb0ad84cca751a4c1be87dcf8bcbeed | 61.160.192.101 | 200 OK | 4.3 MB |
URL User Request GET dlc.jisupdftoword.com/jisupdftoword_setup.exe?auth_key=1743421863-10894-0-cbb0ad84cca751a4c1be87dcf8bcbeed IP61.160.192.101:443 ASN#140293 CHINATELECOM Jiangsu province Changzhou 5G network
CertificateIssuerLet's Encrypt Subject*.jisuimg.com Fingerprint6B:AC:43:D7:67:93:70:88:CD:09:00:2D:F2:9D:63:C2:6B:DB:F6:58 ValidityTue, 25 Feb 2025 01:50:12 GMT - Mon, 26 May 2025 01:50:11 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections Size4.3 MB (4253776 bytes) Hashc1513ef0866cc0fe874a6b83ac7d84e8 2dbe976326c46936dd082bf47415275a230f8bab 3169216f1c8d44d84636f36655c470095db4019c29a2b71db059d89970439e9c
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | Detect files is `SliverFox` malware | | VirusTotal | suspicious | |
GET /jisupdftoword_setup.exe?auth_key=1743421863-10894-0-cbb0ad84cca751a4c1be87dcf8bcbeed HTTP/1.1
Host: dlc.jisupdftoword.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/x-msdownload
Content-Length: 4253776
Connection: keep-alive
Date: Mon, 03 Mar 2025 08:52:43 GMT
x-oss-request-id: 67C56DDB1253C53532081300
x-oss-cdn-auth: success
Accept-Ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
ETag: "C1513EF0866CC0FE874A6B83AC7D84E8"
Last-Modified: Mon, 11 Jan 2021 01:40:26 GMT
x-oss-hash-crc64ecma: 15202422966232552343
Content-MD5: wVE+8IZswP6HSmuDrH2E6A==
x-oss-server-time: 285
Via: cache39.l2cn3022[0,0,200-0,H], cache26.l2cn3022[2,0], kunlun1.cn6425[0,0,200-0,H], kunlun10.cn6425[3,0]
Age: 2429871
Ali-Swift-Global-Savetime: 1740991963
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Tue, 25 Mar 2025 03:30:54 GMT
X-Swift-CacheTime: 710509
Timing-Allow-Origin: *
EagleId: 3da0c01417434218349064780e
|