| yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe | 188.114.97.1 | 521 No Reason Phrase | 6.8 kB |
URL User Request GET HTTP/2yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectyukn8896103.vip Fingerprint9A:0D:06:93:0C:36:2F:92:0D:01:38:FE:F4:D9:19:32:74:16:49:95 ValidityMon, 25 Mar 2024 04:56:38 GMT - Sun, 23 Jun 2024 04:56:37 GMT
File typeHTML document, ASCII text, with very long lines (394) Hash43480a0b9af9f760b30ee6c3a2544df9 8f4d08a37368794016dd7889f760533b3248ee04 28d1d444b97c21b3e84ee13511aaddaf6be7e89c9909636c1eabf2723b5900ec
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | low | ET INFO EXE - Served Attached HTTP |
GET /setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe HTTP/1.1
Host: yukn8896103.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 521 No Reason Phrase
date: Thu, 18 Apr 2024 14:40:26 GMT
content-type: text/html; charset=UTF-8
content-length: 6827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9jqd78Ct9QJCxj6TeBBS0SEXQmoru7SfB3%2BQBphJPHofcebh%2FfRz1cIKPQF%2F1PB0U7uMwntfhHlAU0PgV1Usc3T47CmCW5UpKK1oupP2vqWAOWKTowul7SeD8HGSdLAG26w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 876568f6a8e71c16-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe | 188.114.97.1 | 521 No Reason Phrase | 22 MB |
URL User Request GET HTTP/2yukn8896103.vip/setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectyukn8896103.vip Fingerprint9A:0D:06:93:0C:36:2F:92:0D:01:38:FE:F4:D9:19:32:74:16:49:95 ValidityMon, 25 Mar 2024 04:56:38 GMT - Sun, 23 Jun 2024 04:56:37 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections Size22 MB (22186752 bytes) Hashe61097ca937c6f975d010d40ce468764 af508457adfa3da690c5c655f2007064d9549d44 52dfb4dc39dfc562eb6811836737dddc9f248ebe047acf92424ab05583c109e1
Analyzer | Verdict | Alert | VirusTotal | malicious | |
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | low | ET INFO EXE - Served Attached HTTP |
GET /setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe HTTP/1.1
Host: yukn8896103.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 14:40:28 GMT
Content-Type: application/octet-stream
Content-Length: 22186752
Connection: keep-alive
ETag: 7a79ede93fa2ef67b8cac5f2a27ba6fc
Last-Modified: Thu, 18 Apr 2024 02:13:01 GMT
Content-Disposition: attachment; filename*=UTF-8''setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe; filename=setup-%E9%80%9A%E7%94%A8%E7%89%886052.exe
CF-Cache-Status: BYPASS
Set-Cookie: HFS_SID_=P6xyOx4r5kAAAADSS8HZPw; path=/; HttpOnly
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9U1FTVslC2C26ovQP84jFSazv6E0%2FSpSmyKd9flgP6fZEY5h1xsJj7MR8xhbEm1a43uPmXevrswPBThcD5%2FikKm7%2B2uj01oSG8KoM%2FU2dl6tWb3%2FVP%2B3keDSI2dqW72s8k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876568f8f9a356c9-OSL
alt-svc: h2=":443"; ma=60
|