| ocsp2.globalsign.com/gsextendvalsha2g3r3 |  104.18.21.226 | | 1.4 kB |
URL ocsp2.globalsign.com/gsextendvalsha2g3r3 IP104.18.21.226:0
Hash24c2e8c31b4a5019c0620e4a24334874 97318f0e97f9a48a142821b7f17a3b168fcdde01 2f0dc2f791cf6c7a0b04b3d6a6375ebae7f7ae7a1c31c5d9fcf1d63a41a0dde6
POST /gsextendvalsha2g3r3 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 11 Jun 2024 12:02:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1444
Connection: keep-alive
Expires: Sat, 15 Jun 2024 12:01:57 GMT
ETag: "97318f0e97f9a48a142821b7f17a3b168fcdde01"
Last-Modified: Tue, 11 Jun 2024 12:01:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 6
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89217337bade929e-CPH
|
| GET www.universalmechanism.com/download/swtoumaddin.exe |  95.181.164.192 | 200 OK | 1.6 MB |
URL User Request GET HTTP/1.1www.universalmechanism.com/download/swtoumaddin.exe IP95.181.164.192:443
CertificateIssuerGlobalSign nv-sa Subjectwww.universalmechanism.com FingerprintDB:9D:2D:3E:EE:A0:C6:55:B2:70:2D:E1:07:56:39:CE:9B:66:81:51 ValidityMon, 12 Feb 2024 14:34:20 GMT - Sat, 15 Mar 2025 14:34:19 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 10 sections Size1.6 MB (1552472 bytes) Hash82d249da9005d5de19e96c1b58058670 1f9150d97ca1fbb93ee7b3421f2bc72c6b53215a 7acf5c6b475e64bf1acdeef623c1a9d427390e86624d5e4496549ed9492aaa9c
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | suspicious | |
GET /download/swtoumaddin.exe HTTP/1.1
Host: www.universalmechanism.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 11 Jun 2024 12:02:04 GMT
Content-Type: application/octet-stream
Content-Length: 1552472
Last-Modified: Fri, 18 Mar 2022 05:35:52 GMT
Connection: keep-alive
ETag: "62341a38-17b058"
Accept-Ranges: bytes
|