IP104.18.14.101:0
Hasha369121ce1c5e54ebcad72001f1ee012 c80c5c89963d2b7b733a4a9ca93fdd704aac73f0 631d7f2ca0de67e8b1b1f75ccdddf054c4c715d4ab845b3415879bd9187a5d5c
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 06:56:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 31 May 2023 06:27:50 GMT
Expires: Wed, 07 Jun 2023 06:27:49 GMT
Etag: "c80c5c89963d2b7b733a4a9ca93fdd704aac73f0"
Cache-Control: max-age=429678,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0dcbf9edb6b4f4-OSL
|
IP104.18.14.101:0
Hasha369121ce1c5e54ebcad72001f1ee012 c80c5c89963d2b7b733a4a9ca93fdd704aac73f0 631d7f2ca0de67e8b1b1f75ccdddf054c4c715d4ab845b3415879bd9187a5d5c
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 06:56:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 31 May 2023 06:27:50 GMT
Expires: Wed, 07 Jun 2023 06:27:49 GMT
Etag: "c80c5c89963d2b7b733a4a9ca93fdd704aac73f0"
Cache-Control: max-age=429678,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0dcbfb78a0b505-OSL
|
| www.univ21.net/update/image_server/OmrScanImageServer.exe | 211.233.62.61 | | 1.3 MB |
URL User Request GET www.univ21.net/update/image_server/OmrScanImageServer.exe IP211.233.62.61:0 ASN#3786 LG DACOM Corporation
File typePE32 executable (GUI) Intel 80386, for MS Windows\012- data Size1.3 MB (1306112 bytes) Hash14542f033bcb2585da809ff45bb62914 532c0676179cad7efa6c3cbe9303a04c78451332 d8241b498a059fb787ba45d965d07fd76f8317c52b9bd1838593af949c32ff96
Analyzer | Verdict | Alert | VirusTotal | 4/67 | |
NIDS | Severity | Alert | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP |
GET /update/image_server/OmrScanImageServer.exe HTTP/1.1
Host: www.univ21.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 06:56:04 GMT
Server: Apache/2.0.53 (FreeBSD) mod_deflate
Last-Modified: Thu, 20 Nov 2014 04:43:54 GMT
ETag: "452c001-13ee00-50842f9b7f680"
Accept-Ranges: bytes
Content-Length: 1306112
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
|