www.ddtools.top/handdiy_4.exe
188.114.96.1200 OK 1.8 kB URL User Request GET HTTP/1.1 www.ddtools.top/handdiy_4.exe
IP 188.114.96.1:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (394)
Hash aed88d566417c9fbc7b2ed22f4fc33e3
94b1917cf61ad3c856361a1a7e80e4c6c84ddcc2
9fd50ffe27c0d633bc98e56bec7ccd35679eb0c49548c8f8c62fce66626100fe
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
suricata medium ET INFO HTTP Request to a *.top domain
GET /handdiy_4.exe HTTP/1.1
Host: www.ddtools.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 11 May 2023 08:56:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UN6cdLmEbZQinazGy0Box7SH5UohmmjxDpaJlO83az5f3C7uVHJL1LBl%2Bt%2BogGmGPg2fjq8M9wngTjZI4PsJxV13U91f%2FOpDk0iXQJuQwvxO%2B522q27Uu10mO0v5eVHtXTI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5935b6cfd30b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.ddtools.top/cdn-cgi/styles/cf.errors.css
188.114.96.1200 OK 4.5 kB URL GET HTTP/1.1 www.ddtools.top/cdn-cgi/styles/cf.errors.css
IP 188.114.96.1:80
Requested by http://www.ddtools.top/handdiy_4.exe
File type ASCII text, with very long lines (24131)
Hash a1cedc21f16b5a97114857154fab35e9
95e9890a15a4f7f94f7f19d2c297e4b07503c526
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: www.ddtools.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ddtools.top/handdiy_4.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 11 May 2023 08:56:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 28 Apr 2023 14:11:18 GMT
ETag: W/"644bd406-5e44"
Server: cloudflare
CF-RAY: 7c5935b859920b02-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 11 May 2023 10:56:38 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
www.ddtools.top/cdn-cgi/images/icon-exclamation.png?1376755637
188.114.96.1200 OK 452 B URL GET HTTP/1.1 www.ddtools.top/cdn-cgi/images/icon-exclamation.png?1376755637
IP 188.114.96.1:80
Requested by http://www.ddtools.top/handdiy_4.exe
File type PNG image data, 54 x 54, 8-bit colormap, non-interlaced\012- data
Hash c33de66281e933259772399d10a6afe8
b9f9d500f8814381451011d4dcf59cd2d90ad94f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: www.ddtools.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ddtools.top/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 11 May 2023 08:56:38 GMT
Content-Type: image/png
Content-Length: 452
Connection: keep-alive
Last-Modified: Fri, 28 Apr 2023 14:11:18 GMT
ETag: "644bd406-1c4"
Server: cloudflare
CF-RAY: 7c5935b899f60b02-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 11 May 2023 10:56:38 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
www.ddtools.top/favicon.ico
188.114.96.1200 OK 34 B URL GET HTTP/1.1 www.ddtools.top/favicon.ico
IP 188.114.96.1:80
Requested by http://www.ddtools.top/handdiy_4.exe
File type ASCII text, with no line terminators
Hash 94fd23a85fa54f9c4282f8ca2e923d92
410213903b0de902ae99b161f1a182eff468ab47
196be44284c3912bd2f73a1833cf624f8816e9860af4fbf8b519634a7af6f490
GET /favicon.ico HTTP/1.1
Host: www.ddtools.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ddtools.top/handdiy_4.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 11 May 2023 08:56:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Thu, 11 May 2023 08:56:38 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F54vjezcN8ewZYvluRP4mrxx8lZWWGORmrAnUuGsyOWKrYTAPMkA0%2BPNNZBw3kZeDZ3nyhuW%2Bzryke6o4i0ZAvKKLrxJ0%2FMxN0dR47E5pYEyBzoU7lhywZiVfDLkwbutqRI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5935b8ba1b0b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.ddtools.top/handdiy4/handdiy_4.exe
188.114.96.1302 Found 4.4 kB URL User Request GET HTTP/2 www.ddtools.top/handdiy4/handdiy_4.exe
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectddtools.top
Fingerprint70:EB:DD:BC:5A:C3:5A:2C:0B:66:6E:9B:CD:52:5C:0E:D8:DD:87:A9
ValiditySun, 07 May 2023 05:58:32 GMT - Sat, 05 Aug 2023 05:58:31 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /handdiy4/handdiy_4.exe HTTP/1.1
Host: www.ddtools.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 11 May 2023 08:56:38 GMT
content-type: text/html; charset=UTF-8
location: http://www.ddtools.top/handdiy_4.exe
x-powered-by: PHP/5.6.40
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oO4OpSSI2YF6UQEPEK6CFQ5BznABprYcBSznwpemMk3VDCOAKV0GQ3W%2BN6N1Ms7aogYsc6WSXeCsvpMgxlzmfcvjzsKdw3r2rgoCmF85JcgxBoxhqKPdvMiJdpB3VeapsGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c5935b46e09b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2