passwordrecoverytools.com/store/AccentZPR_23.03_x64.msi
104.21.41.13200 OK 8.8 MB URL User Request GET HTTP/3 passwordrecoverytools.com/store/AccentZPR_23.03_x64.msi
IP 104.21.41.13:443
Certificate IssuerLet's Encrypt
Subjectpasswordrecoverytools.com
Fingerprint04:FB:61:57:8E:2B:C7:AC:65:20:B9:2A:1C:AD:08:AC:54:34:DB:C1
ValiditySat, 13 Apr 2024 22:55:21 GMT - Fri, 12 Jul 2024 22:55:20 GMT
File type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Accent ZIP Password Recovery, Author: Passcovery Co. Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install Accent ZIP Password Recovery., Template: x64;1033, Revision Number: {9C7CC0D0-717B-4958-8C45-ECF6B72A2430}, Create Time/Date: Thu Mar 2 10:04:30 2023, Last Saved Time/Date: Thu Mar 2 10:04:30 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Size 8.8 MB (8847360 bytes)
Hash 01e93f07e3bea6fae40342bb4566eb1b
bb6a27467495c1d124710825e208470dc16051c9
8948bee02eff90b2b34538ef426c79e8fa1fa859c354bfc48becb293e5c80b40
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
GET /store/AccentZPR_23.03_x64.msi HTTP/1.1
Host: passwordrecoverytools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 16:03:59 GMT
content-type: application/octet-stream
content-length: 8847360
last-modified: Thu, 02 Mar 2023 10:04:44 GMT
etag: "870000-5f5e7f539a700"
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: origin
permissions-policy: accelerometer=()
content-security-policy: default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.google.com *.yandex.ru *.yandex.md *.webvisor.org *.sharethis.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.informer.com; font-src 'self' *.gstatic.com *.googleapis.com *.uptolike.com; img-src 'self' data: http: *.google.com *.webvisor.org *.yandex.ru *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.yandex.ru *.webvisor.org *.sharethis.com *.jsdelivr.net *.uptolike.com yastatic.net *.googleapis.com; child-src blob: *.yandex.ru; frame-src blob: *.youtube.com *.yandex.ru *.yandex.md
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EgKn%2FXvvzgsvWlz0rLIsjdpUqy2OBnRq%2BIwi%2FTEkfawNA2RSF7Oh32B8dDy9Nrwk8vMiXTt5Kbwm3EbY5NX%2FHma4u1oKUXlH6%2FrYi1jyg31h5mP6vA7mPLviHu3%2B9gBeJNnLBUe2w4uFFUlJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e20b58e340b69-OSL
alt-svc: h3=":443"; ma=86400
passwordrecoverytools.com/store/accentzpr64_setup.exe
104.21.41.13302 Found 8.8 MB URL User Request GET HTTP/2 passwordrecoverytools.com/store/accentzpr64_setup.exe
IP 104.21.41.13:443
Certificate IssuerLet's Encrypt
Subjectpasswordrecoverytools.com
Fingerprint04:FB:61:57:8E:2B:C7:AC:65:20:B9:2A:1C:AD:08:AC:54:34:DB:C1
ValiditySat, 13 Apr 2024 22:55:21 GMT - Fri, 12 Jul 2024 22:55:20 GMT
Size 8.8 MB (8847360 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
GET /store/accentzpr64_setup.exe HTTP/1.1
Host: passwordrecoverytools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 19 Apr 2024 16:03:58 GMT
content-type: text/html; charset=iso-8859-1
location: https://passwordrecoverytools.com/tmplt/download.asp?softname=accentzpr64
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: origin
permissions-policy: accelerometer=()
content-security-policy: default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.google.com *.yandex.ru *.yandex.md *.webvisor.org *.sharethis.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.informer.com; font-src 'self' *.gstatic.com *.googleapis.com *.uptolike.com; img-src 'self' data: http: *.google.com *.webvisor.org *.yandex.ru *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.yandex.ru *.webvisor.org *.sharethis.com *.jsdelivr.net *.uptolike.com yastatic.net *.googleapis.com; child-src blob: *.yandex.ru; frame-src blob: *.youtube.com *.yandex.ru *.yandex.md
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZVhAfdmyHM8Dp%2B8oyoO%2F42m%2BJxYzZpfkvOSwNlycMgOq36ogc%2FpOZXdw6CO0h%2FZZQlBFQTZZyUpiZDXxlAT8Rjnl3kDT08tBVTZcZxH2HuEEWzZdlSLMcXqGh1vp4e8BIy5Saxsw9NEF6Db9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e20af8db4b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
passwordrecoverytools.com/tmplt/download.asp?softname=accentzpr64
104.21.41.13302 Found 8.8 MB URL User Request GET HTTP/2 passwordrecoverytools.com/tmplt/download.asp?softname=accentzpr64
IP 104.21.41.13:443
Certificate IssuerLet's Encrypt
Subjectpasswordrecoverytools.com
Fingerprint04:FB:61:57:8E:2B:C7:AC:65:20:B9:2A:1C:AD:08:AC:54:34:DB:C1
ValiditySat, 13 Apr 2024 22:55:21 GMT - Fri, 12 Jul 2024 22:55:20 GMT
Size 8.8 MB (8847360 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
GET /tmplt/download.asp?softname=accentzpr64 HTTP/1.1
Host: passwordrecoverytools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 19 Apr 2024 16:03:58 GMT
content-type: text/html; charset=UTF-8
location: /store/AccentZPR_23.03_x64.msi
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: origin
permissions-policy: accelerometer=()
content-security-policy: default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.google.com *.yandex.ru *.yandex.md *.webvisor.org *.sharethis.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.informer.com; font-src 'self' *.gstatic.com *.googleapis.com *.uptolike.com; img-src 'self' data: http: *.google.com *.webvisor.org *.yandex.ru *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.yandex.ru *.webvisor.org *.sharethis.com *.jsdelivr.net *.uptolike.com yastatic.net *.googleapis.com; child-src blob: *.yandex.ru; frame-src blob: *.youtube.com *.yandex.ru *.yandex.md
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRp96PrPjthnhzXOPFliGnL3LZX08qxs0H2es75gGLPuYspTjq6Vr86xuHGuxhUoLK1TvrxarkwFVULFbUCsU00xhZwA7OE%2FBRu0KJksA%2FCcsBaj6w8A4I5iDKpDXCBKvCgxenyD9TDA7PeU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e20b278bdb512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2