| zerossl.ocsp.sectigo.com/ |  104.18.15.101 | | 315 B |
URL zerossl.ocsp.sectigo.com/ IP104.18.15.101:0
Hash457c10f1f312acea4160259b1a25cada c265eb9912e2f76bf913eb43fddf599edaf62025 0eb021413c00d377d649784ee54960d76049d21b2d71e0514ceed70f90c8e716
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 04:26:48 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Tue, 03 Oct 2023 23:45:14 GMT
Expires: Tue, 10 Oct 2023 23:45:13 GMT
Etag: "c265eb9912e2f76bf913eb43fddf599edaf62025"
Cache-Control: max-age=587304,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 810aab33880956b1-OSL
|
| clientfile.jijidown.com/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 |  120.55.98.203 | 302 Found | 161 B |
URL User Request GET HTTP/2clientfile.jijidown.com/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 IP120.55.98.203:443 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
CertificateIssuerZeroSSL Subject*.jijidown.com FingerprintCE:18:AD:EF:B1:6E:2A:77:B2:4A:F4:08:9C:20:01:06:E6:EC:19:34 ValiditySun, 06 Aug 2023 00:00:00 GMT - Sat, 04 Nov 2023 23:59:59 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashb25d5e7ec72fe7c181c56fe286b44875 10f16139f7f5e07bd4a2f49ae4c1a407df5578b6 99d6333713dc294a4d960b71cbdecfcd89d57960c2715ceb2b289199b5fe9297
GET /PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 HTTP/1.1
Host: clientfile.jijidown.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.14.2
date: Wed, 04 Oct 2023 04:26:48 GMT
content-type: text/html
content-length: 161
location: http://222.186.139.95:4432/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583
X-Firefox-Spdy: h2
|
| 222.186.139.95:4432/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 | 222.186.139.95 | 200 OK | 1.6 MB |
URL User Request GET HTTP/1.1222.186.139.95:4432/PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 IP222.186.139.95:4432
File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data Size1.6 MB (1565184 bytes) Hash63c6a09fac52fe61d6cf3113b6e2f464 e1ee58cdbe982d61424a18da5242206000bad6e4 f592a5ed1882a7df9bee018c11cfef5b8939897d65fd143a3e1ecd286815b847
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed | | VirusTotal | suspicious | |
GET /PC/WPF/JiJiDown_setup.exe?NvZhuangstatus=13410583 HTTP/1.1
Host: 222.186.139.95:4432
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 04 Oct 2023 04:26:47 GMT
Content-Type: application/octet-stream
Content-Length: 1565184
Last-Modified: Thu, 01 Sep 2022 02:59:20 GMT
Connection: keep-alive
ETag: "63102008-17e200"
Accept-Ranges: bytes
|