| tmpfiles.org/dl/5670992/andromeda-663bb32b7ecf3-xclient.exe.txt | 104.21.21.16 | 200 OK | 48 kB |
URL User Request GET HTTP/2tmpfiles.org/dl/5670992/andromeda-663bb32b7ecf3-xclient.exe.txt IP104.21.21.16:443
CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeASCII text, with very long lines (48472), with no line terminators Hashae31f8a3207c598967848b78eed1f724 a6fb844b82a265905fb00e91d578169b6f85efb1 6195ec29080a7d7cfcd4d4047052ee2931f9a6e681b2a09ba864db5029967985
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - Base64 encoded file | Quad9 DNS | malicious | Sinkholed |
GET /dl/5670992/andromeda-663bb32b7ecf3-xclient.exe.txt HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:33:34 GMT
content-type: text/plain; charset=UTF-8
content-disposition: inline; filename=andromeda-663bb32b7ecf3-xclient.exe.txt
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjBXeG5mSUY2Q05uaW56RmRZR1JLZmc9PSIsInZhbHVlIjoiREhaTzdxODNNU0lVcENNZUNSNiswbFp0aWh0NW82T2IwNHpxMHB5blZ5bUpkMXQvMW5VSXNHZEFKTGZ0UEdrbGx3clFzdmlzK3lVTlcwek05T1cwUUp6bUNJVUNIRklOMGZqT3I4Y1NDUG5GamdlaDZJZGVNZjdBTjRXbmR0UFYiLCJtYWMiOiJmZTE4ZmJmNDA4YjVhMzVkNmZiZTJmMDA1NTJkMGY2NGQzMTRkNDIyYzNjYTRmNzllYzNkNWU5MTBiZjJjYjJlIn0%3D; expires=Wed, 08-May-2024 19:33:34 GMT; Max-Age=7200; path=/; samesite=lax
tmpfiles_session=eyJpdiI6IjVYNkdRWk1UQVRISDRseXlTNWVBY3c9PSIsInZhbHVlIjoiVTdGcW5DY3Nmd29ISVlFZEgvUDRKSnp1OGdGSysrdjM4SzdlQ2oweG9lSlA4TFVRNWJnR1N3RHJnOWZNc3pPZ1ZaUGY2RGVSQlRMZzB6L3pxenoxNHZvOXlPZGFWY3V6dHJVOG5jaUN4Ump6UXZubUh2alh1VWJDY2J0UlNRNFEiLCJtYWMiOiIyOTUxN2IxODQwZWYwZmFhYzgxZjhmODQ4ZTkzZmM0M2M1ZDc4NzYzNmY1MzYxNjRhZDQyZTVjZDc1OTA4YTg3In0%3D; expires=Wed, 08-May-2024 19:33:34 GMT; Max-Age=7200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xN4XDcPHnxj%2FSNRe2t5gIlIPzIsIurcYIotOpz1%2FodYjDUwjN8LqTA42iUkahS5WgIfCYj305mZPofPEVzQw3%2F%2FYcehHnPsWeyyyHFoUVSgzOO3R5%2BS2tly%2FZDdnTzY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b32150d4b1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
IP104.21.21.16:443
Requested byhttps://tmpfiles.org/dl/5670992/andromeda-663bb32b7ecf3-xclient.exe.txt CertificateIssuerLet's Encrypt Subjecttmpfiles.org FingerprintE0:4F:08:69:83:B8:6E:53:52:25:B2:01:05:CA:CA:AA:17:BE:FE:42 ValiditySat, 30 Mar 2024 08:25:37 GMT - Fri, 28 Jun 2024 08:25:36 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash641276e2d4d0995c8262223f1fdda3d2 4f3f8f324f842e21d6921fffef2be2370cba9c49 5c039a5032f66daf0ad7ccaf04589686dfcc0b580113c1c6a9cff06ed4ce676d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: tmpfiles.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmpfiles.org/dl/5670992/andromeda-663bb32b7ecf3-xclient.exe.txt
Cookie: XSRF-TOKEN=eyJpdiI6IjBXeG5mSUY2Q05uaW56RmRZR1JLZmc9PSIsInZhbHVlIjoiREhaTzdxODNNU0lVcENNZUNSNiswbFp0aWh0NW82T2IwNHpxMHB5blZ5bUpkMXQvMW5VSXNHZEFKTGZ0UEdrbGx3clFzdmlzK3lVTlcwek05T1cwUUp6bUNJVUNIRklOMGZqT3I4Y1NDUG5GamdlaDZJZGVNZjdBTjRXbmR0UFYiLCJtYWMiOiJmZTE4ZmJmNDA4YjVhMzVkNmZiZTJmMDA1NTJkMGY2NGQzMTRkNDIyYzNjYTRmNzllYzNkNWU5MTBiZjJjYjJlIn0%3D; tmpfiles_session=eyJpdiI6IjVYNkdRWk1UQVRISDRseXlTNWVBY3c9PSIsInZhbHVlIjoiVTdGcW5DY3Nmd29ISVlFZEgvUDRKSnp1OGdGSysrdjM4SzdlQ2oweG9lSlA4TFVRNWJnR1N3RHJnOWZNc3pPZ1ZaUGY2RGVSQlRMZzB6L3pxenoxNHZvOXlPZGFWY3V6dHJVOG5jaUN4Ump6UXZubUh2alh1VWJDY2J0UlNRNFEiLCJtYWMiOiIyOTUxN2IxODQwZWYwZmFhYzgxZjhmODQ4ZTkzZmM0M2M1ZDc4NzYzNmY1MzYxNjRhZDQyZTVjZDc1OTA4YTg3In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 17:33:35 GMT
content-type: image/x-icon
last-modified: Fri, 10 Feb 2017 21:01:32 GMT
etag: W/"589e2a2c-47e"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81ktsUUOxHQDDPaF2sT7EvIOxWUTFDTXjWoC99uB0yC7x5ZwVmlcnlFEGm4KJmd1t3htxlaVtUjucNSUwhkya3%2FFPfCKXa4nIGHV8caPboEAh0ndTCO8xg82TFQVAFM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b3216cf7b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|