passwordrecoverytools.com/store/AccentZPR_23.03_x64.msi
172.67.158.217200 OK 8.8 MB URL User Request GET HTTP/3 passwordrecoverytools.com/store/AccentZPR_23.03_x64.msi
IP 172.67.158.217:443
Certificate IssuerLet's Encrypt
Subjectpasswordrecoverytools.com
Fingerprint9A:47:C7:6F:11:CB:E3:EE:93:48:B6:4F:4A:A2:57:29:3F:F3:AE:47
ValidityWed, 14 Feb 2024 23:31:08 GMT - Tue, 14 May 2024 23:31:07 GMT
File type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Accent ZIP Password Recovery, Author: Passcovery Co. Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install Accent ZIP Password Recovery., Template: x64;1033, Revision Number: {9C7CC0D0-717B-4958-8C45-ECF6B72A2430}, Create Time/Date: Thu Mar 2 10:04:30 2023, Last Saved Time/Date: Thu Mar 2 10:04:30 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
Size 8.8 MB (8847360 bytes)
Hash 01e93f07e3bea6fae40342bb4566eb1b
bb6a27467495c1d124710825e208470dc16051c9
8948bee02eff90b2b34538ef426c79e8fa1fa859c354bfc48becb293e5c80b40
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
GET /store/AccentZPR_23.03_x64.msi HTTP/1.1
Host: passwordrecoverytools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 29 Mar 2024 05:33:45 GMT
content-type: application/octet-stream
content-length: 8847360
last-modified: Thu, 02 Mar 2023 10:04:44 GMT
etag: "870000-5f5e7f539a700"
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: origin
permissions-policy: accelerometer=()
content-security-policy: default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.google.com *.yandex.ru *.yandex.md *.webvisor.org *.sharethis.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.informer.com; font-src 'self' *.gstatic.com *.googleapis.com *.uptolike.com; img-src 'self' data: http: *.google.com *.webvisor.org *.yandex.ru *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.yandex.ru *.webvisor.org *.sharethis.com *.jsdelivr.net *.uptolike.com yastatic.net *.googleapis.com; child-src blob: *.yandex.ru; frame-src blob: *.youtube.com *.yandex.ru *.yandex.md
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JpNrE0RnTG7I0Y11djxN%2FQaqVSMqvOCbrPwZUnZ9Rt%2BodG6EYzlXl8COQ2y6P%2FLYktwmaxtcoKbiSV10lzJF3lSkIToLeNHhYm%2B%2BnjULIBlsFAYxtmZlSUmJ5XCiV8dKC%2BLP1Yiap63tajgZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bd7ca2fb78b4f7-OSL
alt-svc: h3=":443"; ma=86400
passwordrecoverytools.com/store/accentzpr64_setup.exe
172.67.158.217302 Found 8.8 MB URL User Request GET HTTP/2 passwordrecoverytools.com/store/accentzpr64_setup.exe
IP 172.67.158.217:443
Certificate IssuerLet's Encrypt
Subjectpasswordrecoverytools.com
Fingerprint9A:47:C7:6F:11:CB:E3:EE:93:48:B6:4F:4A:A2:57:29:3F:F3:AE:47
ValidityWed, 14 Feb 2024 23:31:08 GMT - Tue, 14 May 2024 23:31:07 GMT
Size 8.8 MB (8847360 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
GET /store/accentzpr64_setup.exe HTTP/1.1
Host: passwordrecoverytools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 29 Mar 2024 05:33:44 GMT
content-type: text/html; charset=iso-8859-1
location: https://passwordrecoverytools.com/tmplt/download.asp?softname=accentzpr64
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: origin
permissions-policy: accelerometer=()
content-security-policy: default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.google.com *.yandex.ru *.yandex.md *.webvisor.org *.sharethis.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.informer.com; font-src 'self' *.gstatic.com *.googleapis.com *.uptolike.com; img-src 'self' data: http: *.google.com *.webvisor.org *.yandex.ru *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.yandex.ru *.webvisor.org *.sharethis.com *.jsdelivr.net *.uptolike.com yastatic.net *.googleapis.com; child-src blob: *.yandex.ru; frame-src blob: *.youtube.com *.yandex.ru *.yandex.md
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5IHD%2Fw2ZeHNZeY%2BrgP1r9nCN8CSrMzqzuitIBfvWCuVIlLOO0jgsXwz6l5FHIFuI39vRG6Ht1bY3ihuv5V%2BAG2g%2BZ7LcMF10j1TBWvuy5pdIomKoyAiD8rVMjMnzq9OuvU9tvOHnnIS5Tkc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bd7c9ccacf568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
passwordrecoverytools.com/tmplt/download.asp?softname=accentzpr64
172.67.158.217302 Found 8.8 MB URL User Request GET HTTP/2 passwordrecoverytools.com/tmplt/download.asp?softname=accentzpr64
IP 172.67.158.217:443
Certificate IssuerLet's Encrypt
Subjectpasswordrecoverytools.com
Fingerprint9A:47:C7:6F:11:CB:E3:EE:93:48:B6:4F:4A:A2:57:29:3F:F3:AE:47
ValidityWed, 14 Feb 2024 23:31:08 GMT - Tue, 14 May 2024 23:31:07 GMT
Size 8.8 MB (8847360 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
GET /tmplt/download.asp?softname=accentzpr64 HTTP/1.1
Host: passwordrecoverytools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 29 Mar 2024 05:33:44 GMT
content-type: text/html; charset=UTF-8
location: /store/AccentZPR_23.03_x64.msi
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: origin
permissions-policy: accelerometer=()
content-security-policy: default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.google.com *.yandex.ru *.yandex.md *.webvisor.org *.sharethis.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.informer.com; font-src 'self' *.gstatic.com *.googleapis.com *.uptolike.com; img-src 'self' data: http: *.google.com *.webvisor.org *.yandex.ru *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.yandex.ru *.webvisor.org *.sharethis.com *.jsdelivr.net *.uptolike.com yastatic.net *.googleapis.com; child-src blob: *.yandex.ru; frame-src blob: *.youtube.com *.yandex.ru *.yandex.md
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3zdDfZ8DC2IuzLCKoBjmR9nWTY6BsnQF%2Fzd1EroZJ99xrAjjElmWVa4nKxR6mdF5wxwHyCALZrdVmq1wsJg4Iqmsp4BVV1ht%2F5c%2BPG4dk8Ghl1gduYqC1ZMzBYwHSVwtZ8JZuI8BgOYiJ%2Fe6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bd7c9febfe568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2