| expandera.win/loadergovno.exe | 188.114.96.1 | 200 OK | 18 MB |
URL User Request GET HTTP/2expandera.win/loadergovno.exe IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectexpandera.win Fingerprint30:0C:31:61:B1:3E:58:4D:1C:B3:70:B5:F7:A9:54:86:44:BB:1E:43 ValidityWed, 17 Apr 2024 14:57:29 GMT - Tue, 16 Jul 2024 14:57:28 GMT
File typePE32+ executable (GUI) x86-64, for MS Windows, 9 sections Size18 MB (18227200 bytes) Hashf5a5378d6fe6831dc8c162021b4b0a43 8d82626bab915e667cadf7ab31630fd9f35e219c 7353d3ed2948e647333264c1fbdf2586a47081a0515845a3fabacdd13c5bd60a
Analyzer | Verdict | Alert | VirusTotal | malicious | |
GET /loadergovno.exe HTTP/1.1
Host: expandera.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 Apr 2024 11:04:42 GMT
content-type: application/octet-stream
content-length: 18227200
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "5521107a6dc02759e724e71cab3d86c8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-matched-path: /loadergovno.exe
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2F9PCq3ZTrCB66v5WSjXsu%2FVuYAJsMZdwskU0L2wU1nrUzvnyEtqk515xGQP%2BPtDlHygsSMmpfgCwgLDbbCpZErW49sQTo2vBIO0dOcuIj6CW2aQXChRX28VZHrwvTL%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 878d5fcf5ad856c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|