| GET projex.zip/cdn/ProjectXPlayerLauncher.exe |  188.114.97.1 | 301 Moved Permanently | 167 B |
URL User Request GET HTTP/2projex.zip/cdn/ProjectXPlayerLauncher.exe IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectprojex.zip Fingerprint74:F8:45:60:32:B0:D0:C8:36:47:1C:CB:C3:55:E1:B2:70:8F:A2:1B ValidityMon, 11 Mar 2024 18:29:26 GMT - Sun, 09 Jun 2024 18:29:25 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
GET /cdn/ProjectXPlayerLauncher.exe HTTP/1.1
Host: projex.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Mon, 29 Apr 2024 14:54:40 GMT
content-type: text/html
content-length: 167
location: http://www.projex.zip/cdn/ProjectXPlayerLauncher.exe
cache-control: max-age=3600
expires: Mon, 29 Apr 2024 15:54:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixKVxNg8%2FR3p3nO2sNCpu6JvwPSOGo7D3lkq6fBLpEkjWAzljPenRpw3TYFayWL4Y%2F219MLvd6Tjnh2FkyZHhjiQn1wLjkCVAkbUMRXmV8hsR7fnEXhnGl3vz0W6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87c020ed5ed5b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| GET www.projex.zip/cdn/ProjectXPlayerLauncher.exe | 188.114.96.1 | 200 OK | 894 kB |
URL User Request GET HTTP/1.1www.projex.zip/cdn/ProjectXPlayerLauncher.exe IP188.114.96.1:80
File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections Size894 kB (894288 bytes) Hash59728bdc1c21befe5f75978199714d39 07b2ad79ea99103f1c2b63c8f0e2f0914b00aa56 6fd40d0c186858b2c58dca73d2e78d5114d7e37c100b5c4abb4b5496f26fc063
| Analyzer | Verdict | Alert |
|---|
| YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe | | VirusTotal | malicious | |
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP |
GET /cdn/ProjectXPlayerLauncher.exe HTTP/1.1
Host: www.projex.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 29 Apr 2024 14:54:40 GMT
Content-Type: application/octet-stream
Content-Length: 894288
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 23:01:39 GMT
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; img-src 'self' data:; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://projex.zip http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com https://challenges.cloudflare.com/* http://web.archive.org https://*.archive.org https://web.archive.org/* https://*.hcaptcha.com; style-src 'unsafe-inline' 'self' http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css ; font-src 'self' fonts.gstatic.com; connect-src 'self' https://*.projex.zip wss://*.projex.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/*; worker-src 'self';
x-timing: AppGuard=0,a=0,ua=0,c=0
CF-Cache-Status: HIT
Age: 4376
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nM6LQ287JFlS1KvyfX%2FZ4Xstp59683jKgsP489CIGLaGLTDYcK1H2GvGSHZ%2FEBmc7i4xW%2BRmpd1gjTbbohKyMJiVEAXcMPLLBOQSfrr3VPDheYG4PXTtJvro69l%2BzOrKXw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c020edef5c0b45-OSL
alt-svc: h2=":443"; ma=60
|