IP104.18.14.101:0
Hash4ab9cc980c1437dd4eebc14ed0b60064 db33181ef1f5ca9f858d7752765096d553ef4f2d 0cd8a5a85884d0625de7fcec7d974bb1fb75446f9e7a43d9adca0f31f4cf0db4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Jun 2023 06:54:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Jun 2023 22:08:35 GMT
Expires: Wed, 14 Jun 2023 22:08:34 GMT
Etag: "db33181ef1f5ca9f858d7752765096d553ef4f2d"
Cache-Control: max-age=486255,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d4776642be41c02-OSL
|
| njgcsx.cn/images/logos/cs.exe | 23.224.15.100 | | 162 B |
URL User Request GET njgcsx.cn/images/logos/cs.exe IP23.224.15.100:0
CertificateIssuerSectigo Limited Subjectnjgcsx.cn FingerprintA0:50:A3:AB:94:40:7D:09:49:5D:36:79:83:D4:3B:73:53:93:E1:12 ValiditySun, 27 Nov 2022 00:00:00 GMT - Mon, 27 Nov 2023 23:59:59 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
NIDS | Severity | Alert | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /images/logos/cs.exe HTTP/1.1
Host: njgcsx.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 09 Jun 2023 06:54:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://njgcsx.cn/images/logos/cs.exe
Strict-Transport-Security: max-age=31536000
|