| GET kilojagger.com/1fab274585bed550455c587b5a18bd92/7725eaa6592c80f8124e769b4e8a07f7.exe |  188.114.96.1 | 200 OK | 4.4 MB |
URL User Request GET HTTP/2kilojagger.com/1fab274585bed550455c587b5a18bd92/7725eaa6592c80f8124e769b4e8a07f7.exe IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectkilojagger.com FingerprintE7:14:A2:EC:22:BA:03:FD:01:3E:1E:33:B9:6F:3B:BE:66:37:18:9A ValidityFri, 15 Mar 2024 07:24:41 GMT - Thu, 13 Jun 2024 07:24:40 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections Size4.4 MB (4353416 bytes) Hash20e08907e0cece374b2da1335129af5a b704840770d168cc44c5daaf052ef0675d4e286d d2e0c24939c7d981722194777d3c79d2fe0eaddb27488bd73df3a5f98525b890
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | malicious | |
GET /1fab274585bed550455c587b5a18bd92/7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1
Host: kilojagger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 30 Mar 2024 15:23:06 GMT
content-type: application/x-ms-dos-executable
content-length: 4353416
last-modified: Sat, 30 Mar 2024 12:05:29 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCxi2XBMJ9ggEVLsI2FUdp3lVEi86LDzOXDTZlCvSSjqbiZOcACOaG%2BYjmhMtIdzq5RCJLZs3ZfuV3srNZJUQTQfmUvYgBj8i%2Bs1vAKuZUqKtL9qAVsY7uvdG70EZ7aKsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86c91953ec83712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| GET cybervincent.com/7725eaa6592c80f8124e769b4e8a07f7.exe |  172.67.185.238 | 307 Temporary Redirect | 3.5 kB |
URL User Request GET HTTP/2cybervincent.com/7725eaa6592c80f8124e769b4e8a07f7.exe IP172.67.185.238:443
CertificateIssuerLet's Encrypt Subjectcybervincent.com FingerprintDE:A9:91:ED:D2:B6:4B:A0:C8:B8:F2:6F:86:3E:96:54:F1:49:19:F9 ValidityFri, 15 Mar 2024 07:35:02 GMT - Thu, 13 Jun 2024 07:35:01 GMT
Hash1eb13647657dba1ff38a485f13561118 812687031f85425517fffbe3856d3ae8fbc97916 e1ce0d15b44c511a2aa211c6f5758f2878fead99331173910724468ffa35e465
GET /7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1
Host: cybervincent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
date: Sat, 30 Mar 2024 15:23:06 GMT
content-type: text/html; charset=utf-8
location: https://kilojagger.com/1fab274585bed550455c587b5a18bd92/7725eaa6592c80f8124e769b4e8a07f7.exe
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kh00uwqaOcWfSBue20t0CODyti00QquVB6MNTCQXkgkpXG7AHoyY3RZMSSJn0JPw45SzBl185%2FkhLwrCri%2BmSol7TmHJM7WvfaYuhMJc7m%2BtWqn6%2FgbUScp2L1Ja0KgPlU0Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86c919532d1fb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|