2.3 kB URL ocsp.pca.dfn.de/OCSP-Server/OCSP
IP
ASN #680 Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
Hash 97061ee9b5600155a31e4b6a9064f1e3
f22d4507daf4825407975094ff1d23bf953e8ea9
480a5828efd00074fbd636040a5167eaadad7455cfbaa12e7aa9a71689e357af
POST /OCSP-Server/OCSP HTTP/1.1
Host: ocsp.pca.dfn.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 200
Date: Tue, 19 Sep 2023 13:15:45 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 19 Sep 2023 11:08:05 GMT
expires: Tue, 26 Sep 2023 11:08:05 GMT
ETag: f22d4507daf4825407975094ff1d23bf953e8ea9
cache-control: max-age=597139, public, no-transform, must-revalidate
Content-Length: 2309
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/ocsp-response
GET ftp.halifax.rwth-aachen.de/tdf/libreoffice/stable/7.6.1/win/x86/LibreOffice_7.6.1_Win_x86_helppack_ar.msi
200 OK 3.4 MB URL User Request GET HTTP/2 ftp.halifax.rwth-aachen.de/tdf/libreoffice/stable/7.6.1/win/x86/LibreOffice_7.6.1_Win_x86_helppack_ar.msi
IP
ASN #47610 RWTH Aachen University
Certificate IssuerVerein zur Foerderung eines Deutschen Forschungsnetzes e. V.
Subjectftp.halifax.rwth-aachen.de
Fingerprint4F:D8:5B:91:CE:73:02:EE:55:DF:48:4D:26:05:BC:4C:1C:DA:30:40
ValidityWed, 28 Sep 2022 11:13:31 GMT - Sun, 29 Oct 2023 11:13:31 GMT
File type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 0, Title: Installation database, Subject: LibreOffice 7.6, Author: The Document Foundation, Keywords: Install,MSI, Comments: LibreOffice, Name of Creating Application: Windows Installer, Security: 0, Template: Intel;1033, Last Saved By: Intel;1025, Revision Number: {1205C277-E0CE-49A5-BB3E-03B42C8814DE}7.6.1.2;{1205C277-E0CE-49A5-BB3E-03B42C8814DE}7.6.1.2;{4B19ECA4-EB7B-420E-A2F3-0D456CA1CA3F}, Number of Pages: 200, Number of Characters: 32\012- OLE 2 Compound Document, v4.62, SecID 0x1, Mini FAT start sector 0x3e, blocksize 4096 : Microsoft Windows Installer Package\012- data
Size 3.4 MB (3391488 bytes)
Hash eeb40245406305879336af509332889a
554f315b1928f9f1b0b2df6f601f33dd36e9c00c
bb30d896143b2aa5f01d0c095b50a9804d90f50390fa8c3ef374bd7bbe1ee8f1
Analyzer Verdict Alert YARAhub by abuse.ch malware meth_get_eip
GET /tdf/libreoffice/stable/7.6.1/win/x86/LibreOffice_7.6.1_Win_x86_helppack_ar.msi HTTP/1.1
Host: ftp.halifax.rwth-aachen.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.22.1
date: Tue, 19 Sep 2023 13:15:45 GMT
content-type: application/octet-stream
content-length: 3391488
last-modified: Fri, 08 Sep 2023 00:13:58 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
137.226.34.46