| invoice4c.yolasite.com/resources/INVOICE.zip | 172.64.144.105 | 200 OK | 97 kB |
URL User Request GET HTTP/1.1invoice4c.yolasite.com/resources/INVOICE.zip IP172.64.144.105:80
File typeZip archive data, at least v2.0 to extract, compression method=deflate\012- data Hashfc3f20c03bd60ee38705ee8f71306c80 d169880ea63921083b2a95fb70cef398ed5b4bcb d02807e0d879fcca5a7c4e695fab9195cd2b1e3fe0beeba28146280cd072bd24
Analyzer | Verdict | Alert | fortinet | Malware | | VirusTotal | 50/66 | |
NIDS | Severity | Alert | suricata | high | ET MALWARE Possible Malicious Invoice EXE |
GET /resources/INVOICE.zip HTTP/1.1
Host: invoice4c.yolasite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 30 Apr 2023 05:27:50 GMT
Content-Type: application/zip
Content-Length: 96679
Connection: keep-alive
ETag: "09a03c85b2ded9d88550eb77318a1f49"
Last-Modified: Tue, 05 Jul 2022 08:22:50 GMT
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Set-Cookie: __cf_bm=NNPdM_.WhyDaGa4cVdIQrHygI0BCrfaHlQ37TECaVFk-1682832470-0-AUjMzqsaWUrcVIDeD1LqCRivSfqqhmr73nah1lYhBJFIbDGRvJKMJT0pbC7VWnzWFf00wcRqDMsgNr2+e1LW+nf6x5Qlvp2jHFXkaqp8g+9Q; path=/; expires=Sun, 30-Apr-23 05:57:50 GMT; domain=.yolasite.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bfd60b87843b4f1-OSL
alt-svc: h2=":443"; ma=60
|
| www.infinitytech.com.hk/_files/archives/2cfb98_6a36f0fc525042cbab2a3c41f954a486.zip?lang=en | 34.117.168.233 | | 22 MB |
URL www.infinitytech.com.hk/_files/archives/2cfb98_6a36f0fc525042cbab2a3c41f954a486.zip?lang=en IP34.117.168.233:0
Size22 MB (21629346 bytes) Hashbe79dd58a1b740c61b56940b19d8caa0 02fbcf6bb5832dc4529eae0045067c82b152ba71 823f5bb0bcf0f791653f67a70242311746c6d541e12df8e9dfe6fe81c229dcbb
GET /_files/archives/2cfb98_6a36f0fc525042cbab2a3c41f954a486.zip?lang=en HTTP/1.1
Host: www.infinitytech.com.hk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=34430976-
If-Unmodified-Since: Fri, 29 Oct 2021 02:28:00 GMT
HTTP/2 206 Partial Content
date: Sun, 30 Apr 2023 05:27:49 GMT
content-type: application/x-zip-compressed
content-length: 21629346
expires: Sun, 30 Apr 2023 06:27:49 GMT
cache-control: public, max-age=15552000, immutable
last-modified: Fri, 29 Oct 2021 02:28:00 GMT
accept-ranges: bytes
content-range: bytes 34430976-56060321/56060322
access-control-allow-origin: *
access-control-expose-headers: Content-Length
timing-allow-origin: *
x-robots-tag: noindex, nofollow
x-wix-request-id: 1682832469.341246593202016297
content-disposition: inline; filename="ChequeReadyUpgrade_nodb.zip"; filename*=UTF-8''ChequeReadyUpgrade_nodb.zip
strict-transport-security: max-age=3600
age: 0
x-seen-by: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMcelXbngm2n121fQs6sauqp,qquldgcFrj2n046g4RNSVBKUaXHrucSLmP/C0nqrtU9YgeUJqUXtid+86vZww+nL,2d58ifebGbosy5xc+FRalq6Z9rj82pHHOQzz6pL1XM6V9JyOEIaSINEppgheHPUX3QpI/ucnHvfrUjeESIoVeqHK5Gk8szI2fCw2/M6wCBY=,2UNV7KOq4oGjA5+PKsX47PeE4JkJeK48Oko5cEfOjJRYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDpwCp7vZ4yS0Zdx4PMfXLQz4=,xTu8fpDe3EKPsMR1jrheENLaV7RhVEBNmmUjhYH2lpI=,55qjwvOxGQ2IECG75U03eu1HID6bocmPeow1YmaqqqZbJo7CASNmU3P1IR8EkK52vGQ2Otd3B2C27oTTIAKJtQ==,gcp.us-central-1.media-router-77bc6f7769-4n6xm
x-content-type-options: nosniff
server: Pepyaka/1.19.10
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|