| code.kliu.org/hashcheck/downloads/HashCheckInstall-2.1.11.exe |  172.67.210.76 | 200 OK | 86 kB |
URL User Request GET HTTP/1.1code.kliu.org/hashcheck/downloads/HashCheckInstall-2.1.11.exe IP172.67.210.76:80
File typePE32 executable (GUI) Intel 80386, for MS Windows, 2 sections Hashb99ff61def8125e2178ce6f1f7d6d8c0 d3cb884c8fc3f04720d176777508c4f5dd2df40c b6a43dc0f8f296f933f736df99689395e5b36e65cdcdbaf1c644c65e42accc54
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | suspicious | |
| NIDS | Severity | Alert |
|---|
| suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP |
GET /hashcheck/downloads/HashCheckInstall-2.1.11.exe HTTP/1.1
Host: code.kliu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 24 Dec 2024 23:21:48 GMT
Content-Type: application/x-msdos-program
Content-Length: 86528
Connection: keep-alive
Last-Modified: Thu, 09 Jul 2009 07:13:25 GMT
ETag: "15200-46e4097778f40"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Ino%2Few%2BmBSu8ARBJoftsX7zeHKUPbdknMGKsABceQmsCZZyDUSYBlKvHQK2qlaMdViubbAH4X1g%2FO2Dd2mAv6QgYXJUPdI8jPK0mJaeOiYZkEA9SaQGHc2C3PMijFzG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8f74546a2b0a56a4-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=470&min_rtt=470&rtt_var=235&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=433&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| code.kliu.org/hashcheck/downloads/HashCheckInstall-latest.exe | 172.67.210.76 | 307 Temporary Redirect | 86 kB |
URL User Request GET HTTP/2code.kliu.org/hashcheck/downloads/HashCheckInstall-latest.exe IP172.67.210.76:443
CertificateIssuerGoogle Trust Services Subjectkliu.org Fingerprint39:D2:DD:33:89:8A:F2:0C:E7:D7:08:19:9F:B4:BA:A6:42:99:57:32 ValidityWed, 20 Nov 2024 21:08:52 GMT - Tue, 18 Feb 2025 21:08:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hashcheck/downloads/HashCheckInstall-latest.exe HTTP/1.1
Host: code.kliu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
date: Tue, 24 Dec 2024 23:21:47 GMT
content-type: text/html; charset=iso-8859-1
location: http://code.kliu.org/hashcheck/downloads/HashCheckInstall-2.1.11.exe
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fqC9HPUCbHBM7bYBk%2Bz8hxHz%2BqK1Dle40hjLWUYPzSlXDqa6F3juxWOwxOkOu3rMoGZh5f8Y%2FF3%2FJpHvsTQDTExM4h8cC0Tce55AYATkZlABq4Vzxr%2Fjs79M4kzNorf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f745467ca2d56bd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5581&min_rtt=447&rtt_var=10281&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3264&recv_bytes=1275&delivery_rate=7451114&cwnd=254&unsent_bytes=0&cid=04d582a59bb3d9e5&ts=368&x=0"
X-Firefox-Spdy: h2
|
104.21.45.53