Report - cj.dotomi.com/gj117p-87Q/-6B/PSRTVURU/VTVXQRR/O/O/O?r=y<<7JJFI://MMM.93EGE2O.2EC/2B82A-XVXZSTT-RUTVXWTW<<g<7JJF://MMM.93EGE2O.2EC<<R<R<Q<Q<

Report Overview

Visited public
2023-10-25 00:13:06
Tags
URL
cj.dotomi.com/gj117p-87Q/-6B/PSRTVURU/VTVXQRR/O/O/O?r=y<<7JJFI://MMM.93EGE2O.2EC/2B82A-XVXZSTT-RUTVXWTW<<g<7JJF://MMM.93EGE2O.2EC<<R<R<Q<Q<
Finishing URL
about:privatebrowsing
IP / ASN
89.207.16.75
#41041 Conversant LLC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.emjcd.com	13026	2004-04-06	2012-05-22 19:01:00	2023-10-24 20:02:33	744 B	1.4 kB	89.207.16.75
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-10-24 19:14:06	330 B	963 B	104.18.15.101
ashampoo.com	196256	1999-07-28	2012-07-16 14:27:02	2023-10-24 07:43:28	610 B	775 B	18.197.209.74
www.ashampoo.com	767402	1999-07-28	2014-02-19 20:59:47	2023-10-24 20:13:56	1.9 kB	3.9 kB	18.197.209.74
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-10-24 19:28:06	340 B	941 B	143.204.53.97
cdn1.ashampoo.net	unknown	1999-07-28	2015-07-06 13:59:48	2023-10-23 19:44:37	527 B	18 MB	143.204.55.110
cj.dotomi.com	13192	2000-08-07	2014-02-07 10:51:46	2023-10-24 20:02:33	617 B	1.8 kB	89.207.16.75

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn1.ashampoo.net/ashampoo/2303/ashampoo_uninstaller_10_10.00.13_sm.exe
IP
143.204.55.110
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
18 MB (18473152 bytes)
Hash
dd794b7b6f9211200ac7ed4f6c184603
a1a4fdb31e0ddebe7cb300ad9f9650e78e70d58a
45480019726d7b8154461397eb6f942c40d2533490a93e93d48ffa3d1554b08e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/71

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

cj.dotomi.com/gj117p-87Q/-6B/PSRTVURU/VTVXQRR/O/O/O?r=y%3C%3C7JJFI://MMM.93EGE2O.2EC/2B82A-XVXZSTT-RUTVXWTW%3C%3Cg%3C7JJF://MMM.93EGE2O.2EC%3C%3CR%3CR%3CQ%3CQ%3C

89.207.16.75

302 Found

733 B

URL User Request GET HTTP/1.1
cj.dotomi.com/gj117p-87Q/-6B/PSRTVURU/VTVXQRR/O/O/O?r=y%3C%3C7JJFI://MMM.93EGE2O.2EC/2B82A-XVXZSTT-RUTVXWTW%3C%3Cg%3C7JJF://MMM.93EGE2O.2EC%3C%3CR%3CR%3CQ%3CQ%3C
IP
89.207.16.75:443
ASN
#41041 Conversant LLC

Certificate
IssuerGlobalSign nv-sa
Subjectwww.qksrv.net
FingerprintDA:F0:4E:7F:39:78:20:F5:91:7B:91:04:A3:90:D0:4B:F3:52:F3:0F
ValidityThu, 21 Sep 2023 15:44:58 GMT - Tue, 22 Oct 2024 15:44:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (364)
Size
733 B (733 bytes)
Hash
041fe7e85a393b420d8ad744112dcce7
e31c3168d6e8e90128aab04ac06f753b5f96bc12
7b85e88a921b4229cd4f20923068aae0a79317b669da88b310cadf9801976f65

HTTP Headers

GET /gj117p-87Q/-6B/PSRTVURU/VTVXQRR/O/O/O?r=y%3C%3C7JJFI://MMM.93EGE2O.2EC/2B82A-XVXZSTT-RUTVXWTW%3C%3Cg%3C7JJF://MMM.93EGE2O.2EC%3C%3CR%3CR%3CQ%3CQ%3C HTTP/1.1
Host: cj.dotomi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Resin/4.0.66
P3P: policyref="/w3c/p3p-d.xml", CP="NOI DSP NID OUR STP"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Wed, 25 Oct 2023 00:12:47 GMT
Set-Cookie: CJSession=0ca2740b-8ad2-4f1d-a242-3b8c11e69c52; Domain=.dotomi.com; Path=/; Secure; SameSite=None
cjae=prQTGUilDy0U; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
DotomiUser=400505425441114000$0$1; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
LCLK=cjo!xb9t-ysvbnn2; Max-Age=34041593; Domain=.dotomi.com; Path=/; Secure; SameSite=None
Location: https://www.emjcd.com/6e108kjsrB/jqv/8BACEDAD/ECEG9AA/7/B77C7CB9CBB888B777:wyXaNbpsK47b/AGmD9hjGE9ji88llF88777B87h8FiFmF?h=z%3cw38!HvTD-ICFv77M%3c1DD9C%3A%2F%2FGGG.3x8A8wI.w86%2Fw52w4-RPRTMNN-LONPRQNQ%3c%3ca%3c1DD9%3A%2F%2FGGG.3x8A8wI.w86%3cKwuMROKv-SuxM-OzLx-uMOM-NvSwLLyQTwPM%3cL%3cL%3cK%3cK%3c
Content-Type: text/html; charset=UTF-8
Content-Length: 733
Date: Wed, 25 Oct 2023 00:12:47 GMT
X-VC-HTTPS: On

www.emjcd.com/6e108kjsrB/jqv/8BACEDAD/ECEG9AA/7/B77C7CB9CBB888B777:wyXaNbpsK47b/AGmD9hjGE9ji88llF88777B87h8FiFmF?h=z%3cw38!HvTD-ICFv77M%3c1DD9C%3A%2F%2FGGG.3x8A8wI.w86%2Fw52w4-RPRTMNN-LONPRQNQ%3c%3ca%3c1DD9%3A%2F%2FGGG.3x8A8wI.w86%3cKwuMROKv-SuxM-OzLx-uMOM-NvSwLLyQTwPM%3cL%3cL%3cK%3cK%3c

89.207.16.75

302 Found

459 B

URL User Request GET HTTP/1.1
www.emjcd.com/6e108kjsrB/jqv/8BACEDAD/ECEG9AA/7/B77C7CB9CBB888B777:wyXaNbpsK47b/AGmD9hjGE9ji88llF88777B87h8FiFmF?h=z%3cw38!HvTD-ICFv77M%3c1DD9C%3A%2F%2FGGG.3x8A8wI.w86%2Fw52w4-RPRTMNN-LONPRQNQ%3c%3ca%3c1DD9%3A%2F%2FGGG.3x8A8wI.w86%3cKwuMROKv-SuxM-OzLx-uMOM-NvSwLLyQTwPM%3cL%3cL%3cK%3cK%3c
IP
89.207.16.75:443
ASN
#41041 Conversant LLC

Certificate
IssuerGlobalSign nv-sa
Subjectwww.qksrv.net
FingerprintDA:F0:4E:7F:39:78:20:F5:91:7B:91:04:A3:90:D0:4B:F3:52:F3:0F
ValidityThu, 21 Sep 2023 15:44:58 GMT - Tue, 22 Oct 2024 15:44:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
459 B (459 bytes)
Hash
5209bc16e2195de3372ec52cbf4637c0
7ea37a7d5f9f3ac38cadfc55e32b50eb6a56fb2b
3c4d08bf20c84d0314ea41253c225e25a7a5c7294b5365fe651ad83b9c8b4e61

HTTP Headers

GET /6e108kjsrB/jqv/8BACEDAD/ECEG9AA/7/B77C7CB9CBB888B777:wyXaNbpsK47b/AGmD9hjGE9ji88llF88777B87h8FiFmF?h=z%3cw38!HvTD-ICFv77M%3c1DD9C%3A%2F%2FGGG.3x8A8wI.w86%2Fw52w4-RPRTMNN-LONPRQNQ%3c%3ca%3c1DD9%3A%2F%2FGGG.3x8A8wI.w86%3cKwuMROKv-SuxM-OzLx-uMOM-NvSwLLyQTwPM%3cL%3cL%3cK%3cK%3c HTTP/1.1
Host: www.emjcd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: Resin/4.0.66
Set-Cookie: S=400505425441114000:prQTGUilDy0U; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
LCLK=cjo!xb9t-ysvbnn2; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
CJSession=0ca2740b-8ad2-4f1d-a242-3b8c11e69c52; Domain=.emjcd.com; Path=/; Secure; SameSite=None
S=400505425441114000:prQTGUilDy0U; Max-Age=34041593; Domain=.emjcd.com; Path=/; Secure; SameSite=None
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Wed, 25 Oct 2023 00:12:47 GMT
Location: https://ashampoo.com/cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj
Content-Type: text/html; charset=UTF-8
Content-Length: 459
Date: Wed, 25 Oct 2023 00:12:47 GMT
X-VC-HTTPS: On

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
3ebdfa6284a672f5ad8889e9e4defc93
4222d8b0c3e9a09b570209fa1f1097478474a496
8b127106bb8b972f4ed3f923884f09a1ac0e739c91f4d8b8ee0196c888f05274

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 00:12:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 24 Oct 2023 17:24:12 GMT
Expires: Tue, 31 Oct 2023 17:24:11 GMT
Etag: "4222d8b0c3e9a09b570209fa1f1097478474a496"
Cache-Control: max-age=581149,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81b63ffc2b4fb518-OSL

ashampoo.com/cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj

18.197.209.74

301 Moved Permanently

382 B

URL User Request GET HTTP/1.1
ashampoo.com/cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj
IP
18.197.209.74:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectwww.ashampoo.com
Fingerprint12:FD:C6:5A:FE:C7:34:AB:F2:FD:0F:33:27:26:F9:29:3C:8C:2B:C6
ValidityThu, 27 Apr 2023 00:00:00 GMT - Fri, 26 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
382 B (382 bytes)
Hash
23f4e946f9fe4f862f4dfbaa1bd0b1b4
e52feb717824e9d180e514679bab1975a32819c1
704d0cd0e4a5df3c5f662d1f0a2bbcbfb1ad00b8a36c42e474539957080539e1

HTTP Headers

GET /cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj HTTP/1.1
Host: ashampoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 25 Oct 2023 00:12:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31556926
Location: https://www.ashampoo.com/cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj
Content-Length: 382
Connection: close
Content-Type: text/html; charset=iso-8859-1

www.ashampoo.com/cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj

18.197.209.74

302 Found

466 B

URL User Request GET HTTP/1.1
www.ashampoo.com/cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj
IP
18.197.209.74:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectwww.ashampoo.com
Fingerprint12:FD:C6:5A:FE:C7:34:AB:F2:FD:0F:33:27:26:F9:29:3C:8C:2B:C6
ValidityThu, 27 Apr 2023 00:00:00 GMT - Fri, 26 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
466 B (466 bytes)
Hash
e147cedfebc548edc633e8b8b42a9fc5
62612caa432658f46625e602774af05b3e8f674d
6de60b81618a5fbfc92a0ab64cb6f0e6e4829270734d7dfc7582e03d0a4afe27

HTTP Headers

GET /cookie/HqULT1OaTqFiPD4b?redirect=https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe&cjevent=39f62ac972cb11ee811000410a18b8f8&x-source=cj HTTP/1.1
Host: www.ashampoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Wed, 25 Oct 2023 00:12:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31556926
Cache-Control: no-cache, private
Location: https://www.ashampoo.com/ashampoo_uninstaller_10_sm.exe
Set-Cookie: trk=%26x-network%3Dcj%26x-cjevent%3D%26tracking%3Dcj%2Ctrk; expires=Fri, 24-Nov-2023 00:12:47 GMT; Max-Age=2592000; path=/; domain=.ashampoo.com; secure; SameSite=None
XSRF-TOKEN=eyJpdiI6IlNqQnRtRllBZXZaRHZqYWdzc3B3R3c9PSIsInZhbHVlIjoiaVFVZlBTUm9EM01Wc25vc3lwYzBMRWduSlpDT21QYWxhSFBORWJ4a3FUSEh6bi95TG5uU3I2cW00WFk2dVFYdGs2MW4xRVEwcEhYVUVTSHJHQ01LT0R6bkFIclVsb2w3M09PY1J4Vk9DTjd1QVByRkdNeVFoQ2pXNXFzR21BSzgiLCJtYWMiOiJkNDYzNThjMzhjOWRlZmQ2Y2MyYzQ3NjcyM2I4MzU0NzkwMWYxZTljNmRiOWJlZmE3M2NkM2M1ZWU5ZWIxNWI3IiwidGFnIjoiIn0%3D; expires=Wed, 25 Oct 2023 02:12:47 GMT; Max-Age=7200; path=/; samesite=lax
ashampoo_session=eyJpdiI6IllWQTZYLzl2NmYvM3ZzUzNrZVZqMnc9PSIsInZhbHVlIjoiamlSY3FOc0IvdUhmR0ZVbmt3V0R3WDF0alJkMVEycWtFTVBFLzBDaXBIdTFBY0hHekxkMXZPNkptaXVrc0c1M3ZFRmZPWXFrc29jZTJiSjdmNGk3QlFJU1RGbEczNHZaQkVSa0NBN3JrV1JSbUNvZmJFOUtDMkRXWm5Zb1lpKzQiLCJtYWMiOiIyODIzNTA3MTY5MmQzNGI0ZGZkMDc0MTYyMTgwNTZlOGY2MWQ5ZmZhZDU3NGI0MmRjYmI1YjgxNjJmNDczZDFiIiwidGFnIjoiIn0%3D; expires=Wed, 25 Oct 2023 02:12:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Access-Control-Allow-Origin: *
Content-Security-Policy: frame-ancestors 'self' https://*.ashampoo.com https://*.cms.test
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.ashampoo.com/ashampoo_uninstaller_10_sm.exe

18.197.209.74

302 Found

562 B

URL User Request GET HTTP/1.1
www.ashampoo.com/ashampoo_uninstaller_10_sm.exe
IP
18.197.209.74:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectwww.ashampoo.com
Fingerprint12:FD:C6:5A:FE:C7:34:AB:F2:FD:0F:33:27:26:F9:29:3C:8C:2B:C6
ValidityThu, 27 Apr 2023 00:00:00 GMT - Fri, 26 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
562 B (562 bytes)
Hash
cb3892067daf3b294acc8429ec1858e1
b41db1f92f46d9ea745e1daa4f9bedaa446e6f0e
b9cd142609b8d82047ced7ea869a65354e9b66eef3830d0882f19054e993a303

HTTP Headers

GET /ashampoo_uninstaller_10_sm.exe HTTP/1.1
Host: www.ashampoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: trk=%26x-network%3Dcj%26x-cjevent%3D%26tracking%3Dcj%2Ctrk; XSRF-TOKEN=eyJpdiI6IlNqQnRtRllBZXZaRHZqYWdzc3B3R3c9PSIsInZhbHVlIjoiaVFVZlBTUm9EM01Wc25vc3lwYzBMRWduSlpDT21QYWxhSFBORWJ4a3FUSEh6bi95TG5uU3I2cW00WFk2dVFYdGs2MW4xRVEwcEhYVUVTSHJHQ01LT0R6bkFIclVsb2w3M09PY1J4Vk9DTjd1QVByRkdNeVFoQ2pXNXFzR21BSzgiLCJtYWMiOiJkNDYzNThjMzhjOWRlZmQ2Y2MyYzQ3NjcyM2I4MzU0NzkwMWYxZTljNmRiOWJlZmE3M2NkM2M1ZWU5ZWIxNWI3IiwidGFnIjoiIn0%3D; ashampoo_session=eyJpdiI6IllWQTZYLzl2NmYvM3ZzUzNrZVZqMnc9PSIsInZhbHVlIjoiamlSY3FOc0IvdUhmR0ZVbmt3V0R3WDF0alJkMVEycWtFTVBFLzBDaXBIdTFBY0hHekxkMXZPNkptaXVrc0c1M3ZFRmZPWXFrc29jZTJiSjdmNGk3QlFJU1RGbEczNHZaQkVSa0NBN3JrV1JSbUNvZmJFOUtDMkRXWm5Zb1lpKzQiLCJtYWMiOiIyODIzNTA3MTY5MmQzNGI0ZGZkMDc0MTYyMTgwNTZlOGY2MWQ5ZmZhZDU3NGI0MmRjYmI1YjgxNjJmNDczZDFiIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Wed, 25 Oct 2023 00:12:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31556926
Cache-Control: no-cache, private
Location: https://cdn1.ashampoo.net/ashampoo/2303/ashampoo_uninstaller_10_10.00.13_sm.exe
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjgvOCt0a2d6c0kwNjhWSk1SdVZjVEE9PSIsInZhbHVlIjoiRzR0VjZvMW5RNDJaamZUcW5sVHhEYnBqVURFbWZ1Rm9QbWlDck9CRUVONHZXRXBxYTRvejlEQU8yQW1wdy9rVy82TnFudFZ1RkJPL1ZmdVFXWGFHaHZZcTVLYVZaLzRaNFdyUFpJOFBsVmthMzh5Um5vMnpWSml6RFZvb0VRUkkiLCJtYWMiOiIwOTViZmNmOGFhNmRmOTExNWM2ODI2MWM0YWU2MTAxMjJjOGQyNjdhYjY1OWVmMzkwMTg2MDc5Yjk4ZDAyYjA3IiwidGFnIjoiIn0%3D; expires=Wed, 25 Oct 2023 02:12:47 GMT; Max-Age=7200; path=/; samesite=lax
ashampoo_session=eyJpdiI6IkFwNHZjOVRSZis3UGJNcHI1T2l2OFE9PSIsInZhbHVlIjoiNDRrczRCaks5U240T1krNjVqV05uWk9KQ3gzb1FoZFRRa01YQU5XMUVYRTNLQ21NMTNpaCt5ODcrbkliR25Ga0lnY0F6TE1aQnVBZXZONTlaSUh1ZnljUHNVUnRlUFNneU1JS2tYejJVZ1RqaWVvdk1RaFNwUHFOWTFCWjhtNkQiLCJtYWMiOiJhY2ZmZmUyNmQyYTgyNzlkZGJkMzJhMjgzNTczMTczMjk5ZTRkMDgxNjZhOGEyNTY2YjVlNmQ1MzMyYjRjMGQ5IiwidGFnIjoiIn0%3D; expires=Wed, 25 Oct 2023 02:12:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Access-Control-Allow-Origin: *
Content-Security-Policy: frame-ancestors 'self' https://*.ashampoo.com https://*.cms.test
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
75803686d32a32e14e9037890d13eb77
e88a3b3665aafdf8041e8d4fb3e2d7556f1e5874
39bd3bf4a8bb703e75d87277a30191a0b906290489192526f2794114f45de0dc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 25 Oct 2023 00:12:47 GMT
Last-Modified: Wed, 25 Oct 2023 00:06:54 GMT
Server: ECAcc (amb/6AB3)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PgMiaBic5UHypwtiLE3smt8JJ2Ih2hWTd1vmF4xKZdECQo8xcvZx_w==
Age: 354

cdn1.ashampoo.net/ashampoo/2303/ashampoo_uninstaller_10_10.00.13_sm.exe

143.204.55.110

200 OK

18 MB

URL User Request GET HTTP/2
cdn1.ashampoo.net/ashampoo/2303/ashampoo_uninstaller_10_10.00.13_sm.exe
IP
143.204.55.110:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.ashampoo.net
Fingerprint91:F0:B0:BD:BF:9C:EA:41:7F:38:38:19:89:BA:3D:CB:E8:53:06:DE
ValiditySun, 15 Oct 2023 00:00:00 GMT - Mon, 11 Nov 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
18 MB (18473152 bytes)
Hash
dd794b7b6f9211200ac7ed4f6c184603
a1a4fdb31e0ddebe7cb300ad9f9650e78e70d58a
45480019726d7b8154461397eb6f942c40d2533490a93e93d48ffa3d1554b08e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/71

HTTP Headers

GET /ashampoo/2303/ashampoo_uninstaller_10_10.00.13_sm.exe HTTP/1.1
Host: cdn1.ashampoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 18473152
date: Wed, 25 Oct 2023 00:12:49 GMT
last-modified: Mon, 25 Oct 2021 10:40:07 GMT
etag: "dd794b7b6f9211200ac7ed4f6c184603"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lzLfLQ525FfCMfJQFU6vK2BLwuZhD2mPkiqqggRMWDYDc3wOTzeV-A==
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate