IP45.130.41.106:443
Requested byhttps://wdc-dev.ru/rat/command2.txt CertificateIssuerLet's Encrypt Subjectwdc-dev.ru Fingerprint96:F7:5B:F0:AA:CA:35:8A:9B:A6:D7:AB:A7:E3:E6:2E:86:1F:4A:DA ValidityTue, 30 Apr 2024 09:18:10 GMT - Mon, 29 Jul 2024 09:18:09 GMT
File typeHTML document, ASCII text Hash80f91aff793556f999cdfadb2f8455e8 d2ed213fecbd3f7780810d3d8a7ea24acbecb8a6 d65e478252aa83cbaf469abb45605b6bb620075883c6cbd81c0d531da2e4a061
GET /favicon.ico HTTP/1.1
Host: wdc-dev.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wdc-dev.ru/rat/command2.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx-reuseport/1.21.1
date: Wed, 08 May 2024 15:04:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 270
X-Firefox-Spdy: h2
|
| wdc-dev.ru/rat/command2.txt | 45.130.41.106 | 200 OK | 4.4 kB |
URL User Request GET HTTP/2wdc-dev.ru/rat/command2.txt IP45.130.41.106:443
CertificateIssuerLet's Encrypt Subjectwdc-dev.ru Fingerprint96:F7:5B:F0:AA:CA:35:8A:9B:A6:D7:AB:A7:E3:E6:2E:86:1F:4A:DA ValidityTue, 30 Apr 2024 09:18:10 GMT - Mon, 29 Jul 2024 09:18:09 GMT
File typeASCII text, with very long lines (4524), with no line terminators Hashaebb751e8e8fd69e97a024e96c9a78ad 5316e29b6f8e05a94f7ac2ad322d9f0b5b7c9dbe cd7a36592ece7e16393a8014d947d3c114dd7da1450e50d235e0db1a0917d6f8
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
GET /rat/command2.txt HTTP/1.1
Host: wdc-dev.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Wed, 08 May 2024 15:04:18 GMT
content-type: text/plain
last-modified: Sat, 04 May 2024 07:43:41 GMT
vary: Accept-Encoding
etag: W/"6635e72d-1105"
expires: Wed, 15 May 2024 15:04:18 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
|