IP218.253.84.90:0 ASN#9381 HKBN Enterprise Solutions HK Limited
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1905) Hash1f021e06a2fa4b3d057001977f3f4240 47615174a8fce0110fc34d0010be78cf236cd728 5ef2a4cae4c963120582ec1cc271ae39710f56de40f4c69a47a4f657cf7d24e5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 218.253.84.90
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 06:24:49 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
P3P: CP="NOI"
Set-Cookie: qtrans_front_language=en; expires=Sat, 29-Mar-2025 06:24:49 GMT; path=/
PHPSESSID=u83p2c11b0pc8brbtsma2diea2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Link: <http://218.253.84.90/wp-json/>; rel="https://api.w.org/", <http://218.253.84.90/>; rel=shortlink
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
| 218.253.84.90/wp-content/uploads/TG-NT-V5/index.php | 218.253.84.90 | | 2.9 kB |
URL User Request GET 218.253.84.90/wp-content/uploads/TG-NT-V5/index.php IP218.253.84.90:0 ASN#9381 HKBN Enterprise Solutions HK Limited
File typePHP script, ASCII text, with very long lines (1302), with CRLF line terminators Hash75d95e760ad8928e85aca62ee7a22d94 1cd4d5b502938dde33448c448d2531acfebae87f 623ee484e73e1e730bdefb5b458d1892858d0097190fc7998794295cc6c3faaa
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/TG-NT-V5/index.php HTTP/1.1
Host: 218.253.84.90
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 29 Mar 2024 06:24:51 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: PHPSESSID=bls60dnjqatn7kn9ncr04dl3v3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: newdir.php
Content-Length: 2946
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
| 218.253.84.90/wp-content/uploads/TG-NT-V5/newdir.php | 0.0.0.0 | | 0 B |
URL User Request GET 218.253.84.90/wp-content/uploads/TG-NT-V5/newdir.php IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/TG-NT-V5/newdir.php HTTP/1.1
Host: 218.253.84.90
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: PHPSESSID=bls60dnjqatn7kn9ncr04dl3v3
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|