IP162.255.119.6:0
File typeHTML document, ASCII text Hasha2661fca7720b7bdd98dc2313cb1d8e6 1421493804be133dbd7d19bb0a48614b94f196db 0f5d3a592102e54f5005dcb8c01a695643cf78a277158de156b465e09ad1c4b8
GET / HTTP/1.1
Host: www.centered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 20 Apr 2024 14:15:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 61
Connection: keep-alive
Location: http://www.SecondCopy.com/
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
|
IP209.17.116.160:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, ASCII text, with very long lines (371), with CRLF line terminators Hash4bfc8c01abe8ae07539a919c37e121d0 1f797216365671ebbf413f05cac9ae61b3a01925 c937038d17bbd43aaf88b6c0e91276f5f33a23c43c03bbf8820f55a9b1c33cef
GET / HTTP/1.1
Host: www.secondcopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty/1.25.3.1
Date: Sat, 20 Apr 2024 14:15:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Sat, 30 Apr 2011 00:00:00 GMT
Last-Modified: Mon, 08 Jan 2024 17:46:07 GMT
ETag: W/"ca91328f5a42da1:0"
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip
|
| www.centered.com/download/sc7.exe | 162.255.119.6 | 301 Moved Permanently | 77 B |
URL User Request GET HTTP/1.1www.centered.com/download/sc7.exe IP162.255.119.6:80
File typeHTML document, ASCII text Hashf22358a35822549db321a92799b4d199 a9db724c6d78796e9b256699148186e61b067250 fd02238f09c3a1e29d450a0fa5efc4e4a1fc32c143efe5c031e30c05ccb3b8fd
NIDS | Severity | Alert | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /download/sc7.exe HTTP/1.1
Host: www.centered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 20 Apr 2024 14:15:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 77
Connection: keep-alive
Location: http://www.SecondCopy.com/download/sc7.exe
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
|
| www.secondcopy.com/download/sc7.exe | 209.17.116.160 | 200 OK | 2.2 MB |
URL User Request GET HTTP/2www.secondcopy.com/download/sc7.exe IP209.17.116.160:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
CertificateIssuerNetwork Solutions L.L.C. Subjectsecondcopy.com Fingerprint1A:59:5C:90:EF:48:DB:DD:EC:5D:33:52:C4:21:44:CA:51:33:61:B5 ValidityThu, 27 Apr 2023 00:00:00 GMT - Sat, 04 May 2024 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections Size2.2 MB (2213728 bytes) Hash8cc84ca5badebfde189274d8fec056fe 3a8b10b69ef5338ffd659c0076a13ac7715cff98 94b9ab6e2869241c4b4f6750cd774b27f71a5edf37047467c5612160eb5f8e03
GET /download/sc7.exe HTTP/1.1
Host: www.secondcopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.25.3.1
date: Sat, 20 Apr 2024 14:15:41 GMT
content-type: application/octet-stream
content-length: 2213728
expires: Sat, 30 Apr 2011 00:00:00 GMT
last-modified: Mon, 26 Sep 2022 20:10:17 GMT
accept-ranges: bytes
etag: "eb2cefee3d1d81:0"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
X-Firefox-Spdy: h2
|