| r57shell.net/mini_admin.txt | 54.38.209.89 | 200 OK | 62 kB |
URL User Request GET HTTP/1.1r57shell.net/mini_admin.txt IP54.38.209.89:443
CertificateIssuerLet's Encrypt Subjectr57shell.net Fingerprint6D:78:A2:82:FE:C1:2A:BC:67:1A:FF:95:70:AF:76:9A:55:D0:9B:3D ValidityTue, 02 Jan 2024 09:22:37 GMT - Mon, 01 Apr 2024 09:22:36 GMT
File typePHP script, ASCII text, with very long lines (62067) Hashfb2c75b50e85483a38dfc5b973d1dc12 745f8f89dfa3a6f1d7fce935cb44c5de6a54f913 e469dc9776d01b4ec6002a32acab1a56a44a439ce39707dd392a026d7da002fa
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | PHP webshell using some kind of eval with encoded blob to decode |
GET /mini_admin.txt HTTP/1.1
Host: r57shell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 29 Mar 2024 14:54:29 GMT
Content-Type: text/plain
Content-Length: 62264
Last-Modified: Tue, 04 Oct 2022 07:46:29 GMT
Connection: keep-alive
ETag: "633be4d5-f338"
Accept-Ranges: bytes
|
IP54.38.209.89:443
Requested byhttps://r57shell.net/mini_admin.txt CertificateIssuerLet's Encrypt Subjectr57shell.net Fingerprint6D:78:A2:82:FE:C1:2A:BC:67:1A:FF:95:70:AF:76:9A:55:D0:9B:3D ValidityTue, 02 Jan 2024 09:22:37 GMT - Mon, 01 Apr 2024 09:22:36 GMT
File typePNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced Hash856d68fecfdecbb8b2cfd13d73163e8b 0c936a773fb0d1454f9c00f2f9019c2fd121fb67 6791dada9954f444b1d888040f41d1da41d540ff90b5ab3c100fb63be71e14c1
GET /favicon.ico HTTP/1.1
Host: r57shell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r57shell.net/mini_admin.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 29 Mar 2024 14:54:29 GMT
Content-Type: image/x-icon
Content-Length: 4213
Last-Modified: Wed, 22 Sep 2021 13:32:59 GMT
Connection: keep-alive
ETag: "614b308b-1075"
Accept-Ranges: bytes
|