screenshare.pics/join.php?id=FE1790.exe
302 Found 0 B URL User Request GET HTTP/1.1 screenshare.pics/join.php?id=FE1790.exe
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerDigiCert, Inc.
Subjectscreenshare.pics
Fingerprint2E:C4:87:B0:98:AC:4A:FD:0D:68:74:F2:FE:18:C7:E2:49:A1:8A:EA
ValiditySat, 25 Nov 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /join.php?id=FE1790.exe HTTP/1.1
Host: screenshare.pics
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Dec 2023 20:26:26 GMT
Server: Apache
Location: https://grabify.world/join.php?id=FE1790.exe
Status: 301 Moved Permanently
cf-cache-status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 56137e603e72eeba
screenshare.pics/
1.1 kB IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerDigiCert, Inc.
Subjectscreenshare.pics
Fingerprint2E:C4:87:B0:98:AC:4A:FD:0D:68:74:F2:FE:18:C7:E2:49:A1:8A:EA
ValiditySat, 25 Nov 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1104), with CRLF line terminators
Hash 789bc248a0fe562902689aff1ee22560
5aa80deae01eb5da651350a5c02f525f5cc3d946
19a39324e266a84b82bfdd2075ce4231dc46c93120a87dbe35dcec3aa2d58331
GET / HTTP/1.1
Host: screenshare.pics
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1139
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Dec 2023 20:26:29 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 56137e603e72eeba
grabify.world/join.php?id=FE1790.exe
302 Found 0 B URL User Request GET HTTP/2 grabify.world/join.php?id=FE1790.exe
IP
Certificate IssuerLet's Encrypt
Subjectgrabify.world
FingerprintD1:3D:D8:DF:F8:9F:03:9A:3E:72:31:2F:87:6C:1A:1B:27:F4:1C:D0
ValiditySat, 02 Dec 2023 18:42:40 GMT - Fri, 01 Mar 2024 18:42:39 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /join.php?id=FE1790.exe HTTP/1.1
Host: grabify.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 07 Dec 2023 20:26:26 GMT
location: https://grabify.link/join.php?id=FE1790.exe
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgXSbkNFaH9VUCSX3RU4ef3iYBgToXo8IsN%2BvmryOiWYzeEZfD2hjCy3pj1NU7NGEpsLqt94iM4LkKPIKVDLKG4zlcSrcVbbdHT6ZwSN3PYnZ7SmHpx4gYlGVZ9kcGtc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 831f80ee1ce456b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
grabify.link/join.php?id=FE1790.exe
0 B URL User Request GET grabify.link/join.php?id=FE1790.exe
IP
Certificate IssuerGoogle Trust Services LLC
Subjectgrabify.link
FingerprintA2:CB:A2:12:31:AA:02:EC:B6:4C:26:F0:CB:D4:E5:20:E8:1A:05:79
ValidityFri, 13 Oct 2023 16:15:15 GMT - Thu, 11 Jan 2024 16:15:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata high ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
GET /join.php?id=FE1790.exe HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
grabify.link/join.php?id=FE1790.exe
0 B URL User Request GET grabify.link/join.php?id=FE1790.exe
IP
Certificate IssuerGoogle Trust Services LLC
Subjectgrabify.link
FingerprintA2:CB:A2:12:31:AA:02:EC:B6:4C:26:F0:CB:D4:E5:20:E8:1A:05:79
ValidityFri, 13 Oct 2023 16:15:15 GMT - Thu, 11 Jan 2024 16:15:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata high ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
GET /join.php?id=FE1790.exe HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Dec 2023 20:26:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 07 Dec 2023 21:26:29 GMT
Location: https://grabify.link/join.php?id=FE1790.exe
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nxt%2FFxxL4me1f97JS9y1QQ7UYuNKCij4wuXmVIuKm5atdguDSxk4QkgaQPkn0R1iRN9R3%2FBQM3G75VITQwk9n6fX3WEkXbrjLhxFjadwP4J4bLzCxwgJk5Yki3IODg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 831f8100b9395695-OSL
alt-svc: h2=":443"; ma=60
grabify.link/join.php?id=FE1790.exe
0 B URL User Request GET grabify.link/join.php?id=FE1790.exe
IP
Certificate IssuerGoogle Trust Services LLC
Subjectgrabify.link
FingerprintA2:CB:A2:12:31:AA:02:EC:B6:4C:26:F0:CB:D4:E5:20:E8:1A:05:79
ValidityFri, 13 Oct 2023 16:15:15 GMT - Thu, 11 Jan 2024 16:15:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata high ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
GET /join.php?id=FE1790.exe HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 07 Dec 2023 20:26:30 GMT
content-type: text/html; charset=UTF-8
location: http://9292
cache-control: no-cache, private
x-robots-tag: noindex, nofollow
x-content-type-options: nosniff
x-abuse: abuse@grabify.link
x-ratelimit-limit: 15
x-ratelimit-remaining: 13
set-cookie: XSRF-TOKEN=eyJpdiI6Ikw1MzhSOEFoTnBveCt1SlZNekFkT0E9PSIsInZhbHVlIjoiRG1tdmFzemFxUzg2MmJ6azJjS0dLRFMrMDFjMmhyamhTY3NrL3hWSTRtNGJmWVUyOWFlNU5WbzlFazV3QzlvT2tJYXg1ZXg3R3JmYmx0THNGQmpUSGovM2tOczVZRk1BdWtIellSUkl4ZklZelVDOHNjWmExRXFJczQ4b1NSZFYiLCJtYWMiOiI4MGU2YzkzMmZhODlkYmIxODA2NDBiOWE5NThjMjczNzNlMTQ2MmZiM2MxMWQ0ZDc2ZmMwODAxMWI2NDQ0ZGIzIiwidGFnIjoiIn0%3D; expires=Fri, 08 Dec 2023 01:26:30 GMT; Max-Age=18000; path=/; secure
g_session=eyJpdiI6Ik13a0tZbEhWOU9WVWtjbjBLd2tmTGc9PSIsInZhbHVlIjoieFJLNFgybVBObFM3SlpZR3ZGaU1NdE1sK2d5M2VxSHU4MHB0MGxQZW51VTdWMDZiclFuZ05vWGVYZGUvRmprY0M1UlFFSEl5dzQ1c2tLbGlmY2tXSHU0TE5wYlNXUm5GdlJpOFE3bDlvd2Jib0hHaUxzYzAyeUYvUGZ0bzE4MVciLCJtYWMiOiJmZmZjOWJmMTdkYjA1MWQ2YjFlZTUxYTBhODc1ODQ4NjA2OGUzNzRjOTQzYzQ2NjZjOTM3ZDhhOWNjOGM1NDlmIiwidGFnIjoiIn0%3D; expires=Fri, 08 Dec 2023 01:26:30 GMT; Max-Age=18000; path=/; secure; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6V%2BakrfAUJz7HLv8FzLgOcv%2FSGHAdhHTzSw2R%2FmNil04SSBATq1kGbCbmpN271ed3Tg%2B5mrQy1yePsFSTww0aek1Tqf%2BrlBAufScE3TI1U9a9A7%2B9X7my54Bv9hQVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 831f81010a3cb4fd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 0.0.36.76
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
52.173.151.229
188.114.97.1
0.0.0.0