Report - www.eightgroup.com/b2409.ps1

Report Overview

Visitedpublic

2024-10-11 07:28:38

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-10 13:37:19	1.3 kB	3.6 kB	23.33.119.27
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-10 13:37:10	981 B	2.7 kB	23.36.76.225
www.eightgroup.com	unknown	2001-11-26	2013-11-24 01:00:38	2020-06-03 14:27:42	1.9 kB	21 kB	43.252.164.206

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-10-11	medium	www.eightgroup.com/b2409.ps1	Detects obfuscated PowerShell hacktools

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen8659

Size504 B (504 bytes)

MD576d4815925a4b4cf3dbb800eaa4a7770

SHA1317eb0f0486d1a342b5141b3b2f9ef4309bbdeb7

SHA2563ab4458319db72633c073ecac5c8da5994f6fa797fd44bc6170fcd3400d5eeab

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3AB4458319DB72633C073ECAC5C8DA5994F6FA797FD44BC6170FCD3400D5EEAB"
Last-Modified: Thu, 10 Oct 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5455
Expires: Fri, 11 Oct 2024 08:59:07 GMT
Date: Fri, 11 Oct 2024 07:28:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen9094

Size504 B (504 bytes)

MD58d0c1ae5484a4448ab6dd48672401aca

SHA1a0604686c65b0ef3bbd3e3d7de3cacde802019eb

SHA25653c13aa9579590c5aa281e7d8203e3a16e7fc10f1ea6137dbca2724177e7dcba

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "53C13AA9579590C5AA281E7D8203E3A16E7FC10F1EA6137DBCA2724177E7DCBA"
Last-Modified: Thu, 10 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20096
Expires: Fri, 11 Oct 2024 13:03:08 GMT
Date: Fri, 11 Oct 2024 07:28:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-12

Times Seen5673

Size504 B (504 bytes)

MD536f66a869b9d38762409dbbe1da64bad

SHA177b699c33a7ddc6a9fee2919b852cf8a4b22da0b

SHA256cdf370a2e3b59729aee219dee9744cdf4da205864c66118a79742c08cd438c31

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CDF370A2E3B59729AEE219DEE9744CDF4DA205864C66118A79742C08CD438C31"
Last-Modified: Thu, 10 Oct 2024 21:41:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Fri, 11 Oct 2024 08:51:08 GMT
Date: Fri, 11 Oct 2024 07:28:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen9368

Size504 B (504 bytes)

MD5ed6e60e33d0aa95a26592786089c9116

SHA153a5ea803e1191edc5630b976fa90601237d258d

SHA25698933ab8c57ee731e4f66f10d98ffec955d29f456dde460d0a0a1f91a5a4aa1f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "98933AB8C57EE731E4F66F10D98FFEC955D29F456DDE460D0A0A1F91A5A4AA1F"
Last-Modified: Thu, 10 Oct 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12395
Expires: Fri, 11 Oct 2024 10:54:48 GMT
Date: Fri, 11 Oct 2024 07:28:13 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen8461

Size504 B (504 bytes)

MD5af0d1cea6aa0671f0271828695f79be4

SHA1ae58030b5e611aa6a2a4b608a18e49f7f4cbe9c3

SHA25633e0e5962e66d1ce7c82595b0bca02808bbddc350a471425a2046aeb2a4e9260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "33E0E5962E66D1CE7C82595B0BCA02808BBDDC350A471425A2046AEB2A4E9260"
Last-Modified: Thu, 10 Oct 2024 21:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2697
Expires: Fri, 11 Oct 2024 08:13:11 GMT
Date: Fri, 11 Oct 2024 07:28:14 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen8461

Size504 B (504 bytes)

MD5af0d1cea6aa0671f0271828695f79be4

SHA1ae58030b5e611aa6a2a4b608a18e49f7f4cbe9c3

SHA25633e0e5962e66d1ce7c82595b0bca02808bbddc350a471425a2046aeb2a4e9260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "33E0E5962E66D1CE7C82595B0BCA02808BBDDC350A471425A2046AEB2A4E9260"
Last-Modified: Thu, 10 Oct 2024 21:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2697
Expires: Fri, 11 Oct 2024 08:13:11 GMT
Date: Fri, 11 Oct 2024 07:28:14 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.225

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen8461

Size504 B (504 bytes)

MD5af0d1cea6aa0671f0271828695f79be4

SHA1ae58030b5e611aa6a2a4b608a18e49f7f4cbe9c3

SHA25633e0e5962e66d1ce7c82595b0bca02808bbddc350a471425a2046aeb2a4e9260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "33E0E5962E66D1CE7C82595B0BCA02808BBDDC350A471425A2046AEB2A4E9260"
Last-Modified: Thu, 10 Oct 2024 21:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2697
Expires: Fri, 11 Oct 2024 08:13:11 GMT
Date: Fri, 11 Oct 2024 07:28:14 GMT
Connection: keep-alive

GET www.eightgroup.com/b2409.ps1

43.252.164.206

200 OK

3.1 kB

URL

www.eightgroup.com/b2409.ps1

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byN/A

Resource Info

File typeASCII text, with very long lines (7689), with no line terminators

First Seen2024-09-26

Last Seen2024-10-26

Times Seen6

Size3.1 kB (3078 bytes)

MD55d323f4a98257ef9d16842a6ed0895c2

SHA1926b25ff4267e313950fac1396da2f5a14f0517e

SHA256b8ff387d8dd2b54840d5727c0679868b738c9b06dad2cb17b6f7181b4eae432f

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects obfuscated PowerShell hacktools

HTTP Headers

GET /b2409.ps1 HTTP/1.1
Host: www.eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 11 Oct 2024 07:28:15 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3078
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET www.eightgroup.com/favicon.ico

43.252.164.206

301 Moved Permanently

0 B

URL

www.eightgroup.com/favicon.ico

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byhttps://www.eightgroup.com/b2409.ps1

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606111

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.eightgroup.com/b2409.ps1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 11 Oct 2024 07:28:16 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=10d4402a9342df860c7ccfe5e4f05df2; path=/
Location: /en/
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET www.eightgroup.com/en/

43.252.164.206

302 Found

0 B

URL

www.eightgroup.com/en/

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byhttps://www.eightgroup.com/b2409.ps1

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606111

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

HTTP Headers

GET /en/ HTTP/1.1
Host: www.eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.eightgroup.com/b2409.ps1
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=10d4402a9342df860c7ccfe5e4f05df2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 11 Oct 2024 07:28:18 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Location: /en/home/
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

GET www.eightgroup.com/en/home/

43.252.164.206

200 OK

16 kB

URL

www.eightgroup.com/en/home/

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byhttps://www.eightgroup.com/b2409.ps1

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (5096)

First Seen2024-10-11

Last Seen2024-10-11

Times Seen1

Size16 kB (15647 bytes)

MD546340afd78be11c54d6970d2a11efe00

SHA16a5b84b99e9dc180b3f15cd92fe724e6f5e646ea

SHA25644f82f226170f3a26634bbcae916f5eec92786678411d41ed47e8b5b85814bf9

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

HTTP Headers

GET /en/home/ HTTP/1.1
Host: www.eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.eightgroup.com/b2409.ps1
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=10d4402a9342df860c7ccfe5e4f05df2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 11 Oct 2024 07:28:19 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15647
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8