URL User Request GET HTTP/2IP 143.204.55.38:443
CertificateIssuerAmazon Subjectyudhi777.xyz FingerprintE8:46:65:2F:4D:D8:A3:E7:13:26:4C:D3:F7:08:18:1F:F4:AB:61:7F ValidityThu, 30 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashf5d40b7259645010f9a248858ad14178 b3051d17a6ec8c9e166bf09a62b48261ab86957b 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
| NIDS | Severity | Alert |
|---|
| suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /Heidi.exe HTTP/1.1
Host: yudhi777.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 05 Dec 2023 08:35:02 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://yudhi777.xyz/Heidi.exe
X-Cache: Redirect from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eRhr830XzeWhv4nep7hVpbZEdhrS6xL-0e6D-imyo4CNvmF8MoQSfg==
|
IP143.204.55.108:443
Requested byhttps://yudhi777.xyz/Heidi.exe CertificateIssuerAmazon Subjectyudhi777.xyz FingerprintE8:46:65:2F:4D:D8:A3:E7:13:26:4C:D3:F7:08:18:1F:F4:AB:61:7F ValidityThu, 30 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT
File typeXML document, ASCII text, with no line terminators Hash159a0571d260c4c8b5ae7c1a0f427d7f 91c8a1cd73c6100203ef98eaba826270b44e19ce 86bcc3a9ce01ee33623e2d905d36bee67c538d1dd25149f6be3d7402dcf2e52b
GET /favicon.ico HTTP/1.1
Host: yudhi777.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yudhi777.xyz/Heidi.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
content-type: application/xml
date: Tue, 05 Dec 2023 08:35:03 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RUdpAWU12BF0JKjRkFNFbDUCtNpHMVS-3pTAsR34Ry5BAcczeEWCVQ==
X-Firefox-Spdy: h2
|