| kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt |  185.27.134.162 | 200 OK | 893 B |
URL User Request GET kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt IP185.27.134.162:443 ASN#34119 Wildcard UK Limited
CertificateIssuerZeroSSL Subjectgreat-site.net Fingerprint87:F7:E8:B3:5B:53:8D:E4:5C:D8:CA:DC:94:3A:7F:E2:29:0A:E8:AE ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (893), with no line terminators Hash817f4be0a2694851af841b9fc28eb2a4 e78d26f5c74068728fb4ea217dd74ab356b45ea7 a4716396eeca616c1f72e3610faf44db86608880b861165a58c87b9b2716e733
GET /arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt HTTP/1.1
Host: kimber5.great-site.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 12 May 2025 03:41:48 GMT
Content-Type: text/html
Content-Length: 893
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
|
|
| kimber5.great-site.net/aes.js | 185.27.134.162 | 200 OK | 14 kB |
URL GET kimber5.great-site.net/aes.js IP185.27.134.162:443 ASN#34119 Wildcard UK Limited
Requested byhttps://kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt CertificateIssuerZeroSSL Subjectgreat-site.net Fingerprint87:F7:E8:B3:5B:53:8D:E4:5C:D8:CA:DC:94:3A:7F:E2:29:0A:E8:AE ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT
File typeASCII text, with very long lines (13733), with no line terminators Hashfc66e046447092c606f2587837f96874 fcf354a8044f494ee1f9fe868dde3f570f50e593 5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
GET /aes.js HTTP/1.1
Host: kimber5.great-site.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 12 May 2025 03:41:48 GMT
Content-Type: application/javascript
Content-Length: 13733
Last-Modified: Sun, 15 Oct 2023 17:25:09 GMT
Connection: keep-alive
ETag: "652c2075-35a5"
Accept-Ranges: bytes
|
|
| kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt?i=1 | 185.27.134.162 | 200 OK | 392 kB |
URL User Request GET kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt?i=1 IP185.27.134.162:443 ASN#34119 Wildcard UK Limited
CertificateIssuerZeroSSL Subjectgreat-site.net Fingerprint87:F7:E8:B3:5B:53:8D:E4:5C:D8:CA:DC:94:3A:7F:E2:29:0A:E8:AE ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size392 kB (391852 bytes) Hash30b717600cfec059fe0c43fca072e05a 046e21c079d5b7895ba8990f43bbe02c9b2bc84a 77828c66318cfe3e96b2afa44d91c211827cde258103c900bfc1138a48656cf0
| Analyzer | Verdict | Alert |
|---|
| Public Nextron YARA rules | malware | Detects an base64 encoded executable with reversed characters |
GET /arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt?i=1 HTTP/1.1
Host: kimber5.great-site.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt
Cookie: __test=8b91a4f94ae4f3c25c0e5bae007e4354
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 12 May 2025 03:41:48 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 391852
Connection: keep-alive
Last-Modified: Mon, 12 May 2025 01:08:41 GMT
ETag: "5faac-634e5f4f2ea78"
Cache-Control: max-age=2592000, public, public, proxy-revalidate, must-revalidate
Expires: Wed, 11 Jun 2025 03:41:48 GMT
Accept-Ranges: bytes
|
|
| kimber5.great-site.net/favicon.ico | 185.27.134.162 | 302 Found | 0 B |
URL GET kimber5.great-site.net/favicon.ico IP185.27.134.162:443 ASN#34119 Wildcard UK Limited
Requested byhttps://kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt?i=1 CertificateIssuerZeroSSL Subjectgreat-site.net Fingerprint87:F7:E8:B3:5B:53:8D:E4:5C:D8:CA:DC:94:3A:7F:E2:29:0A:E8:AE ValidityFri, 09 May 2025 00:00:00 GMT - Thu, 07 Aug 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: kimber5.great-site.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt?i=1
Cookie: __test=8b91a4f94ae4f3c25c0e5bae007e4354
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: openresty
Date: Mon, 12 May 2025 03:41:48 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 227
Connection: keep-alive
Location: https://errors.infinityfree.net/errors/404/
Cache-Control: max-age=2592000
Expires: Wed, 11 Jun 2025 03:41:48 GMT
|
|
| errors.infinityfree.net/errors/404/ |  104.26.8.174 | 404 Not Found | 0 B |
URL GET errors.infinityfree.net/errors/404/ IP104.26.8.174:443
Requested byhttps://kimber5.great-site.net/arquivo_c9ff242e8a0c496388f07cc3e02a4607.txt?i=1 CertificateIssuerGoogle Trust Services Subjectinfinityfree.net FingerprintBA:21:90:1D:69:D2:BE:DC:94:39:28:3D:F3:E5:C2:B4:94:65:E8:1B ValiditySat, 03 May 2025 23:24:14 GMT - Sat, 02 Aug 2025 00:24:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /errors/404/ HTTP/1.1
Host: errors.infinityfree.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kimber5.great-site.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Mon, 12 May 2025 03:41:49 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0f0k45vKsdVpHok4wIWkBSHFMCmoQxFcpjA0EwFO6xHmCbDcGxvmGyVGA7q6%2BAAHFgGZuitMTKyOQ3yI%2Fbw%2BMPoytbOnGZG%2FVhWDsPwdMp0G%2FDf5HLPVyvL9SLBVsWWX6gXGpu8D4tI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 93e6e70dac1a568b-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=6097&min_rtt=427&rtt_var=11342&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3289&recv_bytes=1228&delivery_rate=7621052&cwnd=254&unsent_bytes=0&cid=7b9d7e775af3c1fa&ts=172&x=0"
X-Firefox-Spdy: h2
|
|