Report - eightgroup.com/b2409.ps1

Report Overview

Visitedpublic

2024-10-26 00:54:16

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
eightgroup.com	unknown	2001-11-26	2024-10-26	2024-10-26	1.9 kB	21 kB	43.252.164.206

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-10-26	medium	eightgroup.com/b2409.ps1	Detects obfuscated PowerShell hacktools

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

GET eightgroup.com/b2409.ps1

43.252.164.206

200 OK

3.1 kB

URL

eightgroup.com/b2409.ps1

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byN/A

Resource Info

File typeASCII text, with very long lines (7689), with no line terminators

First Seen2024-09-26

Last Seen2024-10-26

Times Seen6

Size3.1 kB (3078 bytes)

MD55d323f4a98257ef9d16842a6ed0895c2

SHA1926b25ff4267e313950fac1396da2f5a14f0517e

SHA256b8ff387d8dd2b54840d5727c0679868b738c9b06dad2cb17b6f7181b4eae432f

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects obfuscated PowerShell hacktools

HTTP Headers

GET /b2409.ps1 HTTP/1.1
Host: eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Oct 2024 00:53:51 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3078
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET eightgroup.com/favicon.ico

43.252.164.206

301 Moved Permanently

0 B

URL

eightgroup.com/favicon.ico

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byhttps://eightgroup.com/b2409.ps1

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605996

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eightgroup.com/b2409.ps1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Oct 2024 00:53:53 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=670f61de8ec1f69087af7e015b3a680e; path=/
Location: /en/
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET eightgroup.com/en/

43.252.164.206

302 Found

0 B

URL

eightgroup.com/en/

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byhttps://eightgroup.com/b2409.ps1

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605996

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

HTTP Headers

GET /en/ HTTP/1.1
Host: eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eightgroup.com/b2409.ps1
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=670f61de8ec1f69087af7e015b3a680e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 26 Oct 2024 00:53:54 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Location: /en/home/
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

GET eightgroup.com/en/home/

43.252.164.206

200 OK

16 kB

URL

eightgroup.com/en/home/

IP / ASN

43.252.164.206

#38277 CommuniLink Internet Limited.

Requested byhttps://eightgroup.com/b2409.ps1

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (5096)

First Seen2024-10-26

Last Seen2024-10-26

Times Seen1

Size16 kB (15652 bytes)

MD521746fc49f4580dd75855c5bfea57b8e

SHA1911e1a26c4fb1d9d60ee7ae20dfa48d96fe7bf3e

SHA2567aaa7b09a95abc16f7feeb3a69addad8608d2948920c43102cf01c043f5ebd36

Certificate Info

IssuerGoDaddy.com, Inc.

Subjectwww.eightgroup.com

Fingerprint4E:E0:8B:4E:33:DD:D1:3C:04:9F:6A:1A:EA:76:35:26:EB:77:D8:F2

ValidityThu, 01 Aug 2024 23:27:26 GMT - Wed, 13 Aug 2025 08:32:09 GMT

HTTP Headers

GET /en/home/ HTTP/1.1
Host: eightgroup.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eightgroup.com/b2409.ps1
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=670f61de8ec1f69087af7e015b3a680e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Oct 2024 00:53:55 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
X-Powered-By: PHP/7.4.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15652
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8