IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 515f791ee9a3c5604aeaf054ee194481
dd5b7675f0f8e406ca99398262be0b23289d4c18
77ca6162d541871429cc1fbaf7b2681f391e60035019db207ee9a5ad43458bfb
GET / HTTP/1.1
Host: lutbot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: s5ZGlNNRWHotijW4u09Q/cEriHEMD2Cqhjf3FFzMvQ+FyFI2ECMfOxi/QaojXyCzy0tFSBaI5vM=
x-amz-request-id: JHV5D29DHHANJ1TB
Date: Fri, 15 Sep 2023 23:46:53 GMT
Last-Modified: Fri, 04 Aug 2017 03:15:24 GMT
ETag: "515f791ee9a3c5604aeaf054ee194481"
Content-Type: text/html
Server: AmazonS3
Content-Length: 1523
GET lutbot.com/ahk/cports.exe
200 OK 72 kB URL User Request GET HTTP/1.1 lutbot.com/ahk/cports.exe
IP
File type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed\012- data
Hash 002fa2cfb94b292a55d246aa4377c789
bc43cef8bd77d5fa8ad5a57ea495314ab356ed18
34c312e36bcd56b437edb5c5b1bd23a075f61bfed7208cd8aa6ccd87bda98710
Analyzer Verdict Alert VirusTotal suspicious
NIDS Severity Alert suricata medium ET POLICY Executable served from Amazon S3
suricata high ET POLICY PE EXE or DLL Windows file download HTTP
GET /ahk/cports.exe HTTP/1.1
Host: lutbot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: pRZnjRgYtv4jpUFlQXMJQZaR8BIGGyEK0DYXhjXCWLPxag4xtoXzttNjK1CxbMJaerzsykQBjbY=
x-amz-request-id: 9AG3D23C7G87MB8T
Date: Fri, 15 Sep 2023 23:46:54 GMT
Last-Modified: Mon, 06 Apr 2015 21:36:26 GMT
ETag: "002fa2cfb94b292a55d246aa4377c789"
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 72288
52.216.56.77