| tangible-drink.surge.sh/configx.txt |  138.68.112.220 | 200 OK | 16 kB |
URL User Request GET HTTP/1.1tangible-drink.surge.sh/configx.txt IP138.68.112.220:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerSectigo Limited Subject*.surge.sh Fingerprint94:A8:88:4D:CE:F7:21:78:C0:1F:3A:A3:E5:B3:40:18:17:AD:A2:E6 ValiditySun, 23 Apr 2023 00:00:00 GMT - Sat, 18 May 2024 23:59:59 GMT
File typePHP script, Unicode text, UTF-8 (with BOM) text, with very long lines (19829) Hash3fae93618edffe4331d18d8b8e6df693 06641b9b3b5088c48c7660ad3bf160bc87a929fd de1114a09cbab5ae9c1011ddd11719f15087cc29c8303da2e71d861b0594a1ba
| Analyzer | Verdict | Alert |
|---|
| Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings | | Public Nextron YARA rules | malware | PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k | | Public Nextron YARA rules | malware | PHP webshell using some kind of eval with encoded blob to decode |
GET /configx.txt HTTP/1.1
Host: tangible-drink.surge.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Surge
Surge-Cache: HIT
Surge-Stamp: 6358::1632067038345-3fae93618edffe4331d18d8b8e6df693
Age: 7691556
Date: Wed, 01 May 2024 21:44:28 GMT
Cache-Control: public, max-age=0, must-revalidate
ETag: "de1114a09cbab5ae9c1011ddd11719f15087cc29c8303da2e71d861b0594a1ba"
Content-Type: text/plain; charset=UTF-8
Accept-Ranges: bytes
Response-Time: 1ms
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked
|
| tangible-drink.surge.sh/favicon.ico | 138.68.112.220 | 404 Not Found | 8.2 kB |
URL GET HTTP/1.1tangible-drink.surge.sh/favicon.ico IP138.68.112.220:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://tangible-drink.surge.sh/configx.txt CertificateIssuerSectigo Limited Subject*.surge.sh Fingerprint94:A8:88:4D:CE:F7:21:78:C0:1F:3A:A3:E5:B3:40:18:17:AD:A2:E6 ValiditySun, 23 Apr 2023 00:00:00 GMT - Sat, 18 May 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (6824) Hash56d9db00543382055098e36400876fd3 069abcf2cca5e0e2cd4f0522474f22978fe537ed 5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468
GET /favicon.ico HTTP/1.1
Host: tangible-drink.surge.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tangible-drink.surge.sh/configx.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: Surge
Surge-Cache: HIT
Surge-Stamp: 6289::1632067038345
Content-Type: text/html; charset=utf-8
Content-Length: 8247
ETag: W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0"
Date: Wed, 01 May 2024 21:44:29 GMT
Connection: close
|