| sdfa.liveblog365.com/ares/hades.txt?i=1 | 185.27.134.143 | 200 OK | 2.4 kB |
URL User Request GET HTTP/1.1sdfa.liveblog365.com/ares/hades.txt?i=1 IP185.27.134.143:80 ASN#34119 Wildcard UK Limited
File typeASCII text, with very long lines (347), with CRLF line terminators Hash88b823fd3080b79b64513d94d996a0a3 16f92f47acffcde44055571c41890a4164b2dd14 87def1cb62e69b30347ff26e07746b243ec673f656b30e698bf88b7eb0f8b0cc
NIDS | Severity | Alert | suricata | medium | ETPRO HUNTING Suspicious PowerShell String Inbound (WScript.Shell) |
GET /ares/hades.txt?i=1 HTTP/1.1
Host: sdfa.liveblog365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 Apr 2024 14:11:29 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 2391
Connection: keep-alive
Last-Modified: Wed, 24 Apr 2024 01:24:41 GMT
ETag: "957-616cd88f106e0"
Cache-Control: max-age=2592000, public, public, proxy-revalidate, must-revalidate
Expires: Sat, 25 May 2024 14:11:29 GMT
Accept-Ranges: bytes
|
| sdfa.liveblog365.com/favicon.ico | 185.27.134.143 | | 221 B |
URL GET sdfa.liveblog365.com/favicon.ico IP185.27.134.143:0 ASN#34119 Wildcard UK Limited
Requested byhttp://sdfa.liveblog365.com/ares/hades.txt?i=1
File typeHTML document, ASCII text Hashdc84ddf45cd5813c6eae7087c9f7719c 416b2531e85edb9115dc751450bbcc4fffb591ed a10c3092c7d1ad81d6d321142f22e67ec18f3ac9c5693265ac3b0ce20e9299a6
GET /favicon.ico HTTP/1.1
Host: sdfa.liveblog365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sdfa.liveblog365.com/ares/hades.txt?i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 25 Apr 2024 14:11:30 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 221
Connection: keep-alive
Location: https://profreehost.com/404/index.php
Cache-Control: max-age=2592000
Expires: Sat, 25 May 2024 14:11:30 GMT
|
| profreehost.com/404/index.php | 103.11.64.176 | | 1.9 kB |
URL GET profreehost.com/404/index.php IP103.11.64.176:0
Requested byhttp://sdfa.liveblog365.com/ares/hades.txt?i=1 CertificateIssuerSectigo Limited Subjectprofreehost.com FingerprintF5:EB:03:A5:43:9D:9D:A5:59:0A:81:0A:91:E9:C2:BC:9E:32:44:C1 ValidityTue, 27 Feb 2024 00:00:00 GMT - Sat, 29 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hasha3aa5b10a98e83b5ce5b79933e98b999 727fe7282efa94c15c0be148d8f1314b45054cfb 5f717edcffd88dfc98957ce29e1b6b9900139f6c63e14d804e0057e112d43623
GET /404/index.php HTTP/1.1
Host: profreehost.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sdfa.liveblog365.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 Apr 2024 14:11:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/8.2.10
Set-Cookie: PHPSESSID=38de13ce9d5f1e3b392fb8140469a740; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
|