| tampabayllc.top/favicon.ico |  172.67.222.157 | 404 Not Found | 9.9 kB |
URL GET HTTP/3tampabayllc.top/favicon.ico IP172.67.222.157:443
Requested byhttps://tampabayllc.top/teamb/five/PvqDq929BSx_A_D_M1n_a.php CertificateIssuerGoogle Trust Services LLC Subjecttampabayllc.top Fingerprint8D:78:83:52:4C:15:DE:D8:2C:24:99:2E:06:FC:65:5E:25:98:A2:E7 ValiditySat, 13 Apr 2024 17:43:45 GMT - Fri, 12 Jul 2024 17:43:44 GMT
File typeHTML document, ASCII text Hash18ffb59b61525f781cf9251045be575d bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel | | urlquery | malware | Malware - Loki botnet panel | | ThreatFox | malicious | Loki Password Stealer (PWS) | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: tampabayllc.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tampabayllc.top/teamb/five/PvqDq929BSx_A_D_M1n_a.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Wed, 08 May 2024 12:26:16 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q53qsWGmDs%2BOWrDeEqwQb3BSNQ7N89xXwaTkfrk3S%2B15n%2FBw8scisXvVBdoy7CfpmqYpYMarZqHi5c2ZojyFYbGiHYN1%2Fsc4swyWM5tvw8gEjWQVEul6x7G%2BOdKat%2FoPuFY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88096fee18a31bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
| tampabayllc.top/teamb/five/PvqDq929BSx_A_D_M1n_a.php | 172.67.222.157 | 200 OK | 1.3 kB |
URL User Request GET HTTP/2tampabayllc.top/teamb/five/PvqDq929BSx_A_D_M1n_a.php IP172.67.222.157:443
CertificateIssuerGoogle Trust Services LLC Subjecttampabayllc.top Fingerprint8D:78:83:52:4C:15:DE:D8:2C:24:99:2E:06:FC:65:5E:25:98:A2:E7 ValiditySat, 13 Apr 2024 17:43:45 GMT - Fri, 12 Jul 2024 17:43:44 GMT
File typeHTML document, ASCII text, with very long lines (1375), with no line terminators Hashbf60e6b31221d78c01498449b23b40e9 647b20ca14c2bdb1b395d54ef40a154d894baf70 28cfe6279164b5c4871344c763c0f2f1ae79eea6fc127cb91d91f417b6facbd7
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel | | ThreatFox | malicious | LokiBot | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /teamb/five/PvqDq929BSx_A_D_M1n_a.php HTTP/1.1
Host: tampabayllc.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 12:26:16 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.4.16
expires: Mon, 01 Jul 2000 01:00:00 GMT
last-modified: Wed, 08 May 2024 12:26:16 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F05JC1cB71u%2BynEcwbr1Cd%2Bez8hWIgv49%2Fa8YmOsmq9ayYFpIQii%2FVDK2gyqwuR1jhFm1RsHVisKyrg9eFHdj7BO%2BsEFzOfgxGH%2FD5AbMXWsLCwn0YPzrEWTqeDslY8SyMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88096feb7d395699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|