URL User Request GET HTTP/1.1IP37.60.252.83:3000
File typeHTML document, ASCII text Hash2c31127d2802cd3e0bcc1d8652574116 04729c34113f2cf7aa65132f787588b4589a2b74 87684ba582245c209871960f9e50ceba406ee627af9f151436f1ed5d67c51d9a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 37.60.252.83:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sun, 21 Apr 2024 22:41:28 GMT
ETag: W/"13a-18f02d24f0e"
Content-Type: text/html; charset=UTF-8
Content-Length: 314
Date: Fri, 26 Apr 2024 20:40:46 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
| 37.60.252.83:3000/bundle.js | 37.60.252.83 | 200 OK | 141 kB |
URL GET HTTP/1.137.60.252.83:3000/bundle.js IP37.60.252.83:3000
Requested byhttp://37.60.252.83:3000/
File typeJavaScript source, ASCII text, with very long lines (65472) Size141 kB (141053 bytes) Hash240dd6ec4e922859e95c5f2b79b90d8c 365da7009c5bafe8c3a77a31cb7d8d2a84dd6e82 377675f6da2e882429d5acd6f0c29230251756e65ef0e6ab80ef5d6cb9e69af0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bundle.js HTTP/1.1
Host: 37.60.252.83:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://37.60.252.83:3000/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 23 Apr 2024 01:55:26 GMT
ETag: W/"226fd-18f08aa3ec7"
Content-Type: application/javascript; charset=UTF-8
Content-Length: 141053
Date: Fri, 26 Apr 2024 20:40:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
| 37.60.252.83:3000/reverse-shells | 37.60.252.83 | 200 OK | 118 B |
URL GET HTTP/1.137.60.252.83:3000/reverse-shells IP37.60.252.83:3000
Requested byhttp://37.60.252.83:3000/
Hash25c64800d2103e73332616aac19568de ff76c6d641b9c1781b42577cb35b0661f775233c 2fbf63083ba1a22ee0e297c3f39c0e6b6da65d02764c5cb90c3b12b33c2b871f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /reverse-shells HTTP/1.1
Host: 37.60.252.83:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://37.60.252.83:3000/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 118
ETag: W/"76-/3bG1kG5wXgbQld8s1sGYfd1Izw"
Date: Fri, 26 Apr 2024 20:40:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
URL User Request GET HTTP/1.1IP37.60.252.83:3000
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 37.60.252.83:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://37.60.252.83:3000
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5HWeqliXrq6r3Bu1VxyarQ==
DNT: 1
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: hFPq2wLBnswkcJ3Q08MVLGCeSGw=
|
| 37.60.252.83:3000/favicon.ico | 37.60.252.83 | 404 Not Found | 150 B |
URL GET HTTP/1.137.60.252.83:3000/favicon.ico IP37.60.252.83:3000
Requested byhttp://37.60.252.83:3000/
File typeHTML document, ASCII text Hash84241342d84ac29592a5d9516f8edf7f 03c53980e18e17625f439c20e7d438f066202428 6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 37.60.252.83:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://37.60.252.83:3000/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
X-Powered-By: Express
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 150
Date: Fri, 26 Apr 2024 20:40:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
IP37.60.252.83:3000
Requested byhttp://37.60.252.83:3000/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 37.60.252.83:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://37.60.252.83:3000
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5HWeqliXrq6r3Bu1VxyarQ==
DNT: 1
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: hFPq2wLBnswkcJ3Q08MVLGCeSGw=
|