| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:07 GMT
content-type: text/html
content-length: 2193
vary: Accept-Encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 957566469bcab259d2c4264a17dfe25c-bnk-edge1
X-Firefox-Spdy: h2
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:07 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: b17d99523faf350bd2ca199eb1bb1150-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3ab88367475105e594ad5e4ba519a66e-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:08 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6fef699784b581e4c7adb7c69cd112b8-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge-validate | 154.41.248.82 | | 0 B |
URL nexusts.pro/hcdn-cgi/jschallenge-validate IP154.41.248.82:0 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://nexusts.pro
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:11 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAZYTkiHE6Ewq3sikvI03K-bbKxSMMMnaJUdQsH4UdOHaDAT5mAAAAAADOAABizIgwokMYYBqfqE-QUkyNAAAAVMMeHZ6kJuhSPEGtofIThw; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 46758dfc81875b01e0769bc79adbe076-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAZYTkiHE6Ewq3sikvI03K-bbKxSMMMnaJUdQsH4UdOHaDAT5mAAAAAADOAABizIgwokMYYBqfqE-QUkyNAAAAVMMeHZ6kJuhSPEGtofIThw
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:11 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 820604f1a62f676f128f24332c197ec4-bnk-edge1
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAZYTkiHE6Ewq3sikvI03K-bbKxSMMMnaJUdQsH4UdOHaDAT5mAAAAAADOAABizIgwokMYYBqfqE-QUkyNAAAAVMMeHZ6kJuhSPEGtofIThw
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:11 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 5a53cd218e0e3ec38221142464f6296d-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAZYTkiHE6Ewq3sikvI03K-bbKxSMMMnaJUdQsH4UdOHaDAT5mAAAAAADOAABizIgwokMYYBqfqE-QUkyNAAAAVMMeHZ6kJuhSPEGtofIThw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:11 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: ca59e8070e990c7d6a66486e1816daec-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAZYTkiHE6Ewq3sikvI03K-bbKxSMMMnaJUdQsH4UdOHaDAT5mAAAAAADOAABizIgwokMYYBqfqE-QUkyNAAAAVMMeHZ6kJuhSPEGtofIThw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:11 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3f0bd8a673fb4049f165f5c120c4b971-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge-validate | 154.41.248.82 | | 0 B |
URL nexusts.pro/hcdn-cgi/jschallenge-validate IP154.41.248.82:0 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://nexusts.pro
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAZYTkiHE6Ewq3sikvI03K-bbKxSMMMnaJUdQsH4UdOHaDAT5mAAAAAADOAABizIgwokMYYBqfqE-QUkyNAAAAVMMeHZ6kJuhSPEGtofIThw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:14 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEACvKkUA3B5uKrDxEfyTs5Yl8ZYIkU4EeLHzO1cZn8aWmDAT5mAAMAAADnAABi898PmPyavlgZvG6vaeT1AAAAIAXQEo--q9-vO8hE9VctSQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: fc8bbb6afeb1612d44026bc3ec6a4720-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEACvKkUA3B5uKrDxEfyTs5Yl8ZYIkU4EeLHzO1cZn8aWmDAT5mAAMAAADnAABi898PmPyavlgZvG6vaeT1AAAAIAXQEo--q9-vO8hE9VctSQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:14 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 4198fb4051f8e595872fb212697b8cfd-bnk-edge1
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEACvKkUA3B5uKrDxEfyTs5Yl8ZYIkU4EeLHzO1cZn8aWmDAT5mAAMAAADnAABi898PmPyavlgZvG6vaeT1AAAAIAXQEo--q9-vO8hE9VctSQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:14 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: c393246d7cf42423a3acbb869bb8db21-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEACvKkUA3B5uKrDxEfyTs5Yl8ZYIkU4EeLHzO1cZn8aWmDAT5mAAMAAADnAABi898PmPyavlgZvG6vaeT1AAAAIAXQEo--q9-vO8hE9VctSQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 26f604cff3827455bb85292f8442a51e-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEACvKkUA3B5uKrDxEfyTs5Yl8ZYIkU4EeLHzO1cZn8aWmDAT5mAAMAAADnAABi898PmPyavlgZvG6vaeT1AAAAIAXQEo--q9-vO8hE9VctSQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:14 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 23138c8c996d370dbc2f3432a270dc73-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge-validate | 154.41.248.82 | | 0 B |
URL nexusts.pro/hcdn-cgi/jschallenge-validate IP154.41.248.82:0 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://nexusts.pro
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEACvKkUA3B5uKrDxEfyTs5Yl8ZYIkU4EeLHzO1cZn8aWmDAT5mAAMAAADnAABi898PmPyavlgZvG6vaeT1AAAAIAXQEo--q9-vO8hE9VctSQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:17 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAq1aYlO6zys7RV7jsy4Izh3Cxa-GPMQqpjTAfOhBYOvWDAT5mAAYAAADnAABUPXsFTQteiphfe5MrrRhpAAAA6qf2lpvNUXJGLrXpKSuGkw; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 598a12ad3bdfdcfdf45b5c5ce3b94b92-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAq1aYlO6zys7RV7jsy4Izh3Cxa-GPMQqpjTAfOhBYOvWDAT5mAAYAAADnAABUPXsFTQteiphfe5MrrRhpAAAA6qf2lpvNUXJGLrXpKSuGkw
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:17 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f4a66e6866d6bef7f81d989394c88b75-bnk-edge1
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAq1aYlO6zys7RV7jsy4Izh3Cxa-GPMQqpjTAfOhBYOvWDAT5mAAYAAADnAABUPXsFTQteiphfe5MrrRhpAAAA6qf2lpvNUXJGLrXpKSuGkw
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:17 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 98cde72ba4cf40cf824e11b9b0e0cb6c-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAq1aYlO6zys7RV7jsy4Izh3Cxa-GPMQqpjTAfOhBYOvWDAT5mAAYAAADnAABUPXsFTQteiphfe5MrrRhpAAAA6qf2lpvNUXJGLrXpKSuGkw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6552d6df78aa3c570161f4218a9c2160-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAq1aYlO6zys7RV7jsy4Izh3Cxa-GPMQqpjTAfOhBYOvWDAT5mAAYAAADnAABUPXsFTQteiphfe5MrrRhpAAAA6qf2lpvNUXJGLrXpKSuGkw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:17 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f90057834a262e533d0ebf4ea23e9397-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge-validate | 154.41.248.82 | | 0 B |
URL nexusts.pro/hcdn-cgi/jschallenge-validate IP154.41.248.82:0 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://nexusts.pro
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAq1aYlO6zys7RV7jsy4Izh3Cxa-GPMQqpjTAfOhBYOvWDAT5mAAYAAADnAABUPXsFTQteiphfe5MrrRhpAAAA6qf2lpvNUXJGLrXpKSuGkw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:20 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAk0n50ugzlrojQovfOpkDST2FlAOUcd2A5rBU2kMlA-eDAT5mAAkAAADnAAA0N43nJZJjKqH5LiAya2koAAAAyG8gOs4E2yghNGlCY5dFBA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3ed553227a9e7d6d0d12ebd67b49b93f-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAk0n50ugzlrojQovfOpkDST2FlAOUcd2A5rBU2kMlA-eDAT5mAAkAAADnAAA0N43nJZJjKqH5LiAya2koAAAAyG8gOs4E2yghNGlCY5dFBA
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:20 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6aead9927f52be61d59c17bc221a1fef-bnk-edge1
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAk0n50ugzlrojQovfOpkDST2FlAOUcd2A5rBU2kMlA-eDAT5mAAkAAADnAAA0N43nJZJjKqH5LiAya2koAAAAyG8gOs4E2yghNGlCY5dFBA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:20 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 65148823883307b6233782bb63bf7a07-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAk0n50ugzlrojQovfOpkDST2FlAOUcd2A5rBU2kMlA-eDAT5mAAkAAADnAAA0N43nJZJjKqH5LiAya2koAAAAyG8gOs4E2yghNGlCY5dFBA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f65182ed0786a73e7502a031377cbbb4-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAk0n50ugzlrojQovfOpkDST2FlAOUcd2A5rBU2kMlA-eDAT5mAAkAAADnAAA0N43nJZJjKqH5LiAya2koAAAAyG8gOs4E2yghNGlCY5dFBA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:20 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: a4eff7a5307a16a94265c21fa79fad96-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge-validate | 154.41.248.82 | | 0 B |
URL nexusts.pro/hcdn-cgi/jschallenge-validate IP154.41.248.82:0 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://nexusts.pro
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAk0n50ugzlrojQovfOpkDST2FlAOUcd2A5rBU2kMlA-eDAT5mAAkAAADnAAA0N43nJZJjKqH5LiAya2koAAAAyG8gOs4E2yghNGlCY5dFBA
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:23 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAwFOSpl97W2jRfTpxx3H8CXkqpaMiGogQfd0DxsjEbfyDAT5mAAwAAADnAABxGQ89FaEoSxfFiaxH4_hiAAAAE-BSaurU0eDwTyuX-mukcQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 01bacb47d70366a0758800463a0441bf-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEAwFOSpl97W2jRfTpxx3H8CXkqpaMiGogQfd0DxsjEbfyDAT5mAAwAAADnAABxGQ89FaEoSxfFiaxH4_hiAAAAE-BSaurU0eDwTyuX-mukcQ
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:24 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 5e5db30840a13c831e9de8cc8fad709f-bnk-edge1
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAwFOSpl97W2jRfTpxx3H8CXkqpaMiGogQfd0DxsjEbfyDAT5mAAwAAADnAABxGQ89FaEoSxfFiaxH4_hiAAAAE-BSaurU0eDwTyuX-mukcQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:24 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 25c1d46acf43acbb88eabf090e9b69a2-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAwFOSpl97W2jRfTpxx3H8CXkqpaMiGogQfd0DxsjEbfyDAT5mAAwAAADnAABxGQ89FaEoSxfFiaxH4_hiAAAAE-BSaurU0eDwTyuX-mukcQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: aa82cbedeee43e95b6c887ae643abf04-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAwFOSpl97W2jRfTpxx3H8CXkqpaMiGogQfd0DxsjEbfyDAT5mAAwAAADnAABxGQ89FaEoSxfFiaxH4_hiAAAAE-BSaurU0eDwTyuX-mukcQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:24 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: ee3e30be1db98091356220c1cf8f5679-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge-validate | 154.41.248.82 | | 0 B |
URL nexusts.pro/hcdn-cgi/jschallenge-validate IP154.41.248.82:0 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://nexusts.pro
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAwFOSpl97W2jRfTpxx3H8CXkqpaMiGogQfd0DxsjEbfyDAT5mAAwAAADnAABxGQ89FaEoSxfFiaxH4_hiAAAAE-BSaurU0eDwTyuX-mukcQ
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:27 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEA-dPzFDdqijwkAJq979qB0VZTGFjd5PYgrS_dncFEMMKDAT5mABAAAADnAAAizq2_5oKneRWgt7k5zdJEAAAAl1ABYYJtP7rB_AGj0exRYw; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3430943dee71cbdeec9dfb55642421c4-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.2 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: hcdn=AQEA-dPzFDdqijwkAJq979qB0VZTGFjd5PYgrS_dncFEMMKDAT5mABAAAADnAAAizq2_5oKneRWgt7k5zdJEAAAAl1ABYYJtP7rB_AGj0exRYw
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
server: hcdn
date: Fri, 10 May 2024 11:14:27 GMT
content-type: text/html
content-length: 2193
vary: accept-encoding
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8fedd98cfc38b420476eccfdc1c8a3cc-bnk-edge1
|
|
| nexusts.pro/xdownloadx/NEXUS.exe | 154.41.248.82 | 403 Forbidden | 2.4 kB |
URL User Request GET HTTP/3nexusts.pro/xdownloadx/NEXUS.exe IP154.41.248.82:443 ASN#47583 Hostinger International Limited
CertificateIssuerLet's Encrypt Subjectnexusts.pro Fingerprint4F:36:53:0C:70:67:EE:E7:BB:F4:1C:CF:C9:6E:06:D7:03:D6:2B:D1 ValidityWed, 10 Apr 2024 13:17:12 GMT - Tue, 09 Jul 2024 13:17:11 GMT
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
NIDS | Severity | Alert | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | suricata | high | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
GET /xdownloadx/NEXUS.exe HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA-dPzFDdqijwkAJq979qB0VZTGFjd5PYgrS_dncFEMMKDAT5mABAAAADnAAAizq2_5oKneRWgt7k5zdJEAAAAl1ABYYJtP7rB_AGj0exRYw
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:27 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 190a13da7419bf271207bbf394a31c29-bnk-edge1
|
|
| nexusts.pro/hcdn-cgi/jschallenge | 154.41.248.82 | 200 OK | 146 B |
URL GET HTTP/1.1nexusts.pro/hcdn-cgi/jschallenge IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
Hash26c63bf304987f3e150f5c97dc75280e bca4bf8ff92bc71b5f508cc2bf0fa760c7319bda b7669dd534f95134afa2de7bfafb178eeb734f612b17b831d7ac6bc264b312e9
GET /hcdn-cgi/jschallenge HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA-dPzFDdqijwkAJq979qB0VZTGFjd5PYgrS_dncFEMMKDAT5mABAAAADnAAAizq2_5oKneRWgt7k5zdJEAAAAl1ABYYJtP7rB_AGj0exRYw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: hcdn
Date: Fri, 10 May 2024 11:14:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 4b29aed472d354c99b82ac71975af20b-bnk-edge1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
|
|
| nexusts.pro/favicon.ico | 154.41.248.82 | 403 Forbidden | 2.4 kB |
IP154.41.248.82:80 ASN#47583 Hostinger International Limited
Requested byhttp://nexusts.pro/xdownloadx/NEXUS.exe
File typeHTML document, ASCII text, with very long lines (4792), with no line terminators Hashb649bb4bbcec6444434d2df7501effb6 f8a04ac654e2234fa2644abf8e293d02bc01c8fd c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a
GET /favicon.ico HTTP/1.1
Host: nexusts.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nexusts.pro/xdownloadx/NEXUS.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEA-dPzFDdqijwkAJq979qB0VZTGFjd5PYgrS_dncFEMMKDAT5mABAAAADnAAAizq2_5oKneRWgt7k5zdJEAAAAl1ABYYJtP7rB_AGj0exRYw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: hcdn
Date: Fri, 10 May 2024 11:14:27 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3f7902a42fc64d1d28bc014d49e48afe-bnk-edge1
|
|