| objects.githubusercontent.com/github-production-release-asset-2e65be/136463760/dfee043f-4a02-4cd9-ac8e-e7ec545adab6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230421%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230421T210539Z&X-Amz-Expires=300&X-Amz-Signature=41860379e2c744c84c5a63e8e2c087989bf664a8112377639af434185b0cb877&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=136463760&response-content-disposition=attachment%3B%20filename%3DElectron.Fiddle-darwin-x64-0.32.2.zip&response-content-type=application%2Foctet-stream | 185.199.109.133 | | 34 kB |
URL objects.githubusercontent.com/github-production-release-asset-2e65be/136463760/dfee043f-4a02-4cd9-ac8e-e7ec545adab6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230421%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230421T210539Z&X-Amz-Expires=300&X-Amz-Signature=41860379e2c744c84c5a63e8e2c087989bf664a8112377639af434185b0cb877&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=136463760&response-content-disposition=attachment%3B%20filename%3DElectron.Fiddle-darwin-x64-0.32.2.zip&response-content-type=application%2Foctet-stream IP185.199.109.133:0
Hashd700bed64e49370ab5d11e96f2296341 22cc4a6f2f7e0ccd3d71b4288cbd962ba4b15d31 9ecb8c7403c058bdc558f6dbba7cc73d505239ad64e055775c4c109ab95ad633
GET /github-production-release-asset-2e65be/136463760/dfee043f-4a02-4cd9-ac8e-e7ec545adab6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230421%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230421T210539Z&X-Amz-Expires=300&X-Amz-Signature=41860379e2c744c84c5a63e8e2c087989bf664a8112377639af434185b0cb877&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=136463760&response-content-disposition=attachment%3B%20filename%3DElectron.Fiddle-darwin-x64-0.32.2.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=99713024-
If-Match: "0x8DB3618A3AB09CE"
If-Unmodified-Since: Wed, 05 Apr 2023 20:59:25 GMT
HTTP/2 206 Partial Content
content-type: application/octet-stream
content-md5: bT7S+V6peEIoSc+7qVKFUg==
last-modified: Wed, 05 Apr 2023 20:59:25 GMT
etag: "0x8DB3618A3AB09CE"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 701ad634-501e-0045-0294-7434b6000000
x-ms-version: 2020-04-08
x-ms-creation-time: Wed, 05 Apr 2023 20:59:25 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=Electron.Fiddle-darwin-x64-0.32.2.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 123
content-range: bytes 99713024-99747225/99747226
date: Fri, 21 Apr 2023 21:06:41 GMT
x-served-by: cache-iad-kcgs7200165-IAD, cache-bma1683-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 0
x-timer: S1682111201.275218,VS0,VE99
content-length: 34202
X-Firefox-Spdy: h2
|
| 163.123.143.126/netlog.sh | 163.123.143.126 | 200 OK | 3.3 kB |
URL User Request GET HTTP/1.1163.123.143.126/netlog.sh IP163.123.143.126:80 ASN#213035 Des Capital B.V.
Hashbc3bf0bc3d332a669a8ca1266476b77b 830eab5e5916ad4af790c5766cbea06d664d0ea9 692a5d099e37cd94923ea2b2014d79e6e613fb061a985069736dd3d55d4330c4
Analyzer | Verdict | Alert | fortinet | Malware | | quad9 | Sinkholed | |
NIDS | Severity | Alert | suricata | high | ET HUNTING Observed Interesting Content-Type Inbound (application/x-sh) |
GET /netlog.sh HTTP/1.1
Host: 163.123.143.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 21 Apr 2023 21:06:41 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Mon, 27 Mar 2023 03:43:23 GMT
ETag: "ccd-5f7d98b71acc0"
Accept-Ranges: bytes
Content-Length: 3277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-sh
|