| s4.sendfile.su/download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/ | 5.196.71.37 | 302 Found | 0 B |
URL User Request GET HTTP/1.1s4.sendfile.su/download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/ IP5.196.71.37:80
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/ HTTP/1.1
Host: s4.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /
|
|
| | 5.196.71.37 | | 2 B |
IP5.196.71.37:0
Hashd784fa8b6d98d27699781bd9a7cf19f0 dd122581c8cd44d0227f9c305581ffcb4b6f1b46 e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET / HTTP/1.1
Host: s4.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://sendfile.su
|
|
| | 93.185.165.72 | | 4.1 kB |
IP93.185.165.72:0 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeHTML document, Unicode text, UTF-8 text, with very long lines (582) Hash5869384bf6ebf770142747fcbdfac823 e1d5b7c8caf58b57d0f9f608832b7a84f80604ee 4ce5472925defa6a3db7760295904048ba5c576bfb0651553ee00042938eb545
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET / HTTP/1.1
Host: sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
|
|
| s.sendfile.su/jquery.cookie-min.js | 93.185.165.72 | 200 OK | 732 B |
URL GET HTTP/1.1s.sendfile.su/jquery.cookie-min.js IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeJavaScript source, ASCII text, with very long lines (732), with no line terminators Hashce56bb0d2daafc993b2866ccc1af86fc fe46733587f81da245f6b3e16d6bbbd8a1cb2fea 874d19eae19d9f20a884d976ccca6092c91da6ee8c71d8be1c5c893acbad9159
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /jquery.cookie-min.js HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: application/javascript
Content-Length: 732
Last-Modified: Wed, 28 Feb 2024 22:43:40 GMT
Connection: keep-alive
ETag: "65dfb71c-2dc"
Expires: Sun, 09 Jun 2024 20:41:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/default.css | 93.185.165.72 | 200 OK | 1.5 kB |
URL GET HTTP/1.1s.sendfile.su/default.css IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeASCII text, with CRLF line terminators Hash5882b0ccc1486f6c3948472e3cf08014 8f9f2bed08e9969ab506bd10fe923a6c8c1e52f4 e019743d52267c6c79ef9bb640e84a50948aae1c340a9b2f90d06032f007ad4d
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /default.css HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/css
Last-Modified: Wed, 28 Feb 2024 22:43:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65dfb71c-1656"
Expires: Sun, 09 Jun 2024 20:41:26 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
|
|
| s.sendfile.su/jquery.js | 93.185.165.72 | 200 OK | 57 kB |
IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeJavaScript source, ASCII text, with very long lines (39660) Hashbb381e2d19d8eace86b34d20759491a5 3dc9f7c2642efff4482e68c9d9df874bf98f5bcb c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /jquery.js HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: application/javascript
Content-Length: 57254
Last-Modified: Wed, 28 Feb 2024 22:43:40 GMT
Connection: keep-alive
ETag: "65dfb71c-dfa6"
Expires: Sun, 09 Jun 2024 20:41:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/add.png | 93.185.165.72 | 200 OK | 733 B |
URL GET HTTP/1.1s.sendfile.su/images/add.png IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hash1988c3cc1384a3ac9b9a4129183248f3 b6244b0027a8c9f702b311cb5b2ab8cc64f3b5f2 c06a52df3361df380a02a45159a0858d6f7cd8cbc3f71ff732a65d6c25ea6af6
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/add.png HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/png
Content-Length: 733
Last-Modified: Wed, 28 Feb 2024 22:43:48 GMT
Connection: keep-alive
ETag: "65dfb724-2dd"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| mtrcss.com/g/4683689575 | 103.224.212.214 | 302 Found | 2 B |
IP103.224.212.214:80 ASN#133618 Trellian Pty. Limited
Hashe1c06d85ae7b8b032bef47e42e4c08f9 71853c6197a6a7f222db0f1978c7cb232b87c5ee 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
GET /g/4683689575 HTTP/1.1
Host: mtrcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
date: Fri, 10 May 2024 20:41:27 GMT
server: Apache
set-cookie: __tad=1715373687.3806016; expires=Mon, 08-May-2034 20:41:27 GMT; Max-Age=315360000
location: http://ww25.mtrcss.com/g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
|
|
| s.sendfile.su/images/img01.jpg | 93.185.165.72 | 200 OK | 752 B |
URL GET HTTP/1.1s.sendfile.su/images/img01.jpg IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 10x268, components 3 Hashbfde2210d6b6f7b518d124fa184d7f3a f363c126a34c56da8614cb84470e63244fdf4dd1 5a0541ad0b2704b2e47dc862100238f98b0b4361c093a23b46d6c7e49c5259e3
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img01.jpg HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/jpeg
Content-Length: 752
Last-Modified: Wed, 28 Feb 2024 22:43:50 GMT
Connection: keep-alive
ETag: "65dfb726-2f0"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img14.gif | 93.185.165.72 | 200 OK | 155 B |
URL GET HTTP/1.1s.sendfile.su/images/img14.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 1 x 29 Hash2fd150872e42b089ce2092b345ac3e7d 9b9e885b61864924da9215f72ff2b9612021371d da1baecc95db6201d56a1bc69ea4bbbea1bb20f5270999fff3be36d15614aee0
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img14.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 155
Last-Modified: Wed, 28 Feb 2024 22:43:51 GMT
Connection: keep-alive
ETag: "65dfb727-9b"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img13.gif | 93.185.165.72 | 200 OK | 155 B |
URL GET HTTP/1.1s.sendfile.su/images/img13.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 1 x 29 Hash2a259309aaae19dadb1d0161aea236a4 7f1161a18d6ef466d32b1183c444a2b41e4bf550 187e1962363a1a514ce354557b82255cf718b4cb05ed258672e5239cf24fd17b
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img13.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 155
Last-Modified: Wed, 28 Feb 2024 22:43:51 GMT
Connection: keep-alive
ETag: "65dfb727-9b"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img10.gif | 93.185.165.72 | 200 OK | 1.3 kB |
URL GET HTTP/1.1s.sendfile.su/images/img10.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 301 x 50 Hash48c9ad5a2d369bcb9d4c4507eab42a14 3a67685f8f4778c3d2bec4eb17be3c7d0e139460 25ed11f28000d1b33ee2893cfa190062281cf5301f4953a592a2dc6e5b5d89de
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img10.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 1344
Last-Modified: Wed, 28 Feb 2024 22:43:50 GMT
Connection: keep-alive
ETag: "65dfb726-540"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img09.gif | 93.185.165.72 | 200 OK | 1.8 kB |
URL GET HTTP/1.1s.sendfile.su/images/img09.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 301 x 65 Hash62bd4f25ebb9c48aef8b0704e33966b0 9aac9d5e4590295e6092bdd2ec3b6595190ae9e5 4822c9f6294a9614a51a693f1551e9e8ac9f8f24a5b530e8a7ae65c1b8d3bde6
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img09.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 1808
Last-Modified: Wed, 28 Feb 2024 22:43:49 GMT
Connection: keep-alive
ETag: "65dfb725-710"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img08.gif | 93.185.165.72 | 200 OK | 297 B |
URL GET HTTP/1.1s.sendfile.su/images/img08.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 1 x 110 Hashf26942510a1afbb837742412c852eaf5 f9d1be258775362debbe5e981efa5d4ad362c2bd e64729ee3ef6868a1b9843fba605a5a489e6e884790707854cf3fd6b9636c0f2
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img08.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 297
Last-Modified: Wed, 28 Feb 2024 22:43:49 GMT
Connection: keep-alive
ETag: "65dfb725-129"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img12.gif | 93.185.165.72 | 200 OK | 970 B |
URL GET HTTP/1.1s.sendfile.su/images/img12.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 14 x 11 Hasha980c0ab5439743428080f721a172b5b ef838f77473c0fd419bb6a076da3d8783cc8ca55 4c15818e0d977dc74015a2442cd39032c60482bb24317750b1031ae1c7c543fb
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img12.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 970
Last-Modified: Wed, 28 Feb 2024 22:43:49 GMT
Connection: keep-alive
ETag: "65dfb725-3ca"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img04.jpg | 93.185.165.72 | 200 OK | 3.3 kB |
URL GET HTTP/1.1s.sendfile.su/images/img04.jpg IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 152x30, components 3 Hash7914eeda50fa6eb0d1b77daba1c2cd97 c216826d3d5afa6d1831d59d8b6077ea792910a5 1ac27ee83c92e878aa1df191fd976ef8d438c2a242d896f1459c34a74c3a2fce
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img04.jpg HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/jpeg
Content-Length: 3287
Last-Modified: Wed, 28 Feb 2024 22:43:52 GMT
Connection: keep-alive
ETag: "65dfb728-cd7"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| s.sendfile.su/images/img11.gif | 93.185.165.72 | 200 OK | 289 B |
URL GET HTTP/1.1s.sendfile.su/images/img11.gif IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeGIF image data, version 89a, 7 x 12 Hash3c0608c7691614f82b54185089f09853 75b2237ded1ef08ccb3dae823bea32f24cef317c 9dbdba0353530c96824908398e99a84cf3f24c51ae998cc61472a9572b3facc5
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /images/img11.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 289
Last-Modified: Wed, 28 Feb 2024 22:43:51 GMT
Connection: keep-alive
ETag: "65dfb727-121"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
|
|
| ww25.mtrcss.com/g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329 | 199.59.243.225 | 200 OK | 1.2 kB |
URL GET HTTP/1.1ww25.mtrcss.com/g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329 IP199.59.243.225:80
File typeHTML document, ASCII text, with very long lines (494) Hash7d6b9f92bb171abaf811ff665f3b700c 3eb1080a85b554ecac28064e2e38977d579d42c9 0af876038a4801757cbeaf0edbfce9a8758f899c63bbf76fa3e01399f55d2c8b
GET /g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329 HTTP/1.1
Host: ww25.mtrcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sendfile.su/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 10 May 2024 20:41:27 GMT
content-type: text/html; charset=utf-8
content-length: 1226
x-request-id: c4069a87-6b28-410f-afcb-ac8fa1232782
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AO2zyMnUyf7bkYAvGLKJMShlt50iyZc6Y6ZGAVYTncu2uKHB7KR/2M8Fmzo9D9Je6BUh7hmevb+2YojX3CSfRg==
set-cookie: parking_session=c4069a87-6b28-410f-afcb-ac8fa1232782; expires=Fri, 10 May 2024 20:56:27 GMT; path=/
|
|
| sendfile.su/favicon.ico | 93.185.165.72 | 200 OK | 198 B |
IP93.185.165.72:80 ASN#201670 S.c. Infotech-Grup S.r.l.
File typeMS Windows icon resource - 1 icon, 16x16, 2 colors Hashc6acedaff906029fc5455d9ec52c7f42 92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81 9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /favicon.ico HTTP/1.1
Host: sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/x-icon
Content-Length: 198
Last-Modified: Wed, 28 Feb 2024 22:43:36 GMT
Connection: keep-alive
ETag: "65dfb718-c6"
Accept-Ranges: bytes
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-29-17-33-45.chain; p384ecdsa=UM3y0rfeIknWUOsCU-7mLqkow8UzpS0x6qgeKP2AF06sfSMbJBieCjoxff40v8j-eAVnNJwNuNe-FZBOX_5WQ08LWj1m8fxfTm_TT03M26aY5tdzzH5sduSKr1fG7TyD
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 10 May 2024 20:41:03 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 42
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|