| 51.79.168.172/sample2.dll | 51.79.168.172 | 200 OK | 1.6 kB |
URL User Request GET HTTP/1.151.79.168.172/sample2.dll IP51.79.168.172:80
File typeJavaScript source, ASCII text Hashd95948a2edb9969122aea4875de650f3 0c0f470239e2b1fb75977e408d1cbafba712ed22 f7a2a1f4fe06f7cfee33a54fa4cad3ffa530e49e253b030ac3ec04e6c41f0640
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
NIDS | Severity | Alert | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP |
GET /sample2.dll HTTP/1.1
Host: 51.79.168.172
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:17:39 GMT
Content-Length: 1603
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, no-store, max-age=0
Server: imunify360-webshield/1.21
|
| 51.79.168.172/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=14452771 | 51.79.168.172 | 302 Moved Temporarily | 0 B |
URL User Request GET HTTP/1.151.79.168.172/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=14452771 IP51.79.168.172:80
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=14452771 HTTP/1.1
Host: 51.79.168.172
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://51.79.168.172/sample2.dll
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Fri, 10 May 2024 21:17:40 GMT
Content-Length: 0
Connection: keep-alive
X-Forwarded-For: 91.90.42.154
X-Real-IP: 91.90.42.154
X-Remote-IP: 91.90.42.154
Location: http://51.79.168.172/sample2.dll
Set-Cookie: wssplashuid=a1ce8d1f75f17147042b24f4911c7647c630b09a.1715379460.1; Path=/; Domain=51.79.168.172; Max-Age=2592000; HttpOnly; SameSite=Lax
Server: imunify360-webshield/1.21
|
| 51.79.168.172/sample2.dll | 51.79.168.172 | 200 OK | 150 kB |
URL User Request GET HTTP/1.151.79.168.172/sample2.dll IP51.79.168.172:80
File typePE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections Size150 kB (150016 bytes) Hash1061163afb30e06ead64615502a73d59 806b266eec7034fff750282dc0ce14ba01af971a cf9e2bbda03f58550860579d572bc1ba7fee46b7f0c8cf01248ed7603eaa44a3
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe | Quad9 DNS | malicious | Sinkholed | VirusTotal | suspicious | |
NIDS | Severity | Alert | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | medium | ET INFO Dotted Quad Host DLL Request | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP | suricata | high | ET POLICY PE EXE or DLL Windows file download HTTP |
GET /sample2.dll HTTP/1.1
Host: 51.79.168.172
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://51.79.168.172/sample2.dll
DNT: 1
Connection: keep-alive
Cookie: wssplashuid=a1ce8d1f75f17147042b24f4911c7647c630b09a.1715379460.1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:17:40 GMT
Content-Type: application/x-msdownload
Content-Length: 150016
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 06:21:32 GMT
Accept-Ranges: bytes
Server: imunify360-webshield/1.21
|
| 51.79.168.172/favicon.ico | 0.0.0.0 | | 0 B |
URL GET 51.79.168.172/favicon.ico IP0.0.0.0:0
Requested byhttp://51.79.168.172/sample2.dll
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 51.79.168.172
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://51.79.168.172/sample2.dll
Pragma: no-cache
Cache-Control: no-cache
|