URL User Request GET HTTP/1.1 IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (467)
Hash b4e422ced6f4152eeda7abbb04317ef2
5798e05700439a491b9ffa5102a5e1f70a847298
489246c4b68cb9e8240bed302bec507f406fba1665bb6872de209bfca4d4f7e2
NIDS Severity Alert suricata medium ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download
GET /svchost.exe HTTP/1.1
Host: sang.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.25.2
Date: Tue, 26 Sep 2023 17:02:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33
Content-Encoding: gzip
libs.baidu.com/jquery/1.9.0/jquery.js
200 OK 82 kB URL GET HTTP/1.1 libs.baidu.com/jquery/1.9.0/jquery.js
IP
ASN #9808 China Mobile Communications Group Co., Ltd.
Requested by http://sang.cn/svchost.exe
File type ASCII text, with CRLF line terminators
Hash 5543952568a64f79db992b6ece4af18d
aa6ccf721c4e76921abda46c120772d364e5b285
5d513c05fa221491a386ebed47744f266dc278703b45389167cb010bb8681d03
GET /jquery/1.9.0/jquery.js HTTP/1.1
Host: libs.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sang.cn/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Tue, 26 Sep 2023 17:02:51 GMT
Expires: Thu, 26 Oct 2023 17:02:51 GMT
Last-Modified: Wed, 07 Jan 2015 09:16:30 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=27A088E7C659A15A002458E139676687:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2145916555; path=/; domain=.baidu.com; version=1
Vary: Accept-Encoding
Transfer-Encoding: chunked
IP
Requested by http://sang.cn/svchost.exe
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 6a826d3d6162215e49fe0c2cc44de729
a6825ea528cfde5d6e5be5459f0b6f608e8f2f4d
71a2bffa97adee03f9e597c915428dd3158e6476f5f5d413501430cb9025c439
GET /favicon.ico HTTP/1.1
Host: sang.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sang.cn/svchost.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.25.2
Date: Tue, 26 Sep 2023 17:02:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 153
Connection: close
64.32.28.230
39.156.66.111