| xz2.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe | 172.232.25.148 | 302 Found | 142 B |
URL User Request GET HTTP/2xz2.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe IP172.232.25.148:443 ASN#63949 Akamai Connected Cloud
CertificateIssuerLet's Encrypt Subjectxz2.ymlhh.com FingerprintE0:5E:C7:F0:9B:89:59:BB:35:71:D8:C4:94:A7:89:00:48:6F:31:13 ValidityWed, 04 Dec 2024 18:32:43 GMT - Tue, 04 Mar 2025 18:32:42 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash82c98e8e012b79c922655461171cc2fa 0828d79135573276005b04be42d79a8a3291292b 745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe HTTP/1.1
Host: xz2.ymlhh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: openresty
date: Fri, 13 Dec 2024 01:25:53 GMT
content-type: text/html
content-length: 142
location: http://ww99.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: no-store, max-age=0
X-Firefox-Spdy: h2
|
| ww99.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe | 69.16.230.228 | 404 Not Found | 43 B |
URL User Request GET HTTP/1.1ww99.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe IP69.16.230.228:80
Hash16222b59ddc9ac3e3aa6858e796446ee a0fb17dbe178c3e67d1f0175d00b24f32150ba24 5ab44f257a83c18ca426028e0bf03b9bf2c194c0138c5c704f018cec98bd7650
NIDS | Severity | Alert | suricata | high | ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious |
GET /wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe HTTP/1.1
Host: ww99.ymlhh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 13 Dec 2024 01:25:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
|
| ww99.ymlhh.com/favicon.ico | 69.16.230.228 | 404 Not Found | 111 B |
URL GET HTTP/1.1ww99.ymlhh.com/favicon.ico IP69.16.230.228:80
Requested byhttp://ww99.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe
File typeHTML document, ASCII text, with CRLF line terminators Hash597ba0d4396e9c906225140ce907092c 28ae2ba65ccdb583d79f85b8cc9509fae697493b ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
GET /favicon.ico HTTP/1.1
Host: ww99.ymlhh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww99.ymlhh.com/wp-content/uploads/xiazai/40770/40770%E7%94%B5%E8%84%91%E6%B8%B8%E6%88%8F.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 13 Dec 2024 01:25:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
|