IP 81.252.6.55:0
File typeHTML document, Unicode text, UTF-8 text Hasha0b5e3965cee3a091568d33fa9d02414 c25f28721efbecc547fd65e4024bb1b1be954cbe 22468e1bb2c84c144aa6174e6cbec7dcb4c21368edbc550c2fa0fb6189ede5b5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 81.252.6.55
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 23:08:52 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 04 Apr 2023 09:08:26 GMT
ETag: "ba704-90b-5f87f04a4d680"
Accept-Ranges: none
Content-Length: 2315
Connection: close
Content-Type: text/html; charset=UTF-8
|
| 81.252.6.55/install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe | 81.252.6.55 | 503 Service Unavailable | 1.8 kB |
URL User Request GET HTTP/1.181.252.6.55/install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe IP81.252.6.55:80
File typeHTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Hash24a614a4dbc7b45290f329d1d3687589 83b2a8036b0cd50de0db6120f190f517e61cb7ed b1a8361b53cc18843b166470845296cd8c6c78bb2def20fc9e39d16604bab5a4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO Executable Download from dotted-quad Host | | suricata | medium | ET INFO Executable Download from dotted-quad Host |
GET /install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe HTTP/1.1
Host: 81.252.6.55
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=UTF-8
Content-Length: 1806
Connection: close
P3P: CP="CAO PSA OUR"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
|
IP81.252.6.55:80
Requested byhttp://81.252.6.55/install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe
File typeMS Windows icon resource - 1 icon, 16x16, 8 bits/pixel Hashdfddb7d44b7881e6a8c31f9295d9d384 8a239367a89ebf64a5068e20da932dee49db1895 c2061af0ae1b61a004b8cfa7e32dfae10ae611b31bfd3a243f99122824f2c806
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 81.252.6.55
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.252.6.55/install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 23:08:53 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 01 Feb 2023 10:54:55 GMT
ETag: "ba6bd-57e-5f3a1474bfdc0"
Accept-Ranges: none
Content-Length: 1406
Connection: close
Content-Type: image/vnd.microsoft.icon
|
| intranet.ccihc.fr/PaloAlto/servicedesk.png |  0.0.0.0 | | 0 B |
URL GET intranet.ccihc.fr/PaloAlto/servicedesk.png IP0.0.0.0:0
Requested byhttp://81.252.6.55/install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /PaloAlto/servicedesk.png HTTP/1.1
Host: intranet.ccihc.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.252.6.55/
Pragma: no-cache
Cache-Control: no-cache
|
| intranet.ccihc.fr/PaloAlto/logoFiltering.png | 0.0.0.0 | | 0 B |
URL GET intranet.ccihc.fr/PaloAlto/logoFiltering.png IP0.0.0.0:0
Requested byhttp://81.252.6.55/install/?c=m;o=a/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/cpuutility.exe/winscp518setup.exe/ueye-full-4401-32-whql.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/boost.lan%203.1.211.zip/putty.exe/sopasetsetup.3.1.4.3356.r.exe
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /PaloAlto/logoFiltering.png HTTP/1.1
Host: intranet.ccihc.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://81.252.6.55/
Pragma: no-cache
Cache-Control: no-cache
|