Report - o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt

Report Overview

Visitedpublic

2024-07-16 16:00:53

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-16 17:25:05	2.3 kB	6.2 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-07-15 18:12:12	327 B	888 B	23.36.76.226
o6m.6b2.mywebsitetransfer.com	unknown	unknown	No data	No data	1.0 kB	118 kB	68.178.189.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-16	medium	o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt	Detects a set of reconnaissance commands on Windows systems
2024-07-16	medium	o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
2024-07-16	medium	o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt	PHP webshell which directly eval()s obfuscated string
2024-07-16	medium	o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
2024-07-16	medium	o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt	Web Shell - file r57142.php

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-15

Last Seen2024-08-19

Times Seen19162

Size504 B (504 bytes)

MD5df85487917ffcb9ff9393daa9c628bc8

SHA173e600fa168021b1cfd00f6a00dff1678e018aaa

SHA256c694b95afc4423cf3e039cea969256e7957ff30ee11fa6cd2c5432bd7b72686b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C694B95AFC4423CF3E039CEA969256E7957FF30EE11FA6CD2C5432BD7B72686B"
Last-Modified: Mon, 15 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3813
Expires: Tue, 16 Jul 2024 17:04:00 GMT
Date: Tue, 16 Jul 2024 16:00:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-16

Last Seen2024-08-19

Times Seen27562

Size504 B (504 bytes)

MD50ba28ae3ca920c46edf9c7a1f79db3ca

SHA1b96f7bd71a6b1f9e08b5a0179c66553bf42875d2

SHA256e4acaf4113d4cda75edbbae5d28e17dffb959489cd6912b854c9e87a3ab50fd2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E4ACAF4113D4CDA75EDBBAE5D28E17DFFB959489CD6912B854C9E87A3AB50FD2"
Last-Modified: Mon, 15 Jul 2024 20:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8328
Expires: Tue, 16 Jul 2024 18:19:15 GMT
Date: Tue, 16 Jul 2024 16:00:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-15

Last Seen2024-08-19

Times Seen23445

Size504 B (504 bytes)

MD5515a47172f3cc8fbca49fb1ef5f72e11

SHA15b474a25a17288e58ea017f17fa456cf13893af3

SHA25613578d886dc74ebf01cfa31617c3417b42b8c8395e4bacc10a1b6f1d19bc55f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "13578D886DC74EBF01CFA31617C3417B42B8C8395E4BACC10A1B6F1D19BC55F2"
Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4781
Expires: Tue, 16 Jul 2024 17:20:09 GMT
Date: Tue, 16 Jul 2024 16:00:28 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-16

Last Seen2024-08-19

Times Seen18625

Size504 B (504 bytes)

MD5d6a8982e5c8cce4f958455f8ea1e5814

SHA1d88c9d262e8282645ee77a1a3f29199b0422166a

SHA256c18d568bc2c4d8544c593d76c943798ffd2de9596cb115879d51d403f080abea

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C18D568BC2C4D8544C593D76C943798FFD2DE9596CB115879D51D403F080ABEA"
Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5123
Expires: Tue, 16 Jul 2024 17:25:51 GMT
Date: Tue, 16 Jul 2024 16:00:28 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size504 B (504 bytes)

MD58aef420595886ecc182a6ecdc860dde6

SHA121ff35a705c50ac1fcbcff2a344dd283b07fa310

SHA25605502d22065b340a82604bc2cd8269ab82d88d52809f968cab311f186dbff942

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "05502D22065B340A82604BC2CD8269AB82D88D52809F968CAB311F186DBFF942"
Last-Modified: Tue, 16 Jul 2024 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21567
Expires: Tue, 16 Jul 2024 21:59:55 GMT
Date: Tue, 16 Jul 2024 16:00:28 GMT
Connection: keep-alive

GET o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt

68.178.189.30

200 OK

117 kB

URL

o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt

IP / ASN

68.178.189.30

#398101 GO-DADDY-COM-LLC

Requested byN/A

Resource Info

File typePHP script, ASCII text, with very long lines (19425), with CRLF line terminators

First Seen2024-07-14

Last Seen2024-08-19

Times Seen8

Size117 kB (116898 bytes)

MD5258d09f72eb330733088033680eb7eaa

SHA1c1d94dda3bcb8e0251d7541ba4ee167dbbf83d9e

SHA2565ad7403ba781e8384f78b6691785dbd41cf18e8f0a4215b7c945e87204ede7ab

Certificate Info

IssuerLet's Encrypt

Subjecto6m.6b2.mywebsitetransfer.com

FingerprintA3:2B:78:95:8A:7D:48:03:D3:5F:87:12:E1:8D:72:28:E6:F2:7D:86

ValidityFri, 05 Jul 2024 17:00:52 GMT - Thu, 03 Oct 2024 17:00:51 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a set of reconnaissance commands on Windows systems
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	PHP webshell which directly eval()s obfuscated string
Public Nextron YARA rules	malware	PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules	malware	Web Shell - file r57142.php

HTTP Headers

GET /wp-content/languages/text/index.txt HTTP/1.1
Host: o6m.6b2.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 10 Jul 2024 04:42:51 GMT
etag: "660066-71290-61cdd475ea8c0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 116898
content-type: text/plain
date: Tue, 16 Jul 2024 16:00:28 GMT
server: Apache
X-Firefox-Spdy: h2

GET o6m.6b2.mywebsitetransfer.com/favicon.ico

68.178.189.30

404 Not Found

315 B

URL

o6m.6b2.mywebsitetransfer.com/favicon.ico

IP / ASN

68.178.189.30

#398101 GO-DADDY-COM-LLC

Requested byhttps://o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt

Resource Info

File typeHTML document, ASCII text

First Seen2023-03-07

Last Seen2025-08-02

Times Seen95582

Size315 B (315 bytes)

MD5a34ac19f4afae63adc5d2f7bc970c07f

SHA1a82190fc530c265aa40a045c21770d967f4767b8

SHA256d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Certificate Info

IssuerLet's Encrypt

Subjecto6m.6b2.mywebsitetransfer.com

FingerprintA3:2B:78:95:8A:7D:48:03:D3:5F:87:12:E1:8D:72:28:E6:F2:7D:86

ValidityFri, 05 Jul 2024 17:00:52 GMT - Thu, 03 Oct 2024 17:00:51 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: o6m.6b2.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o6m.6b2.mywebsitetransfer.com/wp-content/languages/text/index.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Jul 2024 16:00:29 GMT
server: Apache
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-16

Last Seen2024-08-19

Times Seen20812

Size504 B (504 bytes)

MD524c83d2f348779cbefbb6c6bd4b8c2a8

SHA14373c3ca7bee06c8456f6997929b0af5e349283d

SHA256f957efbbe90dee51487d910c6039fa2ac841192fd9f67efb69358b536f87b7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F957EFBBE90DEE51487D910C6039FA2AC841192FD9F67EFB69358B536F87B7D3"
Last-Modified: Mon, 15 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17961
Expires: Tue, 16 Jul 2024 20:59:51 GMT
Date: Tue, 16 Jul 2024 16:00:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-16

Last Seen2024-08-19

Times Seen20812

Size504 B (504 bytes)

MD524c83d2f348779cbefbb6c6bd4b8c2a8

SHA14373c3ca7bee06c8456f6997929b0af5e349283d

SHA256f957efbbe90dee51487d910c6039fa2ac841192fd9f67efb69358b536f87b7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F957EFBBE90DEE51487D910C6039FA2AC841192FD9F67EFB69358B536F87B7D3"
Last-Modified: Mon, 15 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17961
Expires: Tue, 16 Jul 2024 20:59:51 GMT
Date: Tue, 16 Jul 2024 16:00:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-16

Last Seen2024-08-19

Times Seen20812

Size504 B (504 bytes)

MD524c83d2f348779cbefbb6c6bd4b8c2a8

SHA14373c3ca7bee06c8456f6997929b0af5e349283d

SHA256f957efbbe90dee51487d910c6039fa2ac841192fd9f67efb69358b536f87b7d3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F957EFBBE90DEE51487D910C6039FA2AC841192FD9F67EFB69358B536F87B7D3"
Last-Modified: Mon, 15 Jul 2024 19:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17961
Expires: Tue, 16 Jul 2024 20:59:51 GMT
Date: Tue, 16 Jul 2024 16:00:30 GMT
Connection: keep-alive