www.vanderwerk.com/systeembeheer/siw.exe
45.82.188.243 369 B URL www.vanderwerk.com/systeembeheer/siw.exe
IP 45.82.188.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /systeembeheer/siw.exe HTTP/1.1
Host: www.vanderwerk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: text/html
last-modified: Thu, 15 Sep 2022 07:55:37 GMT
etag: "328-6322da79-caf1cbdb2b3516eb;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 369
date: Sat, 20 May 2023 03:45:36 GMT
server: LiteSpeed
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
www.vanderwerk.com/systeembeheer/siw.exe
45.82.188.243 707 B URL www.vanderwerk.com/systeembeheer/siw.exe
IP 45.82.188.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /systeembeheer/siw.exe HTTP/1.1
Host: www.vanderwerk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 20 May 2023 03:45:36 GMT
server: LiteSpeed
location: https://www.vanderwerk.com/systeembeheer/siw.exe
x-powered-by: PleskLin
www.vanderwerk.com/systeembeheer/siw.exe
45.82.188.243 369 B URL www.vanderwerk.com/systeembeheer/siw.exe
IP 45.82.188.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /systeembeheer/siw.exe HTTP/1.1
Host: www.vanderwerk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
content-type: text/html
last-modified: Thu, 15 Sep 2022 07:55:37 GMT
etag: "328-6322da79-caf1cbdb2b3516eb;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 369
date: Sat, 20 May 2023 03:45:36 GMT
server: LiteSpeed
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
www.vanderwerk.com/error_docs/styles.css
45.82.188.243200 OK 838 B URL GET HTTP/3 www.vanderwerk.com/error_docs/styles.css
IP 45.82.188.243:443
Requested by https://www.vanderwerk.com/systeembeheer/siw.exe
Certificate IssuerLet's Encrypt
Subjectvanderwerk.com
Fingerprint1E:0F:35:EC:37:27:96:A0:99:28:EC:71:CC:3F:15:F4:87:FA:F9:C1
ValiditySat, 01 Apr 2023 11:41:18 GMT - Fri, 30 Jun 2023 11:41:17 GMT
Hash b72ce15d80640d41786baed00f02ff3a
3dbed2b327afe1fed6eec9cc7929586c95481fab
c010802a3c4a961e69303aa6ba3985e9787e1af6de9b7492ec650ed0442b8461
GET /error_docs/styles.css HTTP/1.1
Host: www.vanderwerk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vanderwerk.com/systeembeheer/siw.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 27 May 2023 03:45:36 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 07:55:37 GMT
etag: "a9e-6322da79-d2bf8a904a6796b5;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 838
date: Sat, 20 May 2023 03:45:36 GMT
server: LiteSpeed
x-powered-by: PleskLin
www.vanderwerk.com/favicon.ico
45.82.188.243404 Not Found 369 B URL GET HTTP/3 www.vanderwerk.com/favicon.ico
IP 45.82.188.243:443
Requested by https://www.vanderwerk.com/systeembeheer/siw.exe
Certificate IssuerLet's Encrypt
Subjectvanderwerk.com
Fingerprint1E:0F:35:EC:37:27:96:A0:99:28:EC:71:CC:3F:15:F4:87:FA:F9:C1
ValiditySat, 01 Apr 2023 11:41:18 GMT - Fri, 30 Jun 2023 11:41:17 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
GET /favicon.ico HTTP/1.1
Host: www.vanderwerk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vanderwerk.com/systeembeheer/siw.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
content-type: text/html
last-modified: Thu, 15 Sep 2022 07:55:37 GMT
etag: "328-6322da79-caf1cbdb2b3516eb;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 369
date: Sat, 20 May 2023 03:45:36 GMT
server: LiteSpeed
x-powered-by: PleskLin
www.vanderwerk.com/error_docs/server.svg
45.82.188.243200 OK 1.7 kB URL GET HTTP/3 www.vanderwerk.com/error_docs/server.svg
IP 45.82.188.243:443
Requested by https://www.vanderwerk.com/systeembeheer/siw.exe
Certificate IssuerLet's Encrypt
Subjectvanderwerk.com
Fingerprint1E:0F:35:EC:37:27:96:A0:99:28:EC:71:CC:3F:15:F4:87:FA:F9:C1
ValiditySat, 01 Apr 2023 11:41:18 GMT - Fri, 30 Jun 2023 11:41:17 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7416), with no line terminators
Hash 1cc0945f8514ed0f47a5d9d513782bdd
d6989f342cdb9886f48a6d3da3cb71353bbab1ef
f74b80306280ccf2ddc635eb09f5f36070ee5769365b0a7a53ca3747602eebcb
GET /error_docs/server.svg HTTP/1.1
Host: www.vanderwerk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vanderwerk.com/error_docs/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 27 May 2023 03:45:36 GMT
content-type: image/svg+xml
last-modified: Thu, 15 Sep 2022 07:55:37 GMT
etag: "1cf8-6322da79-ffabe8250e1cc26f;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1666
date: Sat, 20 May 2023 03:45:36 GMT
server: LiteSpeed
x-powered-by: PleskLin