IP
Hash e17522b12a5b1a1e81af51335b1ed0e2
5ca5f0d92113bd6490c51abe5b08b048af3c3df8
eea053aff13eb227bc1ff0405f3520f081d2d0a5c0e0c4294fd23b49a8a6eb3c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 24 May 2023 08:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 24 May 2023 01:02:10 GMT
Expires: Thu, 25 May 2023 01:02:10 GMT
ETag: "5ca5f0d92113bd6490c51abe5b08b048af3c3df8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
2by4constructioninc.com/pki/rentfree.zip
200 OK 1 B URL User Request GET HTTP/2 2by4constructioninc.com/pki/rentfree.zip
IP
Certificate IssuerGoDaddy.com, Inc.
Subject2by4constructioninc.com
FingerprintDB:4D:58:EF:BE:C9:EF:A2:2F:A6:31:7C:EE:0B:02:69:FC:0D:47:79
ValidityMon, 15 Aug 2022 23:22:40 GMT - Tue, 15 Aug 2023 23:22:40 GMT
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
threatfox QakBot
quad9 Sinkholed
GET /pki/rentfree.zip HTTP/1.1
Host: 2by4constructioninc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 May 2023 08:27:28 GMT
content-type: text/html; charset=UTF-8
content-length: 1
x-sucuri-id: 19029
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
X-Firefox-Spdy: h2
2by4constructioninc.com/favicon.ico
302 Found 1 B URL GET HTTP/2 2by4constructioninc.com/favicon.ico
IP
Requested by https://2by4constructioninc.com/pki/rentfree.zip
Certificate IssuerGoDaddy.com, Inc.
Subject2by4constructioninc.com
FingerprintDB:4D:58:EF:BE:C9:EF:A2:2F:A6:31:7C:EE:0B:02:69:FC:0D:47:79
ValidityMon, 15 Aug 2022 23:22:40 GMT - Tue, 15 Aug 2023 23:22:40 GMT
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 2by4constructioninc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2by4constructioninc.com/pki/rentfree.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 24 May 2023 08:27:29 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://2by4constructioninc.com/wp-includes/images/w-logo-blue-white-bg.png
x-sucuri-id: 19029
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
link: <https://2by4constructioninc.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: EXPIRED
X-Firefox-Spdy: h2
2by4constructioninc.com/wp-includes/images/w-logo-blue-white-bg.png
200 OK 4.1 kB URL GET HTTP/2 2by4constructioninc.com/wp-includes/images/w-logo-blue-white-bg.png
IP
Requested by https://2by4constructioninc.com/pki/rentfree.zip
Certificate IssuerGoDaddy.com, Inc.
Subject2by4constructioninc.com
FingerprintDB:4D:58:EF:BE:C9:EF:A2:2F:A6:31:7C:EE:0B:02:69:FC:0D:47:79
ValidityMon, 15 Aug 2022 23:22:40 GMT - Tue, 15 Aug 2023 23:22:40 GMT
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: 2by4constructioninc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2by4constructioninc.com/pki/rentfree.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 May 2023 08:27:29 GMT
content-type: image/png
content-length: 4119
x-sucuri-id: 19029
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 16 Nov 2021 00:04:01 GMT
etag: "56c11a5-1017-5d0dca9a37e40"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
192.124.249.29