webs-up.com/6FVAX/fuck_niggers_24.hta
119.59.103.152200 OK 5.0 kB URL User Request GET HTTP/1.1 webs-up.com/6FVAX/fuck_niggers_24.hta
IP 119.59.103.152:80
ASN #56067 453 Ladplacout Jorakhaebua
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (46157), with CRLF line terminators
Hash 4d542e0ac24846a48903176bd1e507d4
64969223066f42377bffc31732d906e2baa3080d
57b0c238ec6af336149648b506bff7b4191887173d158644a6a14a68baa7b1dd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY Possible HTA Application Download
suricata high URLhaus Known malware download URL detected (1904501)
GET /6FVAX/fuck_niggers_24.hta HTTP/1.1
Host: webs-up.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 May 2023 08:06:33 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 20 Dec 2021 16:10:56 GMT
ETag: "bb57-5d39622363224-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4971
Keep-Alive: timeout=2, max=100
IP 119.59.103.152:80
ASN #56067 453 Ladplacout Jorakhaebua
Requested by http://webs-up.com/6FVAX/fuck_niggers_24.hta
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5ec166938dd10f7c288d23e00159bc0d
8f0ec38a481ad316a69bbef36c70226ed93b430a
ab0a00ffcad7056ef0e1b74048a35e4f3b720975ceaca53b51408523fdcfd79e
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: webs-up.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://webs-up.com/6FVAX/fuck_niggers_24.hta
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 24 May 2023 08:06:34 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 196
Keep-Alive: timeout=2, max=100
Content-Type: text/html