URL User Request GET HTTP/1.1IP 95.216.35.61:80
ASN#24940 Hetzner Online GmbH
File typeHTML document, Unicode text, UTF-8 text, with very long lines (668), with CRLF, LF line terminators Hashe2422d9104a542c929d4b19839f75ce6 7e6e0fe825f6fd00245510692ce1fd66050e14a6 c18c67a3ba2b77a528cab486dae6b44b4401dfdf491a2ca0aa2500b490bc40c0
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET / HTTP/1.1
Host: c2payload.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 10 May 2024 12:18:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Link: </antibot/ab.php>; rel=dns-prefetch
Set-Cookie: antibot_uid=c11170dca089cc3d7eb6d01a7f1a1068; expires=Sat, 10-May-2025 12:18:53 GMT; Max-Age=31536000; path=/
antibot_country=NO; expires=Mon, 20-May-2024 12:18:53 GMT; Max-Age=864000; path=/
antibot_lang=en; expires=Mon, 20-May-2024 12:18:53 GMT; Max-Age=864000; path=/
antibot_ptr=s919042154.blix.com; expires=Mon, 20-May-2024 12:18:53 GMT; Max-Age=864000; path=/
X-Frame-Options: DENY
|
| c2payload.zip/favicon.ico | 95.216.35.61 | 200 OK | 1.4 kB |
URL GET HTTP/1.1c2payload.zip/favicon.ico IP95.216.35.61:80 ASN#24940 Hetzner Online GmbH
File typeMS Windows icon resource - 1 icon, 16x16 Hashf0f650f8646a203f362d739a75e64778 004da78df6f6b283b037ee6793b7caa693dda197 4442c09f020ef30928eb81cfe74d8bb6543561354ca9a53cf6a77255a234f5d0
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /favicon.ico HTTP/1.1
Host: c2payload.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c2payload.zip/
DNT: 1
Connection: keep-alive
Cookie: antibot_uid=c11170dca089cc3d7eb6d01a7f1a1068; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 10 May 2024 12:18:54 GMT
Content-Type: image/x-icon
Content-Length: 1406
Last-Modified: Tue, 26 Apr 2022 05:29:28 GMT
Connection: keep-alive
ETag: "62678338-57e"
Accept-Ranges: bytes
|
| c2payload.zip/antibot/ab.php | 95.216.35.61 | | 72 B |
URL c2payload.zip/antibot/ab.php IP95.216.35.61:0 ASN#24940 Hetzner Online GmbH
Hashff600f85d8145a162883137f0c418add b7f1bb544974a168fee3e859b00e87b953593168 737536932b7c93a18b4583ad4dbef47d3bc0b884a3610604a2c913a600b2aed4
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain |
POST /antibot/ab.php HTTP/1.1
Host: c2payload.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c2payload.zip/
Content-type: application/x-www-form-urlencoded;
Content-Length: 300
Origin: http://c2payload.zip
DNT: 1
Connection: keep-alive
Cookie: antibot_uid=c11170dca089cc3d7eb6d01a7f1a1068; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 10 May 2024 12:18:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
X-Powered-CMS: AntiBot.Cloud (See: https://antibot.cloud/)
X-Robots-Tag: noindex
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
|
URL User Request GET HTTP/1.1IP95.216.35.61:80 ASN#24940 Hetzner Online GmbH
File typeHTML document, Unicode text, UTF-8 text Hash431f8754c798a8ddaa94c796908f8506 949d3281ae962b23b1b3755d5c9b4b56eb801d7f 69e880bf9daadecec4fb0a0d3944d2abf3d75896c7958cab9a84e940995cd326
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain | | suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET / HTTP/1.1
Host: c2payload.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: antibot_uid=c11170dca089cc3d7eb6d01a7f1a1068; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com; antibot_23f3c6e6229ae696a8b839769a276427=dfdd48e160c4705cab827dfb42330ff3; lastcid=1715343533.8019
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 10 May 2024 12:18:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: antibot_hits=2; expires=Sat, 11-May-2024 12:18:55 GMT; Max-Age=86400; path=/
antibot_unique_20240510=1; expires=Sat, 11-May-2024 12:18:55 GMT; Max-Age=86400; path=/
lastcid=0; expires=Fri, 10-May-2024 12:17:15 GMT; Max-Age=0; path=/
Expires: Mon, 20 May 2024 12:18:55 GMT
Cache-Control: public, max-age=864000
|
| stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css |  104.18.11.207 | 200 OK | 26 kB |
URL GET HTTP/2stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css IP104.18.11.207:443
CertificateIssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File typeASCII text, with very long lines (65324) Hasha15c2ac3234aa8f6064ef9c1f7383c37 6e10354828454898fda80f55f3decb347fd9ed21 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://c2payload.zip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:18:55 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 10/31/2023 18:59:49
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 781fdf1c6e823e65290dac5eeb884a47
cdn-cache: HIT
cf-cache-status: HIT
age: 835628
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8819dfe6b9301c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|