optimataxreliefscam.com/fcm4r
193.3.19.203 81 B URL optimataxreliefscam.com/fcm4r
IP 193.3.19.203:0
ASN #50340 OOO Network of data-centers Selectel
Hash 056b66259c40821b58b01358fffe4482
941ef082c11c26a921fedca01075211b4a427326
515047805330c76fa1d364f137f578c4839c2e2115d8d9eac386aef459b0232d
NIDS Severity Alert suricata high ETPRO MALWARE 404 TDS Redirect
GET /fcm4r HTTP/1.1
Host: optimataxreliefscam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 06 Apr 2023 14:54:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 81
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Thu, 06 Apr 2023 10:57:04 GMT
ETag: "51-5f8a8c4daf053"
Accept-Ranges: bytes
sistemseguridad.com/wp-content/1
104.21.68.126301 Moved Permanently 0 B URL User Request GET HTTP/2 sistemseguridad.com/wp-content/1
IP 104.21.68.126:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint78:87:56:79:9C:AE:29:D3:6C:A1:60:80:9C:B3:EA:C1:70:2D:E5:AC
ValidityMon, 13 Feb 2023 00:00:00 GMT - Mon, 12 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/1 HTTP/1.1
Host: sistemseguridad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 06 Apr 2023 14:54:01 GMT
content-type: text/html
location: https://sistemseguridad.com/wp-content/1/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UM9blQpgCnWNqYNuxb%2BExiICKbhB58aETLICI1wmVmxWWD4bzVSEIJQCIhFJ3%2FjGEhr%2BlLtZgUtJCSHfrfKakhvXJbQfOPQlWdKdcl4acfkNSmDny3ezyV4P3e1NWMlqFVPT1ai7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b3add18fe740b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sistemseguridad.com/wp-content/1/
104.21.68.126200 OK 0 B URL User Request GET HTTP/2 sistemseguridad.com/wp-content/1/
IP 104.21.68.126:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint78:87:56:79:9C:AE:29:D3:6C:A1:60:80:9C:B3:EA:C1:70:2D:E5:AC
ValidityMon, 13 Feb 2023 00:00:00 GMT - Mon, 12 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/1/ HTTP/1.1
Host: sistemseguridad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 06 Apr 2023 14:54:02 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTEt%2FbHQljciLRrlWqB30qdfzNBOBP4WD1q%2FXrkk52CDS4NT2i5RGicFB%2FPVeymgjOWrJZd0U730WA5CZEy3r%2Ftr4a%2BqUQxuXktChdHhuB2P8W65qzaM6vsdpkyOlLKJ%2BatgGwUd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b3add1a78360b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sistemseguridad.com/favicon.ico
104.21.68.126404 Not Found 695 B URL GET HTTP/3 sistemseguridad.com/favicon.ico
IP 104.21.68.126:443
Requested by https://sistemseguridad.com/wp-content/1/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint78:87:56:79:9C:AE:29:D3:6C:A1:60:80:9C:B3:EA:C1:70:2D:E5:AC
ValidityMon, 13 Feb 2023 00:00:00 GMT - Mon, 12 Feb 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (725), with no line terminators
Hash 4e8f2251a46a64c7688a49a3e999898d
d1a26051b6ac058244584c8eec9830c78bae8af3
648415d8ead4e5a50c915ab2c7057d198671bd1e412d98ac4f8d5b069d7b54c7
GET /favicon.ico HTTP/1.1
Host: sistemseguridad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: sistemseguridad.com
Connection: keep-alive
Referer: https://sistemseguridad.com/wp-content/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 06 Apr 2023 14:54:02 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F8sAobu7nioJzfVjrHRu9jF9%2Fs408iu3xkGuKaFIM14LXJ4wlcl08DaiZ4vFc4GEL%2FZPtbaZ0jW2ev4u0VYOnMytvPI4YQNm0wEBQ530qXYDis9T%2FhdRVEFRjgBuWUx1V6Qa4RyX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b3add2248e4b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400