| guerrilladefense.com/wp/login.php |  70.32.23.52 | 200 OK | 1.5 kB |
URL User Request GET HTTP/2guerrilladefense.com/wp/login.php IP70.32.23.52:443
CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeJavaScript source, ASCII text Hasha94e18e00ea12aea355750495716d89a 50ff4b68eff57214c4c3a708f669aafa81ab8b0d e6976532570e087dfd5105b224d96440adc4969d74a79e72cd92f498834b0270
GET /wp/login.php HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-length: 1501
cache-control: no-cache, no-store, must-revalidate, max-age=0, no-store, max-age=0
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=16191154 | 70.32.23.52 | 302 Found | 0 B |
URL User Request GET HTTP/2guerrilladefense.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=16191154 IP70.32.23.52:443
CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=16191154 HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Tue, 23 Apr 2024 13:17:00 GMT
content-length: 0
x-forwarded-for: 91.90.42.154
x-real-ip: 91.90.42.154
x-remote-ip: 91.90.42.154
location: https://guerrilladefense.com/wp/login.php
set-cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; Path=/; Domain=guerrilladefense.com; Max-Age=2592000; HttpOnly; SameSite=Lax
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/login.php | 70.32.23.52 | 200 OK | 619 B |
URL User Request GET HTTP/2guerrilladefense.com/wp/login.php IP70.32.23.52:443
CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashfe63b1c5a4c1cef5831e1c53fea96819 85d83d158b35a42c8f02d75618d624ea9ae5e0d1 66570233b27c0c11c1bf1a393b51332ffc0d274fd514afbecda91dabe1750d59
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/login.php HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://guerrilladefense.com/wp/login.php
DNT: 1
Connection: keep-alive
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: text/html; charset=utf-8
content-length: 619
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=acbbd538e10be652ab8bae83390ef270; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/bootstrap/dist/css/bootstrap.min.css | 70.32.23.52 | 200 OK | 18 kB |
URL GET HTTP/2guerrilladefense.com/wp/bootstrap/dist/css/bootstrap.min.css IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeASCII text, with very long lines (65317) Hash7e923ad223e9f33e54d22e50cf2bcce5 8b7cb193d70bb476db06651c878dfcd1a7e1c0ee aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/bootstrap/dist/css/bootstrap.min.css HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: text/css
content-length: 18042
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Fri, 06 Jan 2017 17:12:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css | 70.32.23.52 | 200 OK | 12 kB |
URL GET HTTP/2guerrilladefense.com/wp/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeASCII text, with very long lines (65511) Hash83f991966f4fe9b5e26dcb79c267a630 9810c2f654b171419de327c8048a7141b663a783 0ca13f118a0ac8dc77f0894b67dffe9861d52218cbbbaa2150ccf113665c6bfc
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/plugins/bower_components/bootstrap-extension/css/bootstrap-extension.css HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: text/css
content-length: 11768
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Thu, 13 Apr 2017 20:47:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/plugins/sweetalert/dist/sweetalert.css | 70.32.23.52 | 200 OK | 3.5 kB |
URL GET HTTP/2guerrilladefense.com/wp/plugins/sweetalert/dist/sweetalert.css IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
Hashd8cc26070373f41241f37ce5a9c9d885 3ecb6f91187c0153724c950efcea0b0d944fd5aa 460df149ba9d2eb000637d9bfb2df51c5080a19e9071ff4ed5a4b7e21a0bd2f1
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/plugins/sweetalert/dist/sweetalert.css HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: text/css
content-length: 3487
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Thu, 15 Dec 2016 04:39:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/plugins/bower_components/jquery/dist/jquery.min.js | 70.32.23.52 | 200 OK | 29 kB |
URL GET HTTP/2guerrilladefense.com/wp/plugins/bower_components/jquery/dist/jquery.min.js IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash512d9517dac8bd35b30856de88170212 fcb6d93a78864e9068c597ac843b0c4724248337 70ea5c0fd61a431fef3e564d404e868b8017cdf8525f37ef2e1a64299246003b
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/plugins/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: application/javascript
content-length: 28814
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Sun, 09 Apr 2017 17:51:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/bootstrap/dist/js/tether.min.js | 70.32.23.52 | 200 OK | 7.2 kB |
URL GET HTTP/2guerrilladefense.com/wp/bootstrap/dist/js/tether.min.js IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeJavaScript source, ASCII text, with very long lines (24900), with no line terminators Hash99d5eb445062f5f3b82d29aa2680e4a2 5c2a19c60f8ab7306c43bd68feebb3c9d3282c3c ff9a470d98767efd5e6489b27e24e1b41e408382ea0e3ca2b6d4fb7cb8dd4fff
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/bootstrap/dist/js/tether.min.js HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: application/javascript
content-length: 7188
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Tue, 15 Nov 2016 21:37:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/bootstrap/dist/js/bootstrap.min.js | 70.32.23.52 | 200 OK | 12 kB |
URL GET HTTP/2guerrilladefense.com/wp/bootstrap/dist/js/bootstrap.min.js IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32075) Hash0827a0bdcd9a917990eee461a77dd33e 6107d146e54a67c9998230abf839301575d05702 fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: application/javascript
content-length: 11465
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Fri, 06 Jan 2017 17:12:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js | 70.32.23.52 | 200 OK | 6.9 kB |
URL GET HTTP/2guerrilladefense.com/wp/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeJavaScript source, ASCII text, with very long lines (26402) Hash0c241eb74c0986ffefa56dc8308dd0ee 26b62a6286256442b6be8ce4b51dd3a34ac6588d bb5e2d3039b4fddffc1e711897eaffc7ddcf7256fea855989d37c4b1aa8bed8d
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/plugins/bower_components/bootstrap-extension/js/bootstrap-extension.min.js HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: application/javascript
content-length: 6928
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Mon, 13 Mar 2017 13:12:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/wp/plugins/sweetalert/dist/sweetalert.min.js | 70.32.23.52 | 200 OK | 5.1 kB |
URL GET HTTP/2guerrilladefense.com/wp/plugins/sweetalert/dist/sweetalert.min.js IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeJavaScript source, ASCII text, with very long lines (16994), with no line terminators Hash2f9966a615f3f46d846807adbe42644f 441544c084828da55ca0bafdc4c3df7dc7020820 be4d1215ef6f2b2915b7f65cd28b9a9f7dcef17e1f0d883edd19400ca0ea795c
| Analyzer | Verdict | Alert |
|---|
| urlquery | malware | Malware - Botnet panel |
GET /wp/plugins/sweetalert/dist/sweetalert.min.js HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 Apr 2024 13:17:00 GMT
content-type: application/javascript
content-length: 5135
cache-control: max-age=604800, public
expires: Tue, 30 Apr 2024 13:17:00 GMT
last-modified: Thu, 15 Dec 2016 04:39:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2
|
|
| guerrilladefense.com/favicon.ico | 70.32.23.52 | 404 Not Found | 796 B |
URL GET HTTP/3guerrilladefense.com/favicon.ico IP70.32.23.52:443
Requested byhttps://guerrilladefense.com/wp/login.php CertificateIssuerLet's Encrypt Subjectwebdisk.guerrilladefense.com Fingerprint97:D1:6F:92:54:2E:C5:EA:31:65:D3:F3:02:86:60:B5:60:1C:69:6A ValiditySun, 21 Apr 2024 03:18:22 GMT - Sat, 20 Jul 2024 03:18:21 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash265e51037981a14ed99a5fc8c5ec1b51 d12ac588953298fdaf46dd5b4af8eb4cf6b06f0a c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400
GET /favicon.ico HTTP/1.1
Host: guerrilladefense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guerrilladefense.com/wp/login.php
Cookie: wssplashuid=0b08da23622567bd813448c211d1188b8c0bd7a4.1713881820.1; PHPSESSID=acbbd538e10be652ab8bae83390ef270
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 796
date: Tue, 23 Apr 2024 13:17:01 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
|
|