IP 93.127.215.82:0
File typeHTML document, ASCII text, with CRLF line terminators Hash0aee114a2d9dc4ec21285e892cbb50c6 56f5c70ac4ffba866e25192d48194cd0112ee786 f87f5aaf5133442c4b595e586edb3039e6a7a8fd0f3d0fd1f795135830f0f4bb
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain | | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain |
GET / HTTP/1.1
Host: tyahw.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 May 2024 18:38:04 GMT
Server: Apache/2.4.58 (Ubuntu)
Last-Modified: Wed, 11 Oct 2023 14:03:10 GMT
ETag: "da6-60771488a8380-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 702
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
|
| tyahw.3utilities.com/ldvb/0105 | 93.127.215.82 | 200 OK | 2.7 kB |
URL User Request GET HTTP/1.1tyahw.3utilities.com/ldvb/0105 IP93.127.215.82:80
File typeUnicode text, UTF-8 text, with very long lines (318), with CRLF line terminators Hash0122b05f38f162d5ccebc473c0920491 df4cdd0f3fd2716e4cec2876e5a8cef490d2fb2e bb0ea7fcc4bf90582ea27400629426a41d342a005a3e5368dbca12167f902f26
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain | | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain | | suricata | medium | ETPRO ATTACK_RESPONSE Possibly Malicious VBScript Executing WScript.Shell Run M1 | | suricata | medium | ETPRO ATTACK_RESPONSE Possibly Malicious VBScript Executing WScript.Shell Run M1 |
GET /ldvb/0105 HTTP/1.1
Host: tyahw.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 May 2024 18:38:05 GMT
Server: Apache/2.4.58 (Ubuntu)
Last-Modified: Sat, 11 May 2024 11:26:33 GMT
ETag: "a82-6182beca28c40"
Accept-Ranges: bytes
Content-Length: 2690
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
|
| tyahw.3utilities.com/favicon.ico | 93.127.215.82 | 404 Not Found | 282 B |
URL GET HTTP/1.1tyahw.3utilities.com/favicon.ico IP93.127.215.82:80
Requested byhttp://tyahw.3utilities.com/ldvb/0105
File typeHTML document, ASCII text Hash7e97188570db031b6adfb844e198bfd2 0c13caadae211d297da9f45b5139c0648aa128eb b09ca8a1308331ab49209d2fda5b8c76ff04cbdcf80ee5bd679dc12bbc746299
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain | | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain |
GET /favicon.ico HTTP/1.1
Host: tyahw.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tyahw.3utilities.com/ldvb/0105
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 24 May 2024 18:38:05 GMT
Server: Apache/2.4.58 (Ubuntu)
Content-Length: 282
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|