| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 104.18.20.226 | | 1.4 kB |
URL ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.20.226:0
Hashc1b888b7f247fae1efe657607e4b2788 fe2a6efbc30edd1d10f3a007ef838c54c2ff7092 bb5d46cb64df11cdd1a842a0976ce656fe8ec4852d9d23d293fb984cc280361b
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Jun 2023 23:40:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 07 Jun 2023 18:49:25 GMT
ETag: "fe2a6efbc30edd1d10f3a007ef838c54c2ff7092"
Last-Modified: Sat, 03 Jun 2023 18:49:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3290
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d1bc78b0e31fab4-OSL
|
|
| drivers.drp.su/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe | 87.117.231.157 | 301 Moved Permanently | 178 B |
URL User Request GET HTTP/1.1drivers.drp.su/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe IP87.117.231.157:443 ASN#20860 Iomart Cloud Services Limited
CertificateIssuerGlobalSign nv-sa Subject*.drp.su Fingerprint34:1E:96:B8:39:49:9B:74:D8:A5:5C:4C:4D:36:66:44:3A:33:D3:36 ValiditySat, 08 Apr 2023 14:27:02 GMT - Thu, 09 May 2024 14:27:01 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashcd2e0e43980a00fb6a2742d3afd803b8 81ffbd1712afe8cdf138b570c0fc9934742c33c1 bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe HTTP/1.1
Host: drivers.drp.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Jun 2023 23:38:06 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://dl.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe
Set-Cookie: _ga_cid=0.000529.1685835486.55616555382644; path=/; domain=.drp.su
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 104.18.20.226 | | 1.4 kB |
URL ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.20.226:0
Hashc96a1a44c1ead4786c825b4eb3ac687d 4a3e4e68f0f23d625476648099f6eaa38311ca98 fa2cdb035e73b32c19aa61ed5a67c8460fed838a9cb258168ce7218718473765
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Jun 2023 23:40:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 07 Jun 2023 21:00:20 GMT
ETag: "4a3e4e68f0f23d625476648099f6eaa38311ca98"
Last-Modified: Sat, 03 Jun 2023 21:00:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3424
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d1bc78c2ea3fab4-OSL
|
|
| dl.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe | 87.117.239.151 | 302 Moved Temporarily | 154 B |
URL User Request GET HTTP/1.1dl.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe IP87.117.239.151:443 ASN#20860 Iomart Cloud Services Limited
CertificateIssuerGlobalSign nv-sa Subject*.driverpack.io FingerprintBA:1D:99:E0:91:8B:0A:7A:63:2D:ED:EE:70:26:2F:F1:90:48:A6:C8 ValiditySat, 08 Apr 2023 14:21:19 GMT - Thu, 09 May 2024 14:21:18 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashcfbeaf604823f038b8b46f0ac862b98c 7b9eb1dac48e74fa5f418bc456cb410f88b81d98 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe HTTP/1.1
Host: dl.driverpack.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Jun 2023 23:39:43 GMT
Content-Type: text/html
Content-Length: 154
Connection: close
Location: https://download-storage.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe
Set-Cookie: _ga_cid=0.000531.1685835583.581795963706; path=/; domain=.drp.su
|
|
| drivers.drp.su/ | 87.117.239.150 | | 19 kB |
IP87.117.239.150:0 ASN#20860 Iomart Cloud Services Limited
CertificateIssuerGlobalSign nv-sa Subject*.drp.su Fingerprint34:1E:96:B8:39:49:9B:74:D8:A5:5C:4C:4D:36:66:44:3A:33:D3:36 ValiditySat, 08 Apr 2023 14:27:02 GMT - Thu, 09 May 2024 14:27:01 GMT
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashdde1ab31be5fb3bf9236ed5d1a48bd5f 81470b003517b55d6302033d18b5b59fdef2cd06 7346adf4e3df5d6b9ebf7b6606f0b7b93d1a3ec6bdd3e7de3b2b6740b2c47082
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET / HTTP/1.1
Host: drivers.drp.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Jun 2023 23:19:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: _ga_cid=0.000269.1685834377.503796292214; path=/; domain=.drp.su
|
|
| download-storage.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe | 0.0.0.0 | | 0 B |
URL User Request GET download-storage.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe HTTP/1.1
Host: download-storage.driverpack.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| download-storage.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe | 0.0.0.0 | | 0 B |
URL User Request GET download-storage.driverpack.io/CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /CardReader/Duolabs/WinAll/x64/Duolabs-WinAll-x64-drp.exe HTTP/1.1
Host: download-storage.driverpack.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
|
|