URL User Request GET HTTP/1.1IP188.114.97.1:80
File typeHTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1180), with CRLF, LF line terminators Hashdac584fe712cf30526efe34d08a1958c 278d62f0d402af29060066a089842404b86f2377 f31c71fa5179494de3d577b314591162c59fc4b330be627e8817219b4f3dbbe4
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 |
GET / HTTP/1.1
Host: lightrider.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 04 May 2023 21:08:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://lightrider.su/?jobeba=vipulobusucanudu
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DqO53dZOvUZLNsMiroCqMkC2x5LVdJBM5uK%2B1d17UrL9LjG4sQjoCsO3jL0FIabqwNwPPG3z%2FXQqR2EOb1nw3u1S%2FXQX94yBkxZdma9wXsqYfb94u7CiY7W27cHCd%2Fbv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7c23b7989995b50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
| lightrider.su/favicon.ico | 188.114.97.1 | 404 Not Found | 229 B |
URL GET HTTP/1.1lightrider.su/favicon.ico IP188.114.97.1:80
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Hashf0f8dfc4a958c575ce7578ac9f053442 225148e65a8b8a8567c7c8c29783d24d0c4aa93a a3acd5e02de142b1ac04ad2a487796d106d84cc686bbc578751acc4240631b06
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /favicon.ico HTTP/1.1
Host: lightrider.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lightrider.su/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 04 May 2023 21:08:07 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELfa36UJ7i8LbZEk0esejJvV7CsNhJt4d4C9lTdcLeroBglawyF90P0ezcpMX4QWndB%2FK92d%2BBNlPTl3GoTMT6w%2BQ9xNY3G5ERuur%2FxsfINC3xtTfO61xAu3urumQNlU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c23b79b6cf6b50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|