207.180.212.249301 Moved Permanently 162 B URL User Request GET HTTP/1.1 IP 207.180.212.249:80
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
suricata low ET INFO HTTP Request to a *.pw domain
GET / HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 01 May 2023 13:22:06 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://cloudserve.pw/
cloudserve.pw/images/apache_pb.gif
207.180.212.249200 OK 2.3 kB URL GET HTTP/2 cloudserve.pw/images/apache_pb.gif
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type GIF image data, version 89a, 259 x 32\012- data
Hash 48bc8b181b36c9289866a2e30f6afedd
7bcc5d916d33ab08929a9f7c1d07c33ac1ba47ba
1654416fec35a8b5d36ee0257025cec63e56dfe8572b6ff67c6b0d0d43158cbb
GET /images/apache_pb.gif HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: image/gif
content-length: 2326
last-modified: Tue, 17 Jun 2014 16:00:47 GMT
etag: "916-4fc0a3f32a9c0"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
cloudserve.pw/images/poweredby.png
207.180.212.249200 OK 4.0 kB URL GET HTTP/2 cloudserve.pw/images/poweredby.png
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type PNG image data, 88 x 31, 8-bit/color RGB, non-interlaced\012- data
Hash 5b1ca9f747c1b73dfa1c508765d9056a
6b319c943d8c69e212e7de8385802891dbafe8a3
5b720d579bbc1f8fee3b64df9290d41a28c747a5802589e48e05b7ebbfe9fc2f
GET /images/poweredby.png HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: image/png
content-length: 3956
last-modified: Tue, 17 Jun 2014 16:00:47 GMT
etag: "f74-4fc0a3f32a9c0"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
cloudserve.pw/noindex/css/fonts/Light/OpenSans-Light.woff
207.180.212.249404 Not Found 241 B URL GET HTTP/2 cloudserve.pw/noindex/css/fonts/Light/OpenSans-Light.woff
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d5d3f08fc8f1b36bac0b06b89d5384ca
cafebd0173cce7edfcbadcea5b8eabc4d7a20511
c4183128dc59a2ce673414a77fcab7ca0250ef354ef636df49d2b83580734ee0
Analyzer Verdict Alert fortinet Malware
GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cloudserve.pw/noindex/css/open-sans.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/html; charset=iso-8859-1
content-length: 241
X-Firefox-Spdy: h2
cloudserve.pw/noindex/css/fonts/Bold/OpenSans-Bold.woff
207.180.212.249404 Not Found 239 B URL GET HTTP/2 cloudserve.pw/noindex/css/fonts/Bold/OpenSans-Bold.woff
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 55e916743163813c7b8f4524f6e36b99
e1353703fda388ec26bf105b4132b0459f10163e
b5b54ea0662073c401cabb250a4f107c4763241fa43418503ae5764cff7e9ee4
Analyzer Verdict Alert fortinet Malware
GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cloudserve.pw/noindex/css/open-sans.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/html; charset=iso-8859-1
content-length: 239
X-Firefox-Spdy: h2
cloudserve.pw/noindex/css/fonts/Bold/OpenSans-Bold.ttf
207.180.212.249404 Not Found 238 B URL GET HTTP/2 cloudserve.pw/noindex/css/fonts/Bold/OpenSans-Bold.ttf
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 3baa1bdc36f0bd48549a7dd8998e0092
ff239b863438c32147172fc6e69c599074b2f5bd
dc60a2638748ddc90f87a7013aa7b8e85b72b1c28019f949d74c7961d4e7bfde
Analyzer Verdict Alert fortinet Malware
GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/noindex/css/open-sans.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
X-Firefox-Spdy: h2
cloudserve.pw/noindex/css/fonts/Light/OpenSans-Light.ttf
207.180.212.249404 Not Found 240 B URL GET HTTP/2 cloudserve.pw/noindex/css/fonts/Light/OpenSans-Light.ttf
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 0884ae410a4666002a9892c3943d95fb
057d6142e63483bd11367b3397db6f08f93db704
c10d0670053322e8bff7757debb47ccf9aae3f8e7513bc43163715e12614040f
Analyzer Verdict Alert fortinet Malware
GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/noindex/css/open-sans.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
X-Firefox-Spdy: h2
cloudserve.pw/favicon.ico
207.180.212.249404 Not Found 209 B URL GET HTTP/2 cloudserve.pw/favicon.ico
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 8ace35f18ab1832bacfde13597767517
22e4ee51bbdba11b19a2d6879bc60126dc89eecd
f87134d32dc903f27ed9c905bfd824f31192dac9e05887b2dedbb1ca416d1280
GET /favicon.ico HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
X-Firefox-Spdy: h2
cloudserve.pw/noindex/css/bootstrap.min.css
207.180.212.249200 OK 19 kB URL GET HTTP/2 cloudserve.pw/noindex/css/bootstrap.min.css
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type ASCII text, with very long lines (19170)
Hash 44c7856dea679ebcccf8fe201fbe1a7c
192a297f8aeda2bcdd0faa5320ffff825d24116f
bc40aeafcd25bc944d0d6357298c1b198b4a1fe294e0b84015d04b72cf942c10
GET /noindex/css/bootstrap.min.css HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/css
last-modified: Tue, 17 Jun 2014 16:00:47 GMT
etag: W/"4b8d-4fc0a3f32a9c0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloudserve.pw/noindex/css/open-sans.css
207.180.212.249200 OK 5.1 kB URL GET HTTP/2 cloudserve.pw/noindex/css/open-sans.css
IP 207.180.212.249:443
Certificate IssuerLet's Encrypt
Subjectcloudserve.pw
Fingerprint5A:2B:C7:3F:8E:0A:C1:71:C6:73:60:CF:8D:D2:1D:4B:67:19:05:D1
ValidityTue, 18 Apr 2023 07:27:10 GMT - Mon, 17 Jul 2023 07:27:09 GMT
File type ASCII text, with very long lines (5213), with no line terminators
Hash e3d891e8857fc6582c5bf699c2fcb11b
0da33ab9cb84713f1c5297bccab88dffa70d7099
907d298319b234d30d3da9158cd4006ac1810a1af07fe4d7997b60c02644bc6a
GET /noindex/css/open-sans.css HTTP/1.1
Host: cloudserve.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudserve.pw/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 01 May 2023 13:22:07 GMT
content-type: text/css
last-modified: Tue, 17 Jun 2014 16:00:47 GMT
etag: W/"13d9-4fc0a3f32a9c0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2