| ocsp.r2m01.amazontrust.com/ |  54.230.80.227 | | 471 B |
URL ocsp.r2m01.amazontrust.com/ IP54.230.80.227:0
Hash0a0ef9190e77ba99f0a50f49800580f9 99a57491b649bc784d2966db863100c157db19c1 6755226e9fd93bf96e2d5ddf6cb97ffd63727c50c070aa4b1f53a858cb9a55ce
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 07 Jun 2023 01:30:57 GMT
Last-Modified: Tue, 06 Jun 2023 23:42:12 GMT
Server: ECAcc (nya/789D)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ic-jahQHOp2F59b1KBR14owqW2a27VZr51mnq5kJufIMeC8JdQyVxQ==
Age: 6525
|
| terfet.s3.ap-south-1.amazonaws.com/2.exe |  52.219.158.182 | 403 Forbidden | 243 B |
URL User Request GET HTTP/1.1terfet.s3.ap-south-1.amazonaws.com/2.exe IP52.219.158.182:80
File typeXML 1.0 document text\012- XML document, ASCII text Hasheffded505c364217373e7a0b8cd71eea 89dc68c73527bce24d46e8d3029464f81a455edc 79194c7ad4bef2a5d34690749c02220415392348ec4afc9de21e32762efaa3e4
| NIDS | Severity | Alert |
|---|
| suricata | high | ET MALWARE Single char EXE direct download likely trojan (multiple families) |
GET /2.exe HTTP/1.1
Host: terfet.s3.ap-south-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
x-amz-request-id: 6F2V3QA5P7CJ4J7Q
x-amz-id-2: fcIFxuJC89h6tO6VsGhZf//VIqL72VoWEQ0qk3pXcWn95W4BXJ3tzSwqaGa3h50mJUR0hJDGds8=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Wed, 07 Jun 2023 01:30:57 GMT
Server: AmazonS3
|
| terfet.s3.ap-south-1.amazonaws.com/2.exe | 52.219.158.182 | 403 Forbidden | 243 B |
URL User Request GET HTTP/1.1terfet.s3.ap-south-1.amazonaws.com/2.exe IP52.219.158.182:80
File typeXML 1.0 document text\012- XML document, ASCII text Hash73eb1026341255fb3b0919aa31113927 9606a3dd54af6887e40752c369e783ab93b406b3 a15ad1c577e3789eb9a4081d6ab29b96f72fb745cc5cfd978feba48b759e6471
| NIDS | Severity | Alert |
|---|
| suricata | high | ET MALWARE Single char EXE direct download likely trojan (multiple families) |
GET /2.exe HTTP/1.1
Host: terfet.s3.ap-south-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
x-amz-request-id: F3S7TEFP5E3EHV0Y
x-amz-id-2: AHGYWtDpa5ChJqbGRvoIagsNenhmgeE5XTxwN7cfRnX3gDxzxMh5A4EVgNHLlwlpNqZjznhhYwY=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Wed, 07 Jun 2023 01:30:57 GMT
Server: AmazonS3
|
| terfet.s3.ap-south-1.amazonaws.com/favicon.ico | 52.219.158.182 | 403 Forbidden | 243 B |
URL GET HTTP/1.1terfet.s3.ap-south-1.amazonaws.com/favicon.ico IP52.219.158.182:80
Requested byhttp://terfet.s3.ap-south-1.amazonaws.com/2.exe
File typeXML 1.0 document text\012- XML document, ASCII text Hash9f02f84aca9bd905b2bacafce1105962 921b4293dca4a1fa2a0228fe785c464b2dbd8bec 6d28cffda906ce99dddb0e3953f9dd968a0f721acf4d06d6c7bdceb0a44d5b9f
GET /favicon.ico HTTP/1.1
Host: terfet.s3.ap-south-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://terfet.s3.ap-south-1.amazonaws.com/2.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
x-amz-request-id: F3SE0HDX4NE9B399
x-amz-id-2: JejIGQiX37EVxdEWPuwyKYxrf+dYm7m+Fswwy7EUSSoKXKz39Nht0ElmJ0hTeag2M+5EPENDkDs=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Wed, 07 Jun 2023 01:30:57 GMT
Server: AmazonS3
|