URL User Request GET HTTP/1.1IP 46.166.189.98:80
ASN#43350 NForce Entertainment B.V.
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
NIDS | Severity | Alert | suricata | high | ET MALWARE Single char EXE direct download likely trojan (multiple families) |
GET /E.exe HTTP/1.1
Host: bankofamierca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 26 Sep 2023 18:56:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.33
location: http://www.noannualfeecreditcards.org/E.exe
|
| www.noannualfeecreditcards.org/E.exe | 103.224.182.246 | 403 Forbidden | 94 B |
URL User Request GET HTTP/1.0www.noannualfeecreditcards.org/E.exe IP 103.224.182.246:443
ASN#133618 Trellian Pty. Limited
CertificateIssuerLet's Encrypt Subjectnot-alone.de FingerprintB0:4A:FD:4E:B0:12:8C:4C:37:EA:33:FE:3F:95:11:9F:11:CD:F0:FE ValidityMon, 07 Aug 2023 00:03:00 GMT - Sun, 05 Nov 2023 00:02:59 GMT
File typeHTML document, ASCII text, with no line terminators Hash586e5879c0666b49307b1206e45d3a4f c17c169c84535495ae36f5e956f3a4802874e0b1 8eb0c96561f744076e699a97c54fc207b905997c65a31a5d73bb826df406f08d
NIDS | Severity | Alert | suricata | high | ET MALWARE Single char EXE direct download likely trojan (multiple families) |
GET /E.exe HTTP/1.1
Host: www.noannualfeecreditcards.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html
|
| www.noannualfeecreditcards.org/E.exe | 103.224.182.246 | 403 Forbidden | 94 B |
URL User Request GET HTTP/1.0www.noannualfeecreditcards.org/E.exe IP 103.224.182.246:80
ASN#133618 Trellian Pty. Limited
File typeHTML document, ASCII text, with no line terminators Hash586e5879c0666b49307b1206e45d3a4f c17c169c84535495ae36f5e956f3a4802874e0b1 8eb0c96561f744076e699a97c54fc207b905997c65a31a5d73bb826df406f08d
NIDS | Severity | Alert | suricata | high | ET MALWARE Single char EXE direct download likely trojan (multiple families) |
GET /E.exe HTTP/1.1
Host: www.noannualfeecreditcards.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html
|
| www.noannualfeecreditcards.org/favicon.ico | 103.224.182.246 | 403 Forbidden | 94 B |
URL GET HTTP/1.0www.noannualfeecreditcards.org/favicon.ico IP 103.224.182.246:80
ASN#133618 Trellian Pty. Limited
Requested byhttp://www.noannualfeecreditcards.org/E.exe
File typeHTML document, ASCII text, with no line terminators Hash586e5879c0666b49307b1206e45d3a4f c17c169c84535495ae36f5e956f3a4802874e0b1 8eb0c96561f744076e699a97c54fc207b905997c65a31a5d73bb826df406f08d
GET /favicon.ico HTTP/1.1
Host: www.noannualfeecreditcards.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.noannualfeecreditcards.org/E.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html
|