walltowalldiving.netcluesdemo.com/zee/chase/access.php?servid_service_login_&_authentication_82de3b814d4e9970a73c7a0890648e2f0258f6e2
44 kB URL walltowalldiving.netcluesdemo.com/zee/chase/access.php?servid_service_login_&_authentication_82de3b814d4e9970a73c7a0890648e2f0258f6e2
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (46067), with CRLF, LF line terminators
Hash 4a543a4514bbebd28d3e5fb849149291
aff1b19c8110e669751e5a6c0dea429297966eff
8631b05a57d82404bc2bd37f00a24dc1da328dcbea6ffca60d95e813f61b8240
GET /zee/chase/access.php?servid_service_login_&_authentication_82de3b814d4e9970a73c7a0890648e2f0258f6e2 HTTP/1.1
Host: walltowalldiving.netcluesdemo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cookielawinfo-checkbox-necessary=yes; cookielawinfo-checkbox-functional=no; cookielawinfo-checkbox-performance=no; cookielawinfo-checkbox-analytics=no; cookielawinfo-checkbox-advertisement=no; cookielawinfo-checkbox-others=no
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 11 Apr 2023 02:41:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0, no-store
Link: <https://walltowalldiving.netcluesdemo.com/wp-json/>; rel="https://api.w.org/"
Referrer-Policy: no-referrer-when-downgrade
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
walltowalldiving.netcluesdemo.com/wp-content/themes/divein/assets/images/netclues-logo.png
847 B URL walltowalldiving.netcluesdemo.com/wp-content/themes/divein/assets/images/netclues-logo.png
IP
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash fee3a026efab5164359061c8e047e22b
abaaf939af3b3a299c5e28d10cc189216686c782
c65008c3ddb4062754bc6a8cf524921e6ab9829dafcb22f4059646630652537e
GET /wp-content/themes/divein/assets/images/netclues-logo.png HTTP/1.1
Host: walltowalldiving.netcluesdemo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://walltowalldiving.netcluesdemo.com/wp-content/themes/divein/style.css?ver=1.0
Connection: keep-alive
Cookie: cookielawinfo-checkbox-necessary=yes; cookielawinfo-checkbox-functional=no; cookielawinfo-checkbox-performance=no; cookielawinfo-checkbox-analytics=no; cookielawinfo-checkbox-advertisement=no; cookielawinfo-checkbox-others=no
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Apr 2023 02:41:05 GMT
Content-Type: image/png
Content-Length: 847
Connection: keep-alive
Last-Modified: Thu, 12 Aug 2021 13:38:52 GMT
ETag: "34f-5c95cdb01fdb4"
Referrer-Policy: no-referrer-when-downgrade
Expires: Sat, 10 Jun 2023 02:41:05 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
cevatpasa.com/images/logos.gif?5b2d1=746914
200 OK 20 B URL User Request GET HTTP/1.1 cevatpasa.com/images/logos.gif?5b2d1=746914
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata high ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst
GET /images/logos.gif?5b2d1=746914 HTTP/1.1
Host: cevatpasa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Apr 2023 02:41:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c7bd27a997123aefd99d4ef36c9e3164|91.90.42.154|1681180866|1681180866|0|1|0; path=/; domain=.cevatpasa.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
snkz=91.90.42.154; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Content-Encoding: gzip
cevatpasa.com/favicon.ico
200 OK 20 B URL GET HTTP/1.1 cevatpasa.com/favicon.ico
IP
Requested by http://cevatpasa.com/images/logos.gif?5b2d1=746914
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /favicon.ico HTTP/1.1
Host: cevatpasa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cevatpasa.com/images/logos.gif?5b2d1=746914
Cookie: btst=c7bd27a997123aefd99d4ef36c9e3164|91.90.42.154|1681180866|1681180866|0|1|0; snkz=91.90.42.154
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Apr 2023 02:41:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c7bd27a997123aefd99d4ef36c9e3164|91.90.42.154|1681180866|1681180866|0|2|0; path=/; domain=.cevatpasa.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Content-Encoding: gzip
199.21.76.77