IP172.67.210.218:0
File typeHTML document, ASCII text Hashfa172c77abd7b03605d83cd1ae373657 9785fb3254695c25c621eb4cd81cf7a2a3c8258f b0c7e6712ecbf97a1e3a14f19e3aed5dbd6553f21a2852565bfc5518925713db
GET / HTTP/1.1
Host: mc.rockylinux.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 01 May 2024 21:44:21 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wf1Nc3LQ%2FpTflz%2FOXu7hjTduq2c0cIaT%2F2V3vrCS229PecgnthzCcv1AcOkQ03gJEet6v1wHF4rnRTW8Upo8W2f6a31W4LG5q1ajwDEKALgPd0OKLKtUdiA8znUtOll2LEra"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87d2f388dd047127-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
| mc.rockylinux.si/seoforce/triggers/files/evil.txt | 172.67.210.218 | 200 OK | 3.0 kB |
URL User Request GET HTTP/2mc.rockylinux.si/seoforce/triggers/files/evil.txt IP172.67.210.218:443
CertificateIssuerLet's Encrypt Subjectrockylinux.si Fingerprint7C:81:4A:36:AB:31:CC:F9:FF:14:26:61:8C:F2:69:BB:36:D1:1C:67 ValiditySun, 31 Mar 2024 14:36:10 GMT - Sat, 29 Jun 2024 14:36:09 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (3236), with no line terminators Hashc905e980a57261b939f16f879064ca4a bc5088771a4fc4b6b9d228d750e2c17ae8493fea 13746af5a7fb387b6a42857cf879afe01d90014c005f68ae91c28d6d997b49d2
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
GET /seoforce/triggers/files/evil.txt HTTP/1.1
Host: mc.rockylinux.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 May 2024 21:44:19 GMT
content-type: text/plain
last-modified: Mon, 27 Dec 2021 21:28:32 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJ9W0XjbhD9ZpFdIj8zPDrA5l3axXfmmhn9BvB6tXVczrGB4ktuc43M8ntFjEPq6o0WpixVr0Y0DrlpSLiy%2Fs7m8znepTRSO5aTg5N3tfsmanNQ0lkFNVKJh3gbK1WUzTY0n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d2f37659311bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| mc.rockylinux.si/favicon.ico | 0.0.0.0 | | 0 B |
URL GET mc.rockylinux.si/favicon.ico IP0.0.0.0:0
Requested byhttps://mc.rockylinux.si/seoforce/triggers/files/evil.txt
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: mc.rockylinux.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mc.rockylinux.si/seoforce/triggers/files/evil.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|