| 160.181.162.174:8888/~style.css | 160.181.162.174 | 200 OK | 14 kB |
URL GET HTTP/1.1160.181.162.174:8888/~style.css IP160.181.162.174:8888
Requested byhttp://160.181.162.174:8888/svcyr.exe
File typeUnicode text, UTF-8 text, with very long lines (12344), with CRLF line terminators Hash14a8ea205aab4b8eda3e4fb0c4323a43 06c692187d7a6246e636cc41e5057f4d52e0bce4 3be92549a6c27f67e61f59b2e0a940cc0a2a19c74a6c0d4cd4980388d6b479d4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /~style.css HTTP/1.1
Host: 160.181.162.174:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.162.174:8888/svcyr.exe
Cookie: HFS_SID_=n7qkRUEt5kAAAAAxCx7oPw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 13554
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
ETag: style.css45349.9454281944
Content-Encoding: gzip
|
| 160.181.162.174:8888/~lib.js | 160.181.162.174 | 200 OK | 11 kB |
URL GET HTTP/1.1160.181.162.174:8888/~lib.js IP160.181.162.174:8888
Requested byhttp://160.181.162.174:8888/svcyr.exe
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (2620), with CRLF line terminators Hash429665aebf4da09b0ecec67d36ca4c67 ebc55559ec7ce0fe94ad2c6fe3f2f33a1de66954 b552db7e1eac5b418e46a454994692e4cb6ae67d0b2627710098be6ee8d26190
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /~lib.js HTTP/1.1
Host: 160.181.162.174:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.162.174:8888/svcyr.exe
Cookie: HFS_SID_=n7qkRUEt5kAAAAAxCx7oPw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 10871
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
ETag: lib.js45349.9454281944
Content-Encoding: gzip
|
| 160.181.162.174:8888/?mode=jquery | 160.181.162.174 | 200 OK | 44 kB |
URL GET HTTP/1.1160.181.162.174:8888/?mode=jquery IP160.181.162.174:8888
Requested byhttp://160.181.162.174:8888/svcyr.exe
File typeJavaScript source, ASCII text, with very long lines (32077) Hash9412724f1fb2c06aa53a9a75cd6d34c4 53c0f9e40695429ccc0e490977f85282744e53ba 6a1dadb5b03bd6c8cd4668c976e7fb89b7b2912c243810cb861c730295591ccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?mode=jquery HTTP/1.1
Host: 160.181.162.174:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.162.174:8888/svcyr.exe
Cookie: HFS_SID_=n7qkRUEt5kAAAAAxCx7oPw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 43515
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
ETag: jquery45349.945516331
Content-Encoding: gzip
|
| 160.181.162.174:8888/favicon.ico | 160.181.162.174 | 200 OK | 576 B |
URL GET HTTP/1.1160.181.162.174:8888/favicon.ico IP160.181.162.174:8888
Requested byhttp://160.181.162.174:8888/svcyr.exe
File typeGIF image data, version 89a, 16 x 16 Hash9c3180a65d1ac3066055353e8b8b693e 15031554825c0aabbfdb1ce2c2756c479a7295d6 a37b97bab4af022ffea89ae28cba0d7a098bb2dadca53b770b16a2973f112845
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 160.181.162.174:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://160.181.162.174:8888/svcyr.exe
Cookie: HFS_SID_=n7qkRUEt5kAAAAAxCx7oPw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 576
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
|
| 160.181.162.174:8888/svcyr.exe | 160.181.162.174 | 429 | 870 B |
URL User Request GET HTTP/1.1160.181.162.174:8888/svcyr.exe IP160.181.162.174:8888
File typeHTML document, Unicode text, UTF-8 text, with very long lines (902), with no line terminators Hashef4dfb0d05002c60c9b2b823b0bfa539 2ad9f2f9eb9bd4e80bb23aa5d1cde68fa5f877d3 9d587555bc51d2a73c35915e28e1e3e54e9e4424a2f0d9df51c8b518b496ec5e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /svcyr.exe HTTP/1.1
Host: 160.181.162.174:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 429
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
Set-Cookie: HFS_SID_=n7qkRUEt5kAAAAAxCx7oPw; path=/; HttpOnly
ETag: f7f74d1624b4a2d50208023ac5dcbcc6
Last-Modified: Tue, 27 Feb 2024 14:43:29 GMT
Content-Encoding: gzip
|