| chocoplayer.com/board/data/php/lg.exe | 45.33.18.44 | 302 Found | 0 B |
URL User Request GET HTTP/1.1chocoplayer.com/board/data/php/lg.exe IP45.33.18.44:443
CertificateIssuerLet's Encrypt Subjectchocoplayer.com Fingerprint37:44:2A:E3:36:97:12:FD:E2:B1:BB:4D:3D:EF:65:03:FD:25:C9:77 ValidityTue, 23 May 2023 16:25:09 GMT - Mon, 21 Aug 2023 16:25:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /board/data/php/lg.exe HTTP/1.1
Host: chocoplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-length: 0
location: http://chocoplayer.com/board/data/php/lg.exe
cache-control: no-cache
set-cookie: mtmssl=1; path=/;
|
| chocoplayer.com/board/data/php/lg.exe | 96.126.123.244 | 302 Found | 3 B |
URL User Request GET HTTP/1.1chocoplayer.com/board/data/php/lg.exe IP96.126.123.244:443
CertificateIssuerLet's Encrypt Subjectchocoplayer.com Fingerprint37:44:2A:E3:36:97:12:FD:E2:B1:BB:4D:3D:EF:65:03:FD:25:C9:77 ValidityTue, 23 May 2023 16:25:09 GMT - Mon, 21 Aug 2023 16:25:08 GMT
File typeASCII text, with no line terminators Hash4f4adcbf8c6f66dcfc8a3282ac2bf10a c35a9fc52bb556c79f8fa540df587a2bf465b940 6b3c238ebcf1f3c07cf0e556faa82c6b8fe96840ff4b6b7e9962a2d855843a0b
NIDS | Severity | Alert | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /board/data/php/lg.exe HTTP/1.1
Host: chocoplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: mtmssl=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
server: openresty/1.13.6.1
date: Fri, 09 Jun 2023 06:51:58 GMT
content-type: text/html
content-length: 3
connection: close
|
| chocoplayer.com/favicon.ico | 45.56.79.23 | 200 OK | 43 B |
URL GET HTTP/1.1chocoplayer.com/favicon.ico IP45.56.79.23:80
Requested byhttp://chocoplayer.com/board/data/php/lg.exe
File typeGIF image data, version 89a, 1 x 1\012- data Hashad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: chocoplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://chocoplayer.com/board/data/php/lg.exe
Cookie: mtmssl=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Fri, 09 Jun 2023 06:51:58 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
connection: close
|