| hsnewqerea.net/imgs/krewa/nqxa.php?id=48w1npzx&s5=3159&lip=192.168.122.77&win=fWinS |  199.21.76.77 | 200 OK | 20 B |
URL User Request GET HTTP/1.1hsnewqerea.net/imgs/krewa/nqxa.php?id=48w1npzx&s5=3159&lip=192.168.122.77&win=fWinS IP199.21.76.77:80
File typegzip compressed data, from Unix\012- data Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | high | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | | suricata | high | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst |
GET /imgs/krewa/nqxa.php?id=48w1npzx&s5=3159&lip=192.168.122.77&win=fWinS HTTP/1.1
Host: hsnewqerea.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 19 Sep 2023 04:14:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ee51584f527c201c708f3a30589bb4fa|91.90.42.154|1695096895|1695096895|0|1|0; path=/; domain=.hsnewqerea.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
snkz=91.90.42.154; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Content-Encoding: gzip
|
| hsnewqerea.net/favicon.ico | 199.21.76.77 | 200 OK | 20 B |
URL GET HTTP/1.1hsnewqerea.net/favicon.ico IP199.21.76.77:80
Requested byhttp://hsnewqerea.net/imgs/krewa/nqxa.php?id=48w1npzx&s5=3159&lip=192.168.122.77&win=fWinS
File typegzip compressed data, from Unix\012- data Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: hsnewqerea.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hsnewqerea.net/imgs/krewa/nqxa.php?id=48w1npzx&s5=3159&lip=192.168.122.77&win=fWinS
Cookie: btst=ee51584f527c201c708f3a30589bb4fa|91.90.42.154|1695096895|1695096895|0|1|0; snkz=91.90.42.154
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 19 Sep 2023 04:14:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ee51584f527c201c708f3a30589bb4fa|91.90.42.154|1695096896|1695096895|0|2|0; path=/; domain=.hsnewqerea.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Content-Encoding: gzip
|