| www.fs-floor.com/7bjmn/sg6z.ppt | 168.76.249.50 | 200 OK | 3.8 kB |
URL User Request GET HTTP/1.1www.fs-floor.com/7bjmn/sg6z.ppt IP168.76.249.50:80 ASN#137951 Clayer Limited
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (5450) Hash5301be01ad537ba7bf2b5da0a36126f3 f4a0912afdb9da7916cbf18b4b25346e2027449c 7c6bc747befd45e1e773f9c36dc577e49d11f99ddc3949c0911854894e12f478
NIDS | Severity | Alert | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2 | suricata | low | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 | suricata | low | ET WEB_CLIENT Observed Hunter Obfuscator Code M1 |
GET /7bjmn/sg6z.ppt HTTP/1.1
Host: www.fs-floor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 3819
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jun 2023 10:46:52 GMT
Vary: Accept-Encoding
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 104.18.21.226 | | 1.4 kB |
URL ocsp.globalsign.com/gsgccr3dvtlsca2020 IP104.18.21.226:0
Hash47b7be9b8fe5c89a90d8f88fdc2d5360 16eeb9def27205d15156c352ff1eafa92a3e52c1 7de627b3acb1a2dc1f4d728cdb2f5e45c31b25f13f1c62678ca085cd2704a9ee
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:46:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 06 Jun 2023 09:17:20 GMT
ETag: "16eeb9def27205d15156c352ff1eafa92a3e52c1"
Last-Modified: Fri, 02 Jun 2023 09:17:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 952
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0f1d95ac4ab50c-OSL
|
| js.users.51.la/21572989.js | 42.236.73.40 | 200 OK | 2.3 kB |
URL GET HTTP/1.1js.users.51.la/21572989.js IP42.236.73.40:443 ASN#4837 CHINA UNICOM China169 Backbone
Requested byhttp://www.fs-floor.com/7bjmn/sg6z.ppt CertificateIssuerGlobalSign nv-sa Subject*.users.51.la Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39 ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT
File typeASCII text, with very long lines (4898), with no line terminators Hashf2a38779ca67c8f73fe3b5e99c95292e 85e613a79f5b25451ee4bc81a2f8386c257a7edb 6a5bd7ba77644e373ac2ddfcc26f02b0817b7bc9728c6cc7eac68024991e9ca0
GET /21572989.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.fs-floor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 02 Jun 2023 10:46:58 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Cache-Control: no-store
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|