| gezginlerindirturkce.com/ |  172.67.132.194 | 301 Moved Permanently | 167 B |
URL gezginlerindirturkce.com/ IP172.67.132.194:0
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
GET / HTTP/1.1
Host: gezginlerindirturkce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Feb 2025 13:17:58 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 02 Feb 2025 14:17:58 GMT
Location: https://gezginlerindirturkce.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7F1RDeZdB18p49hXLbHyIb0gT7AKB%2B7woGSOtIv1yL90dxHZaP0vn3ucm1XAIlqhpdsXv%2BWNRwi8QfuNJulmad6Dh3CLBZ8cPGluMwpjbnRmFo0cEPfwN869jp25YtsUxSB%2BYzx1ZptaiaE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 90ba76ea9e2c56a9-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=528&min_rtt=528&rtt_var=264&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=289&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| GET www.gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe | 104.21.5.22 | 301 Moved Permanently | 167 B |
URL User Request GET www.gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe IP104.21.5.22:0
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
| NIDS | Severity | Alert |
|---|
| suricata | high | ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious | | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /wp-content/uploads9/2022/08/Mdm.exe HTTP/1.1
Host: www.gezginlerindirturkce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Feb 2025 13:18:04 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 02 Feb 2025 14:18:04 GMT
Location: https://www.gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bqY4MLwiFqFAC7Y94bYsz%2FeujB%2BGylj1qwGYatmojOKq0EGBhuDU619czpLTUTsSaQ2dkirpMUoOpPWBcP7ecfd7c%2BfMUVZ7y7MctwG2n76q1Q8poTi%2FWb9Zkx%2Byj4H9eur5egVLSqmfc8G0xpI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 90ba770ded13b503-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=527&min_rtt=527&rtt_var=263&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=448&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| www.gezginlerindirturkce.com/wp-content/uploads9/2024/01/gindir-logo.jpg | 172.67.132.194 | 200 OK | 28 kB |
URL www.gezginlerindirturkce.com/wp-content/uploads9/2024/01/gindir-logo.jpg IP172.67.132.194:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3 Hashd8203e856c8c667ce4da2fadc43024b2 a17b9b5c07b45d447d4ea36386b0e6b668935e2d f98e178cc09f4e4d00c34e74f59e05a0f8cbbca5fa86e1aaac6662cb00ed89cf
GET /wp-content/uploads9/2024/01/gindir-logo.jpg HTTP/1.1
Host: www.gezginlerindirturkce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 02 Feb 2025 13:18:23 GMT
content-type: image/jpeg
content-length: 28264
cache-control: public, max-age=16070400
expires: Sat, 08 Feb 2025 12:57:31 GMT
etag: "6e68-676bd40e-a2d1;;;"
last-modified: Wed, 25 Dec 2024 09:44:46 GMT
accept-ranges: bytes
x-turbo-charged-by: LiteSpeed
age: 87651
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cL0Vk1M0A20ujAhqBgsFH%2BjsV7Ro51fSFx66F6PQcshMpP6O5vIeosUvtDEetWEnN%2FChoNOZyDjOn8RqX9w9p3l1h3y67Z8eL2dYJ1y222mNzjhfE3Y7iJEQbHJuc08m1E4QWnWmVYxtFbjN%2BRXY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90ba77841e4f568f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2981&min_rtt=1176&rtt_var=2048&sent=64&recv=22&lost=0&retrans=0&sent_bytes=53540&recv_bytes=4233&delivery_rate=519740&cwnd=48000&unsent_bytes=0&cid=1d815c1a12ce304e&ts=20230&x=1", cfExtPri, cfHdrFlush;dur=0
|
| GET gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe | 172.67.132.194 | 301 Moved Permanently | 0 B |
URL User Request GET HTTP/2gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe IP172.67.132.194:443
CertificateIssuerGoogle Trust Services Subjectgezginlerindirturkce.com Fingerprint1D:C2:D5:CE:F0:91:8B:53:A6:28:7B:0C:FE:0F:52:9B:DA:1E:55:A9 ValiditySat, 01 Feb 2025 07:00:57 GMT - Fri, 02 May 2025 07:58:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads9/2022/08/Mdm.exe HTTP/1.1
Host: gezginlerindirturkce.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sun, 02 Feb 2025 13:18:03 GMT
content-type: text/html; charset=UTF-8
location: https://www.gezginlerindirturkce.com/wp-content/uploads9/2022/08/Mdm.exe
vary: Accept-Encoding, Cookie
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: max-age=16070400, must-revalidate
x-redirect-by: WordPress
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HoV%2FIieZIHQ%2BG4yIrNgFVZtScCOg4vSr79hwxKvOM326wzX%2BR0vg5UCrS9kIZDVJ0WfXLQMKJxLGM5iDrfnw1QJ88W3uNVt1PNCeLpizF7yR1QVcdI55ZEbby%2B43dTSGBSVlhb5pjiiE0wg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ba76d82abd0afa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5791&min_rtt=496&rtt_var=10606&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3313&recv_bytes=1293&delivery_rate=6703703&cwnd=254&unsent_bytes=0&cid=fd345a768801eadc&ts=7303&x=0"
X-Firefox-Spdy: h2
|