webs-up.com/N6E/fuck_niggers_29.hta
119.59.103.152 4.9 kB URL User Request GET webs-up.com/N6E/fuck_niggers_29.hta
IP 119.59.103.152:0
ASN #56067 453 Ladplacout Jorakhaebua
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (44784), with CRLF line terminators
Hash d5a1f0c64f54dc098f0dbbee640d7482
0c56f7315da7bad3f76d212cb8d2b40db643dabe
e3e10146567d6110b42518a3b870887555d9669856c0aceea0a11f720057443a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY Possible HTA Application Download
suricata high URLhaus Known malware download URL detected (1904469)
GET /N6E/fuck_niggers_29.hta HTTP/1.1
Host: webs-up.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 May 2023 08:06:33 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 20 Dec 2021 16:11:20 GMT
ETag: "b620-5d39623a3c18d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4914
Keep-Alive: timeout=2, max=100
IP 119.59.103.152:80
ASN #56067 453 Ladplacout Jorakhaebua
Requested by http://webs-up.com/N6E/fuck_niggers_29.hta
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5ec166938dd10f7c288d23e00159bc0d
8f0ec38a481ad316a69bbef36c70226ed93b430a
ab0a00ffcad7056ef0e1b74048a35e4f3b720975ceaca53b51408523fdcfd79e
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: webs-up.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://webs-up.com/N6E/fuck_niggers_29.hta
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 24 May 2023 08:06:33 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 196
Keep-Alive: timeout=2, max=100
Content-Type: text/html