| old.shoeengine.com/wp-content/uploads/2020/04/shayle.txt |  104.21.86.211 | 200 OK | 27 kB |
URL User Request GET HTTP/2old.shoeengine.com/wp-content/uploads/2020/04/shayle.txt IP104.21.86.211:443
CertificateIssuerGoogle Trust Services LLC Subjectshoeengine.com Fingerprint3F:FE:A6:28:5B:15:5E:65:4C:96:8B:61:A3:58:5F:1F:5A:28:1E:BF ValidityFri, 24 May 2024 15:31:15 GMT - Thu, 22 Aug 2024 15:31:14 GMT
File typeASCII text, with very long lines (37424) Hash3bd0960b40fc2bd347002536915ff548 fa9b74d903b2ccbdf0c84c1781187868e81119e1 d5794c3c1171857ca453cc5e334b17fc50db2a9c2faa3ede3f4bfadff9327f2f
| Analyzer | Verdict | Alert |
|---|
| Public Nextron YARA rules | malware | Detects hex encoded code that has been base64 encoded | | Public Nextron YARA rules | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
GET /wp-content/uploads/2020/04/shayle.txt HTTP/1.1
Host: old.shoeengine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 02 Jun 2024 08:57:31 GMT
content-type: text/plain
content-length: 26999
last-modified: Mon, 13 Jun 2022 05:09:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32C%2F4cluw8TlaBilR78x1AXe86a4Xi4WQZdbh3y4YNLF3cMDRQSuBb%2BDgoMCe3a9xkdfNXw%2BwJMbXbZBRrqg6UgMWUZb7cfs6kVFSVfK23INPel1iFknnmOR%2F3%2Bvrt%2BOB%2BwMsh4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d63c8318dc5684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| old.shoeengine.com/favicon.ico | 104.21.86.211 | 200 OK | 1.2 kB |
URL GET HTTP/3old.shoeengine.com/favicon.ico IP104.21.86.211:443
Requested byhttps://old.shoeengine.com/wp-content/uploads/2020/04/shayle.txt CertificateIssuerGoogle Trust Services LLC Subjectshoeengine.com Fingerprint3F:FE:A6:28:5B:15:5E:65:4C:96:8B:61:A3:58:5F:1F:5A:28:1E:BF ValidityFri, 24 May 2024 15:31:15 GMT - Thu, 22 Aug 2024 15:31:14 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hasha8e320c87612ae50e2f3147fd0485010 3094d3486ad30059918115d016d6e229bb423dbd 4c7b9dd6fc9a6c078bdcdeecc9ed0542103c6ab6ea58f5c38863d23742c69f95
GET /favicon.ico HTTP/1.1
Host: old.shoeengine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://old.shoeengine.com/wp-content/uploads/2020/04/shayle.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 02 Jun 2024 08:57:31 GMT
content-type: image/vnd.microsoft.icon
last-modified: Sat, 02 Dec 2017 23:58:47 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rHp2jDa30OF15hzBIzzvjNCNdRYs1Vo3%2Bw5Ix%2BsUcZ50NRLT97vbvsO7E9SKCVl5ZmnQryQ%2BGJaULv3QkgpPqg8TeWdlee5rVgbZ4oWLUTWDpeXaEf7Qz95RCl6Jheow6f8kBL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88d63c85ed1956ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|