Click to jump to signature section
| Source: https://selmanc.com/h4ba4.js | Avira URL Cloud: Label: malware |
| Source: Network traffic | Suricata IDS: 2823606 - Severity 1 - ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016 : 45.60.87.23:443 -> 192.168.2.9:49745 |
| Source: Network traffic | Suricata IDS: 2823606 - Severity 1 - ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016 : 45.60.87.23:443 -> 192.168.2.9:49754 |
| Source: Network traffic | Suricata IDS: 2823606 - Severity 1 - ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016 : 45.60.87.23:443 -> 192.168.2.9:49833 |
| Source: Network traffic | Suricata IDS: 2823606 - Severity 1 - ETPRO EXPLOIT_KIT Possible Evil Redirect Leading to EK Dec 04 2016 : 45.60.87.23:443 -> 192.168.2.9:49849 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.11 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.11 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.11 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.229.209 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.11 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: www.delinian.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3 HTTP/1.1Host: www.delinian.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.delinian.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_2876573=0m/ozBEjRtWgDdm/atq3FrZ9YWcAAAAAQUIPAAAAAAARgKGTFTHPsVGF2jdLbG7R; incap_ses_1844_2876573=SMGUdvXWbXorY1GLcDSXGbZ9YWcAAAAAifbTi70s0hTFbeJ4PzdhlQ== |
| Source: global traffic | HTTP traffic detected: GET /_Incapsula_Resource?SWHANEDL=3830647518253617047,15054367127476131719,665612046028570500,372006 HTTP/1.1Host: www.delinian.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.delinian.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_2876573=0m/ozBEjRtWgDdm/atq3FrZ9YWcAAAAAQUIPAAAAAAARgKGTFTHPsVGF2jdLbG7R; incap_ses_1844_2876573=SMGUdvXWbXorY1GLcDSXGbZ9YWcAAAAAifbTi70s0hTFbeJ4PzdhlQ== |
| Source: global traffic | HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3 HTTP/1.1Host: www.delinian.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_2876573=0m/ozBEjRtWgDdm/atq3FrZ9YWcAAAAAQUIPAAAAAAARgKGTFTHPsVGF2jdLbG7R; incap_ses_1844_2876573=SMGUdvXWbXorY1GLcDSXGbZ9YWcAAAAAifbTi70s0hTFbeJ4PzdhlQ== |
| Source: global traffic | HTTP traffic detected: GET /_Incapsula_Resource?SWHANEDL=3830647518253617047,15054367127476131719,665612046028570500,372006 HTTP/1.1Host: www.delinian.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.delinian.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_2876573=0m/ozBEjRtWgDdm/atq3FrZ9YWcAAAAAQUIPAAAAAAARgKGTFTHPsVGF2jdLbG7R; incap_ses_1844_2876573=SMGUdvXWbXorY1GLcDSXGbZ9YWcAAAAAifbTi70s0hTFbeJ4PzdhlQ== |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: www.delinian.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.delinian.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_2876573=0m/ozBEjRtWgDdm/atq3FrZ9YWcAAAAAQUIPAAAAAAARgKGTFTHPsVGF2jdLbG7R; incap_ses_1844_2876573=SMGUdvXWbXorY1GLcDSXGbZ9YWcAAAAAifbTi70s0hTFbeJ4PzdhlQ== |
| Source: global traffic | HTTP traffic detected: GET /_Incapsula_Resource?SWHANEDL=3830647518253617047,15054367127476131719,665612046028570500,372006 HTTP/1.1Host: www.delinian.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_2876573=0m/ozBEjRtWgDdm/atq3FrZ9YWcAAAAAQUIPAAAAAAARgKGTFTHPsVGF2jdLbG7R; incap_ses_1844_2876573=SMGUdvXWbXorY1GLcDSXGbZ9YWcAAAAAifbTi70s0hTFbeJ4PzdhlQ==; ___utmvc=9qbO/2N/ZQUUOCsgnWDc0GxMbETXrSncPHR7hBaNER+LHKHqnrAvqhJnd6+JMLCK2mHP+giVlH190mJA4vPZzPvP1hzgVqEkBiY3uAeMhVQuYYR6mzRjKWuhbHipOUBqOhSc/J/Nw65ZmrEeZhsx8U8Ilc9aa4aNFgtidIi4OoV7BdcuLAyNaRMNzV0W9TpdBjy4foIZMOQadUJAa63jnBReKjp+o9B5Y1AdpsD/jUf1gk5GaV6K8fx0Mto2Aj6sUPMKyGyZgtVgym2N4wOM1IolvEi4RcC27YMP/dA8iD9373V78nSSr+wbeHlk69Z+1RDySS/vcHlZuPUhVjF+njTatBK6OSNJrUOae8QrfJLLbMEEsXgRSrbCc4og/4567WQAPohtW9ofCCigSDI5uw+iyLJ7MX7tX2rP5qXOEflrFViu+SEdeJGDwXXGlvLCuoXaQgQTpJ5tRpYQq6NfoohgF7ywx/F06xs94RZJGa0+EcREg3GT6e7RYHyW38xWDRqZf4yDNQWg7151u8nIxrm//jKLTLWLtpRxNMbXW2sbtrYkRxx+N8Mh+b8GJHoOuyewSCmk+CnoIK5CUAOroi5yEdbrvUfJajDTa9zPc6HwjlmEc5VFolW9+OsoJLsOuTgwhPw18jG3agOxDlCYMQG/Yy3PmymLEKYYK56srx3Kj3hR/oyQO9S5EI1sX2ei5amPtVhZ3IA3VnFIdzfx/gRyibc47VRlJnmnprqwWz+y/0qpU0ZjPHp8vuaLqobnWQ4U8Y65sdltLrI6OB1Shyx5BebIuUtW3sp54zFh95XMKUyBolKFgGSH6yVfCsl/okGH8GC1nnqVsK2v5mdzy8OWGgy4BN5bW3Clttdgz3U/1O6ORdHyxzuETSoIZ3I/p0+2EfOv6SCWFH8+953ZFsm24ck7OHDTmLeZ2Esd6hXWJBZQN66wpSLLDJkX0/wim5xN648BynfiLHoV5anVaz5YPdg2EzRgzQzZDq+q9GVOtBwdeZMm2ifGXr5fshcuNrgTDHSGkrijp3F/wdVjaZg/Oc1Pr2EDK6P/IlcMZgbx3pxV7lXG/6HeN6E9OBDxmuyKj4oaKasNRpBbzmigS/eRn43oQ2elmrT/rEOqivUFJQfEaFFKEZMHGa9WNmpbxXXFv9Y05FuylmrJv+7gGFALWLgQjusA/VMUBWXsk+WzkZQpr3PKtCg11oMy8zs8MR6NbqllN30x2qlKxRB8z/bdEZkHZ0YRXCBkH4P1Vek++NJ21GxjEW6hG0tQ/AD0obodcbuQxylxScPuiDNq3UcICRhxjR2mZQTH7ep1tcxsp6cMmHWaPFyRThZ9Ff65I6yTfcq5aA2urRhUXpnWusCTk+lPbD/pMb6JxOU7etK6AZAsI1024U5oD0WhJyLpMXKHBvlgzlJWJ5ePwQOK4VuKJDICi6hU+9dCqVSV9WCdtlqWEyJjgBh8+PAS0WHzmmk62FRjxJQWtrEIs+Yhyt+0XxVd0UvUtfqqWUTBToY22+ssfYW5NEQDOh+v0Nt9J2yypde5ZfXlFejRYsGmDfgvLe5LiEG8GdcC2zCB089+LGaKr3YUOgqEXL1W7K0dtOz/NknRCP38YpCO2Tq1NDuNcv7POf/fmJw8sZbGtOKjkPKEo+lRAApHh/059c9kIFrOcmSeNSBfv8U6y/O29XPeDPfCMDsiGbblDxxxiJZCnkNFarQ15eJ2OognVsMoHg3rHnoHQ6NAY/eTitYCGsDP0jUuTcFiK8tL0jgVqVw6BW66XbYPsmtpC/YCdU4G9voM1n/9T0KHtTNLI/ZQkHrlwvzQH4yG8aY7xk2/fr8WMooJQ0qmVwW9llKcHRDj7PwAbP+ |
Edit tour
chrome.exe (PID: 6880 cmdline: 
