Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
noisy-moon-e1cc.ruzon.workers.dev | 172.67.131.18 | |
ehektoe.lncnawgcidtia.xyz | 172.67.153.88 |
- TCP Requests
-
-
192.168.56.102:49812 104.21.9.237:443noisy-moon-e1cc.ruzon.workers.dev
-
192.168.56.102:49813 104.21.9.237:443noisy-moon-e1cc.ruzon.workers.dev
-
192.168.56.102:49821 117.18.232.200:80
-
192.168.56.102:49823 117.18.232.200:443
-
192.168.56.102:49824 117.18.232.200:443
-
192.168.56.102:49825 117.18.232.200:443
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49810 172.67.153.88:80ehektoe.lncnawgcidtia.xyz
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
https://noisy-moon-e1cc.ruzon.workers.dev/ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B610A27C331E6B
REQUEST
RESPONSE
BODY
GET /ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B610A27C331E6B HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: noisy-moon-e1cc.ruzon.workers.dev
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 00:57:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221; expires=Wed, 05-May-21 00:57:01 GMT; path=/; domain=.ruzon.workers.dev; HttpOnly; SameSite=Lax
CF-Ray: 63aed1e86ca99881-LAX
CF-Cache-Status: DYNAMIC
cf-request-id: 094121853d00009881679fb000000001
X-Powered-By: PHP/5.4.45
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FTh3RoqtoMIhkJ%2FJhCTs%2Bz8E2sdF0JhfrKHePubSmmIv2%2Ftt8gC0ROUHcl2w%2BzvzsQhnV1cm7vciqCOitqrGdjpa%2BGdy3fROQ%2Fi2XDVU2Ju9QuFVc0fSatK5ERTX%2F%2FpatsM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
HEAD
500
https://noisy-moon-e1cc.ruzon.workers.dev/snow.swf
REQUEST
RESPONSE
BODY
HEAD /snow.swf HTTP/1.1
Accept: */*
User-Agent: contype
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: noisy-moon-e1cc.ruzon.workers.dev
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221
HTTP/1.1 500 Internal Server Error
Date: Mon, 05 Apr 2021 00:57:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 63aed1f13bd4051f-LAX
Server: cloudflare
GET
404
https://noisy-moon-e1cc.ruzon.workers.dev/favicon.ico
REQUEST
RESPONSE
BODY
GET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: noisy-moon-e1cc.ruzon.workers.dev
Connection: Keep-Alive
Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221
HTTP/1.1 404 Not Found
Date: Mon, 05 Apr 2021 00:57:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 63aed1f2ca4f9881-LAX
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
cf-request-id: 0941218bc300009881982e9000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GN8p%2F3aHPfn%2BBy8Rj%2BlFHxqNo5YjAVtfXQcsCjfoSRhH0R8nt9qZHYKLivROiRXK4nsyOWXpD3DbQxhcUHZuZynpOEEW93j3V8lS0Vg8cPpiBHZRa4dnAGRElpFp2GROB80%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://noisy-moon-e1cc.ruzon.workers.dev/snow.swf
REQUEST
RESPONSE
BODY
GET /snow.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: https://noisy-moon-e1cc.ruzon.workers.dev/ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B
x-flash-version: 13,0,0,269
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: noisy-moon-e1cc.ruzon.workers.dev
Connection: Keep-Alive
Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 00:57:04 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 7473
Connection: keep-alive
CF-Ray: 63aed1fa4aad051f-LAX
Accept-Ranges: bytes
Age: 6332
Cache-Control: max-age=14400
ETag: "61312b1f9dbd71:0"
Last-Modified: Thu, 25 Feb 2021 17:39:09 GMT
CF-Cache-Status: HIT
cf-request-id: 09412190680000051ff907e000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ThTnPRJE7HaMbFdNK%2BJsvTKpYhMjWo61qd4OQ5Q5MdINGpFZR0yBNN%2F0VG7XLlu4KStKZ9vNr3Xbm1H8WufDm9sOIH0TkaebJvo0sX71TsegGaez7VU6yVCVTWY10SLIDaA%3D"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://noisy-moon-e1cc.ruzon.workers.dev/3.jpg
REQUEST
RESPONSE
BODY
GET /3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: https://noisy-moon-e1cc.ruzon.workers.dev/snow.swf
x-flash-version: 13,0,0,269
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: noisy-moon-e1cc.ruzon.workers.dev
Connection: Keep-Alive
Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 00:57:04 GMT
Content-Type: image/jpeg
Content-Length: 16029
Connection: keep-alive
CF-Ray: 63aed1fc887e051f-LAX
Accept-Ranges: bytes
Cache-Control: max-age=14400
ETag: "9833d2d79cbd71:0"
Last-Modified: Thu, 25 Feb 2021 17:37:09 GMT
CF-Cache-Status: REVALIDATED
cf-request-id: 09412191d00000051f0dbda000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fEr6TFVRuuPdKgcLUD6feWlRh3pfpyJX8Yf%2FVOd9ktUPZeGN%2BQV9rTsIBX9w5KhpHHbTnMOEqjB%2BXHA1E56Oj8g5H3DcQDhvPDgGQdorUXEqD39cjO3EATLLUGQEcLa8J3I%3D"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
302
http://ehektoe.lncnawgcidtia.xyz/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: ehektoe.lncnawgcidtia.xyz
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Date: Mon, 05 Apr 2021 00:57:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da2b184ac37cb5653b82412f19bb8783d1617584220; expires=Wed, 05-May-21 00:57:00 GMT; path=/; domain=.lncnawgcidtia.xyz; HttpOnly; SameSite=Lax
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://noisy-moon-e1cc.ruzon.workers.dev/ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B610A27C331E6B
X-Powered-By: PHP/5.4.45
Set-Cookie: PHPSESSID=eoscddliplpirt6hbbo5k06h91; path=/
CF-Cache-Status: DYNAMIC
cf-request-id: 09412182b5000054e771a97000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P6bYHdP9YPek3Y1OUtNIuC%2B0%2FXQE%2FYxGnal49LsFyGVglgSMxXDRW%2BX8qqa7e7dGV7pcSGQbDrus0fEjKAc9SaYbkoTX1reSV%2BVdWkMhvKJcpEIqJjkgI8Uf"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63aed1e459de54e7-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
304
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT
If-None-Match: 0x8D871FC7BDF491D
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Age: 9703
Cache-Control: max-age=21600
Date: Mon, 05 Apr 2021 00:58:00 GMT
Etag: 0x8D871FC7BDF491D
Last-Modified: Fri, 16 Oct 2020 17:54:09 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9d88950f-601e-00b2-7da0-291678000000
x-ms-version: 2009-09-19
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts