Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 3 DNS 2 TCP 5 UDP 12 HTTP(S) 5 ICMP 1 IRC 0 Suricata Snort

IP Address	Status	Action
164.124.101.2	Active	Moloch
203.107.36.186	Active	Moloch
58.215.155.240	Active	Moloch

Name	Response	Post-Analysis Lookup
download.xp666.com	A 58.215.155.238 A 58.215.155.239 A 58.215.155.248 A 58.215.155.241 A 58.215.155.240 A 58.215.155.243 A 58.215.155.242 A 58.215.155.244 CNAME download.xp666.com.w.kunlunca.com	58.215.155.241
api.xp666.com	A 203.107.36.186	203.107.36.186

TCP Requests

UDP Requests

GET 200 http://api.xp666.com/setup_api.php?softid=27899

REQUEST

GET /setup_api.php?softid=27899 HTTP/1.1 Host: api.xp666.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library)

RESPONSE

HTTP/1.1 200 OK Content-Type: text/html;charset=UTF-8 Date: Mon, 24 May 2021 00:17:15 GMT Server: nginx/1.16.1 Content-Length: 496

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://download.xp666.com/dtazq/cof/cfg.7z

REQUEST

GET /dtazq/cof/cfg.7z HTTP/1.1 Host: download.xp666.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library)

RESPONSE

HTTP/1.1 200 OK Server: Tengine Content-Type: application/octet-stream Content-Length: 41102 Connection: keep-alive Date: Fri, 21 May 2021 09:32:03 GMT x-oss-request-id: 60A77E13B5B3883833A68EAC x-oss-cdn-auth: success Accept-Ranges: bytes ETag: "01E4E68B17A45E8856E31CA88927DC61" Last-Modified: Fri, 21 May 2021 09:30:35 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3669265112841936984 x-oss-storage-class: Standard Content-MD5: AeTmixekXohW4xyoiSfcYQ== x-oss-server-time: 8 Ali-Swift-Global-Savetime: 1621589523 Via: cache34.l2cn2656[0,0,200-0,H], cache26.l2cn2656[0,0], vcache7.cn2176[0,7,200-0,H], vcache2.cn2176[9,0] Age: 225781 X-Cache: HIT TCP_HIT dirn:11:264868544 X-Swift-SaveTime: Fri, 21 May 2021 11:13:13 GMT X-Swift-CacheTime: 604800 Timing-Allow-Origin: * EagleId: 3ad79b0816218153043342891e

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://download.xp666.com/dtazq/getlist

REQUEST

GET /dtazq/getlist HTTP/1.1 Host: download.xp666.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library)

RESPONSE

HTTP/1.1 200 OK Server: Tengine Content-Type: application/octet-stream Content-Length: 550 Connection: keep-alive Date: Fri, 21 May 2021 12:51:58 GMT x-oss-request-id: 60A7ACEE802E913130778FE5 x-oss-cdn-auth: success Accept-Ranges: bytes ETag: "B765A0FEC7B6AAE58C5323FC9D1B882D" Last-Modified: Fri, 13 Nov 2020 17:54:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 13895720545311759446 x-oss-storage-class: Standard Content-MD5: t2Wg/se2quWMUyP8nRuILQ== x-oss-server-time: 5 Via: cache20.l2cn3023[0,0,304-0,H], cache2.l2cn3023[1,0], vcache15.cn2176[0,0,200-0,H], vcache13.cn2176[3,0] Ali-Swift-Global-Savetime: 1618910372 Age: 213786 X-Cache: HIT TCP_MEM_HIT dirn:10:866772836 X-Swift-SaveTime: Sun, 23 May 2021 02:47:58 GMT X-Swift-CacheTime: 604800 Timing-Allow-Origin: * EagleId: 3ad79b1316218153045374457e

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://download.xp666.com/dtazq/wb

REQUEST

GET /dtazq/wb HTTP/1.1 Host: download.xp666.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library)

RESPONSE

HTTP/1.1 200 OK Server: Tengine Content-Type: application/octet-stream Content-Length: 661 Connection: keep-alive Date: Thu, 20 May 2021 03:34:36 GMT x-oss-request-id: 60A5D8CC5EA59C35359E483A x-oss-cdn-auth: success Accept-Ranges: bytes ETag: "2FD2183F838A12AF29C669C6ED1B29D1" Last-Modified: Fri, 13 Nov 2020 17:56:59 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 16515356372570076664 x-oss-storage-class: Standard Content-MD5: L9IYP4OKEq8pxmnG7Rsp0Q== x-oss-server-time: 23 Via: cache40.l2cn2656[0,0,304-0,H], cache31.l2cn2656[0,0], vcache20.cn2176[0,0,200-0,H], vcache9.cn2176[1,0] Ali-Swift-Global-Savetime: 1618920253 Age: 333628 X-Cache: HIT TCP_MEM_HIT dirn:0:17515174 X-Swift-SaveTime: Sun, 23 May 2021 05:28:32 GMT X-Swift-CacheTime: 604800 Timing-Allow-Origin: * EagleId: 3ad79b0f16218153046934480e

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://download.xp666.com/dtazq/dtico.zip

REQUEST

GET /dtazq/dtico.zip HTTP/1.1 Host: download.xp666.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library)

RESPONSE

HTTP/1.1 200 OK Server: Tengine Content-Type: application/zip Content-Length: 116224 Connection: keep-alive Date: Wed, 19 May 2021 10:28:27 GMT x-oss-request-id: 60A4E84B6F52933635D36CC1 x-oss-cdn-auth: success Accept-Ranges: bytes ETag: "F501513CA1AA584E369765207C275F47" Last-Modified: Wed, 19 May 2021 10:24:36 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10657681289124881668 x-oss-storage-class: Standard Content-MD5: 9QFRPKGqWE42l2UgfCdfRw== x-oss-server-time: 10 Ali-Swift-Global-Savetime: 1621420107 Via: cache16.l2cn2656[0,0,200-0,H], cache17.l2cn2656[0,0], vcache20.cn2176[0,0,200-0,H], vcache1.cn2176[1,0] Age: 395197 X-Cache: HIT TCP_MEM_HIT dirn:0:509111030 X-Swift-SaveTime: Wed, 19 May 2021 11:54:26 GMT X-Swift-CacheTime: 604800 Timing-Allow-Origin: * EagleId: 3ad79b0716218153049424432e

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts