Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| warms.atwebpages.com | 185.176.43.98 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
POST
100
http://warms.atwebpages.com/rh/post.php
REQUEST
RESPONSE
BODY
POST /rh/post.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----MD5AHRE7932DDKSLIEJDKF
Host: warms.atwebpages.com
Content-Length: 14162
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
POST
100
http://warms.atwebpages.com/rh/post.php
REQUEST
RESPONSE
BODY
POST /rh/post.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----MD5AHRE7932DDKSLIEJDKF
Host: warms.atwebpages.com
Content-Length: 268
Expect: 100-continue
HTTP/1.1 100 Continue
GET
404
http://warms.atwebpages.com/rh/ee.down
REQUEST
RESPONSE
BODY
GET /rh/ee.down HTTP/1.1
Host: warms.atwebpages.com
HTTP/1.1 404 Not Found
Date: Tue, 25 May 2021 06:26:01 GMT
Server: Apache
Vary: Host
Last-Modified: Wed, 19 Sep 2012 23:44:44 GMT
ETag: "7a-4ca1697571300"
Accept-Ranges: bytes
Content-Length: 122
Content-Type: text/html
GET
200
http://warms.atwebpages.com/rh/del.php?filename=ee
REQUEST
RESPONSE
BODY
GET /rh/del.php?filename=ee HTTP/1.1
Host: warms.atwebpages.com
HTTP/1.1 200 OK
Date: Tue, 25 May 2021 06:26:02 GMT
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49814 -> 185.176.43.98:80 | 2030890 | ET HUNTING Suspicious HTTP POST to Free Web Host Atwebpages | Misc activity |
| TCP 192.168.56.102:49815 -> 185.176.43.98:80 | 2030890 | ET HUNTING Suspicious HTTP POST to Free Web Host Atwebpages | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts