Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.intoxickiss.com |
CNAME
intoxickiss.com
|
151.101.192.119 |
| www.gaigoilaocai.com | 172.67.187.204 | |
| www.kyg-cpa.com | ||
| www.iqpt.info |
CNAME
iqpt.info
|
67.199.248.13 |
| www.zwq.xyz | 52.128.23.153 | |
| www.setadragon.com | 209.99.40.222 | |
| www.hk6628.com |
CNAME
hk6628.com
|
34.102.136.180 |
| www.cummingsforum.com |
CNAME
cummingsforum.com
|
34.102.136.180 |
| www.rootmoover.com |
CNAME
shops.myshopify.com
|
23.227.38.74 |
- TCP Requests
-
-
192.168.56.102:49164 151.101.128.119:80www.intoxickiss.com
-
192.168.56.102:49167 172.67.187.204:80www.gaigoilaocai.com
-
192.168.56.102:49169 209.99.40.222:80www.setadragon.com
-
192.168.56.102:49170 23.227.38.74:80www.rootmoover.com
-
192.168.56.102:49165 34.102.136.180:80www.cummingsforum.com
-
192.168.56.102:49171 34.102.136.180:80www.cummingsforum.com
-
192.168.56.102:49168 52.128.23.153:80www.zwq.xyz
-
192.168.56.102:49166 67.199.248.12:80www.iqpt.info
-
43.255.241.176:1337 192.168.56.102:49165
-
- UDP Requests
-
-
192.168.56.102:58318 164.124.101.2:53
-
192.168.56.102:60922 164.124.101.2:53
-
192.168.56.102:62770 164.124.101.2:53
-
192.168.56.102:62824 164.124.101.2:53
-
192.168.56.102:63203 164.124.101.2:53
-
192.168.56.102:65038 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.102:55494
-
8.8.8.8:53 192.168.56.102:62824
-
8.8.8.8:53 192.168.56.102:64123
-
8.8.8.8:53 192.168.56.102:64317
-
GET
302
http://www.intoxickiss.com/wufn/?KzrxE=eFcjLRgeiIUzDbHmwTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IKkLX7W57Fxdc9GGy5Q6&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=eFcjLRgeiIUzDbHmwTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IKkLX7W57Fxdc9GGy5Q6&p0D=AfpHLx9 HTTP/1.1
Host: www.intoxickiss.com
Connection: close
HTTP/1.1 302 Found
server: adobe
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
location: https://portfolio.adobe.com/missing
x-trace-id: gRJsf7iQr/XbxDBCOH3PUDhbMvI
x-app-name: Pro2-Renderer
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
Accept-Ranges: bytes
Transfer-Encoding: chunked
Date: Fri, 30 Jul 2021 01:38:16 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-itm18821-ITM
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1627609096.405322,VS0,VE172
Vary: Fastly-SSL, X-Use-Renderer
GET
403
http://www.hk6628.com/wufn/?KzrxE=Mbz3eb2htBuwJm9my9qYpH4UWvi7L1jn54VVewVZerqVccc7GhECZ0+c8NYoPjvN/okzts0t&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=Mbz3eb2htBuwJm9my9qYpH4UWvi7L1jn54VVewVZerqVccc7GhECZ0+c8NYoPjvN/okzts0t&p0D=AfpHLx9 HTTP/1.1
Host: www.hk6628.com
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Fri, 30 Jul 2021 01:38:22 GMT
Content-Type: text/html
Content-Length: 275
ETag: "6102e859-113"
Via: 1.1 google
Connection: close
GET
302
http://www.iqpt.info/wufn/?KzrxE=hrdaP+EsGTITsCagZnHefT6Bmc518UuvQeiOjF2tcIDpZFKKlutoy9+nHdETp4OhFNJGJnoo&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=hrdaP+EsGTITsCagZnHefT6Bmc518UuvQeiOjF2tcIDpZFKKlutoy9+nHdETp4OhFNJGJnoo&p0D=AfpHLx9 HTTP/1.1
Host: www.iqpt.info
Connection: close
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 30 Jul 2021 01:38:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Set-Cookie: anon_u=cHN1X18xN2MyYzczZS04Yzg4LTQ2YzQtYjViMy0zNGUzMzU2MWQzNzg=|1627609107|bf94d1bd7f2f9d01c23d93877a3f0d73a09ac7c5; Domain=bitly.com; expires=Wed, 26 Jan 2022 01:38:27 GMT; httponly; Path=/; secure
Strict-Transport-Security: max-age=1209600
Location: https://bitly.com/pages/landing/branded-short-domains-powered-by-bitly?bsd=iqpt.info
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Frame-Options: DENY
P3p: CP="CAO PSA OUR"
Via: 1.1 google
Connection: close
GET
301
http://www.gaigoilaocai.com/wufn/?KzrxE=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&p0D=AfpHLx9 HTTP/1.1
Host: www.gaigoilaocai.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Fri, 30 Jul 2021 01:38:32 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Fri, 30 Jul 2021 02:38:32 GMT
Location: https://www.gaigoilaocai.com/wufn/?KzrxE=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&p0D=AfpHLx9
cf-request-id: 0b96a9397a00003604258f6000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZdS%2FWgXBOOn%2BGiVkpOTgHq10ZE2S5tvZtuqQ9Tu2wA7rTcAKeOGpex7RgouxQTUE5xRt5dUPs4A9nYpXjTi9auGk2SCX4Lou3H85iPKP%2BMg2onCL692OjUYZtJZChcDbcQ9DtofxKg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 676ade3bf9783604-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
463
http://www.zwq.xyz/wufn/?KzrxE=XjXBhjUVI334M/Uwl7gvZZ0GeOD10IACqOCIbULeYHXWrIpOZW21ZlaOwQdpB6LWbxxYrGle&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=XjXBhjUVI334M/Uwl7gvZZ0GeOD10IACqOCIbULeYHXWrIpOZW21ZlaOwQdpB6LWbxxYrGle&p0D=AfpHLx9 HTTP/1.1
Host: www.zwq.xyz
Connection: close
HTTP/1.1 463
Server: nginx
Date: Fri, 30 Jul 2021 01:38:46 GMT
Content-Type: text/html
Content-Length: 8915
Connection: close
ETag: "5e52ceb0-22d3"
X-DIS-Request-ID: 5ff96cfb6f0bc07e8e0a6bf4dd142be7
Set-Cookie: dis-remote-addr=175.208.134.150
Set-Cookie: dis-timestamp=2021-07-29T18:38:46-07:00
Set-Cookie: dis-request-id=5ff96cfb6f0bc07e8e0a6bf4dd142be7
X-Frame-Options: sameorigin
GET
200
http://www.setadragon.com/wufn/?KzrxE=p6EPLUx6SmQWyT0aKUYWey1/moK0HCihbvuUxAKosV5aIj7OYHg92cDuRvb6vmm9eY3daRqd&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=p6EPLUx6SmQWyT0aKUYWey1/moK0HCihbvuUxAKosV5aIj7OYHg92cDuRvb6vmm9eY3daRqd&p0D=AfpHLx9 HTTP/1.1
Host: www.setadragon.com
Connection: close
HTTP/1.1 200 OK
Date: Fri, 30 Jul 2021 01:38:52 GMT
Server: Apache
Set-Cookie: vsid=918vr3751547322316915; expires=Wed, 29-Jul-2026 01:38:52 GMT; Max-Age=157680000; path=/; domain=www.setadragon.com; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_a6iMc3O816dB+V5d6PZ2c2Pw63M0ILmjNjFEAHzALybrfdTwvYLOVgdakjxrBsng2aTeCnW1jZil3QtnnC7bJw==
Keep-Alive: timeout=5, max=115
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET
403
http://www.rootmoover.com/wufn/?KzrxE=jUqWC+wM+s2Yehearj52syV+yALdMbb6PeN2CvBJSFCwW1HLktm3ATZosqzbiXJTH9I2JiE2&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=jUqWC+wM+s2Yehearj52syV+yALdMbb6PeN2CvBJSFCwW1HLktm3ATZosqzbiXJTH9I2JiE2&p0D=AfpHLx9 HTTP/1.1
Host: www.rootmoover.com
Connection: close
HTTP/1.1 403 Forbidden
Date: Fri, 30 Jul 2021 01:38:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Sorting-Hat-PodId: -1
X-Dc: gcp-us-central1
X-Request-ID: 0f47a2db-5522-411a-8412-8f5a39ee9a12
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 676aded73c94367e-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
403
http://www.cummingsforum.com/wufn/?KzrxE=PGuDT0srb8+GzzH8GojBu9jJOM86wXlCLaZQF9oyMbXQcbHCqOG6UzGQhd2hamBsdTomrrU0&p0D=AfpHLx9
REQUEST
RESPONSE
BODY
GET /wufn/?KzrxE=PGuDT0srb8+GzzH8GojBu9jJOM86wXlCLaZQF9oyMbXQcbHCqOG6UzGQhd2hamBsdTomrrU0&p0D=AfpHLx9 HTTP/1.1
Host: www.cummingsforum.com
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Fri, 30 Jul 2021 01:39:03 GMT
Content-Type: text/html
Content-Length: 275
ETag: "60f9a3e3-113"
Via: 1.1 google
Connection: close
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.102 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts