Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| taketodjnfnei898.ueuo.com | 162.253.155.226 | |
| takemetoyouheart.c1.biz | 185.176.43.106 |
GET
302
http://takemetoyouheart.c1.biz/index.php?user_id=319
REQUEST
RESPONSE
BODY
GET /index.php?user_id=319 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: takemetoyouheart.c1.biz
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Fri, 30 Jul 2021 02:42:58 GMT
Server: Apache
Location: http://taketodjnfnei898.ueuo.com?t=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET
200
http://taketodjnfnei898.ueuo.com/?t=1
REQUEST
RESPONSE
BODY
GET /?t=1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: taketodjnfnei898.ueuo.com
HTTP/1.1 200 OK
Date: Fri, 30 Jul 2021 02:43:00 GMT
Server: Apache/2.4.41
X-Powered-By: PHP/7.1.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=1, max=10000
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:57684 -> 8.8.8.8:53 | 2027863 | ET INFO Observed DNS Query to .biz TLD | Potentially Bad Traffic |
| UDP 192.168.56.103:57684 -> 164.124.101.2:53 | 2027863 | ET INFO Observed DNS Query to .biz TLD | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts