Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| romanovawillkillyou.c1.biz | 185.176.43.106 |
GET
403
http://romanovawillkillyou.c1.biz/index.php?user_id=417
REQUEST
RESPONSE
BODY
GET /index.php?user_id=417 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: romanovawillkillyou.c1.biz
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Sat, 31 Jul 2021 04:50:48 GMT
Server: Apache
Vary: Host
Last-Modified: Wed, 19 Sep 2012 23:44:43 GMT
ETag: "6e-4ca169747d0c0"
Accept-Ranges: bytes
Content-Length: 110
Connection: close
Content-Type: text/html
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:57684 -> 164.124.101.2:53 | 2027863 | ET INFO Observed DNS Query to .biz TLD | Potentially Bad Traffic |
| UDP 192.168.56.103:57684 -> 8.8.8.8:53 | 2027863 | ET INFO Observed DNS Query to .biz TLD | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts