Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.sinanbodur.com | ||
| www.evcopic.xyz | 151.101.128.119 | |
| www.rooferseeker.com |
CNAME
rooferseeker.com
|
50.87.175.234 |
- UDP Requests
GET
301
http://www.rooferseeker.com/fkt8/?U0DH=EUKcnevpoIFYjcsRmAGwn3c0LWoZ/fq5OZCSty5/9j3SIgqd6FToqOn+bDwDAegpVR+I12Fn&Ufux_8=0T0lqHm
REQUEST
RESPONSE
BODY
GET /fkt8/?U0DH=EUKcnevpoIFYjcsRmAGwn3c0LWoZ/fq5OZCSty5/9j3SIgqd6FToqOn+bDwDAegpVR+I12Fn&Ufux_8=0T0lqHm HTTP/1.1
Host: www.rooferseeker.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Fri, 08 Oct 2021 02:51:48 GMT
Server: nginx/1.19.10
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://rooferseeker.com/fkt8/?U0DH=EUKcnevpoIFYjcsRmAGwn3c0LWoZ/fq5OZCSty5/9j3SIgqd6FToqOn+bDwDAegpVR+I12Fn&Ufux_8=0T0lqHm
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
X-Server-Cache: true
X-Proxy-Cache: MISS
GET
301
http://www.evcopic.xyz/fkt8/?U0DH=l51O+Y4cCKvDB3Sz1r4GeqolGx4DEwR6GImuEnTKGI0l9KX+rdpTwi+K0qPg0BpuxfSCIkO7&Ufux_8=0T0lqHm
REQUEST
RESPONSE
BODY
GET /fkt8/?U0DH=l51O+Y4cCKvDB3Sz1r4GeqolGx4DEwR6GImuEnTKGI0l9KX+rdpTwi+K0qPg0BpuxfSCIkO7&Ufux_8=0T0lqHm HTTP/1.1
Host: www.evcopic.xyz
Connection: close
HTTP/1.1 301 Moved Permanently
server: adobe
location: http://evcopic.xyz/fkt8/?U0DH=l51O+Y4cCKvDB3Sz1r4GeqolGx4DEwR6GImuEnTKGI0l9KX+rdpTwi+K0qPg0BpuxfSCIkO7&Ufux_8=0T0lqHm
cache-control: s-maxage=31536000
x-trace-id: hlaupB2vn+TIDeDwec5j3MOlzeQ
x-app-name: Pro2-Renderer
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
Content-Length: 0
Accept-Ranges: bytes
Date: Fri, 08 Oct 2021 02:52:07 GMT
Via: 1.1 varnish
Age: 0
Connection: close
X-Served-By: cache-icn1450070-ICN
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1633661527.305251,VS0,VE215
Vary: Fastly-SSL, X-Use-Renderer
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49167 -> 151.101.128.119:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts