Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.szhemgc.com |
CNAME
szhemgc.gotoip1.com
CNAME
web.m156.abc188.com
CNAME
web.m156.vhostgo.com
|
118.123.22.156 |
| www.hsbgs-asia.com | ||
| www.adornel.online | 194.245.148.189 | |
| www.yuanyindongman.com | 59.83.204.156 | |
| www.kkp72.com |
CNAME
cname.thebase.in
CNAME
thebase.in
|
3.113.186.52 |
| www.laminaparfum.com | 173.249.0.223 | |
| www.dfwbcs.com | 35.204.150.5 | |
| www.taziyesayfalari.net |
- TCP Requests
-
-
192.168.56.103:49832 118.123.22.156:80www.szhemgc.com
-
192.168.56.103:49827 123.157.255.158:80www.yuanyindongman.com
-
192.168.56.103:49830 13.230.149.252:80www.kkp72.com
-
192.168.56.103:49826 164.124.101.2:53
-
192.168.56.103:49170 173.249.0.223:80www.laminaparfum.com
-
192.168.56.103:49831 194.245.148.189:80www.adornel.online
-
192.168.56.103:49829 35.204.150.5:80www.dfwbcs.com
-
- UDP Requests
-
-
192.168.56.103:50665 164.124.101.2:53
-
192.168.56.103:53498 164.124.101.2:53
-
192.168.56.103:53893 164.124.101.2:53
-
192.168.56.103:56357 164.124.101.2:53
-
192.168.56.103:58465 164.124.101.2:53
-
192.168.56.103:63128 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:49168 239.255.255.250:1900
-
192.168.56.103:49170 239.255.255.250:3702
-
192.168.56.103:49172 239.255.255.250:3702
-
192.168.56.103:49174 239.255.255.250:3702
-
8.8.8.8:53 192.168.56.103:50665
-
8.8.8.8:53 192.168.56.103:59437
-
8.8.8.8:53 192.168.56.103:60090
-
8.8.8.8:53 192.168.56.103:63659
-
GET
404
http://www.laminaparfum.com/upi8/?Bh=8YHAeEZ8Dimj/jNc3Kzp7ngxsdWywFXEuUyZlSJX/zTM0SohTECf56+lq8KOKpVP+kph1T3A&SzrhP4=EzrtzlQp
REQUEST
RESPONSE
BODY
GET /upi8/?Bh=8YHAeEZ8Dimj/jNc3Kzp7ngxsdWywFXEuUyZlSJX/zTM0SohTECf56+lq8KOKpVP+kph1T3A&SzrhP4=EzrtzlQp HTTP/1.1
Host: www.laminaparfum.com
Connection: close
HTTP/1.1 404 Not Found
Date: Wed, 27 Oct 2021 01:08:07 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
404
http://www.yuanyindongman.com/upi8/?Bh=gTdqh/zpCxmAWtzvHvMRGbxUEDSYUkB45hilxMk/neSPhZ8zQ6GFBkc5VWEXMmBOjmKyilcN&SzrhP4=EzrtzlQp
REQUEST
RESPONSE
BODY
GET /upi8/?Bh=gTdqh/zpCxmAWtzvHvMRGbxUEDSYUkB45hilxMk/neSPhZ8zQ6GFBkc5VWEXMmBOjmKyilcN&SzrhP4=EzrtzlQp HTTP/1.1
User-Agent: Windows Explorer
Host: www.yuanyindongman.com
HTTP/1.1 404 Not Found
Server: NWS_SPMid
Date: Wed, 27 Oct 2021 01:08:43 GMT
Content-Type: text/html; charset=UTF-8
X-NWS-UUID-VERIFY: 46c53286db0afdfe6a6cfc91322f9d8a
Keep-Alive: timeout=60
Vary: Accept-Encoding
CE-WAF-WLF: CE-WAF-WLF
ETag: "616f7904-6888"
X-Daa-Tunnel: hop_count=2
X-Cache-Lookup: Hit From Upstream
X-Cache-Lookup: Hit From Inner Cluster
Content-Length: 26760
X-NWS-LOG-UUID: 2597192760760253174
Connection: keep-alive
X-Cache-Lookup: Cache Miss
GET
301
http://www.dfwbcs.com/upi8/?Bh=9h5CbKDVDzkshHoOgJI3pMKgzd4816R0MjMtxhnzqjkrAU53n3NbbT57bLCn7m3zYNKtK5a2&SzrhP4=EzrtzlQp
REQUEST
RESPONSE
BODY
GET /upi8/?Bh=9h5CbKDVDzkshHoOgJI3pMKgzd4816R0MjMtxhnzqjkrAU53n3NbbT57bLCn7m3zYNKtK5a2&SzrhP4=EzrtzlQp HTTP/1.1
Host: www.dfwbcs.com
Connection: close
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://www.dfwbcs.com/upi8/?Bh=9h5CbKDVDzkshHoOgJI3pMKgzd4816R0MjMtxhnzqjkrAU53n3NbbT57bLCn7m3zYNKtK5a2&SzrhP4=EzrtzlQp
connection: close
GET
302
http://www.kkp72.com/upi8/?Bh=YcB89yHWLwCS8AZyEBPpaSAYGCBzkicTMDeWNCbhfhuPhQ6ry9w8mTcEmG6CAsjJddhW3t6+&SzrhP4=EzrtzlQp
REQUEST
RESPONSE
BODY
GET /upi8/?Bh=YcB89yHWLwCS8AZyEBPpaSAYGCBzkicTMDeWNCbhfhuPhQ6ry9w8mTcEmG6CAsjJddhW3t6+&SzrhP4=EzrtzlQp HTTP/1.1
Host: www.kkp72.com
Connection: close
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 27 Oct 2021 01:08:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
Location: http://www.kkp72.com/
GET
200
http://www.adornel.online/upi8/?Bh=WCYcamE4OpyvlGAM/6VYMp5sz4MiornE7eOrtWBiw93c7YzR/9rQfjXC9Ao6JY/ZAx2dt/o2&SzrhP4=EzrtzlQp
REQUEST
RESPONSE
BODY
GET /upi8/?Bh=WCYcamE4OpyvlGAM/6VYMp5sz4MiornE7eOrtWBiw93c7YzR/9rQfjXC9Ao6JY/ZAx2dt/o2&SzrhP4=EzrtzlQp HTTP/1.1
Host: www.adornel.online
Connection: close
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 27 Oct 2021 01:09:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1840
Last-Modified: Tue, 04 Apr 2017 13:56:46 GMT
Connection: close
ETag: "58e3a61e-730"
Accept-Ranges: bytes
GET
302
http://www.szhemgc.com/upi8/?Bh=vyvuJqyoO+CSQlusYu6jmQFmLZgCYEaXFKNa8VT2LnjyJONEbTvq/+tM6svelUDGUujbGNmq&SzrhP4=EzrtzlQp
REQUEST
RESPONSE
BODY
GET /upi8/?Bh=vyvuJqyoO+CSQlusYu6jmQFmLZgCYEaXFKNa8VT2LnjyJONEbTvq/+tM6svelUDGUujbGNmq&SzrhP4=EzrtzlQp HTTP/1.1
Host: www.szhemgc.com
Connection: close
HTTP/1.1 302 Moved Temporarily
Date: Wed, 27 Oct 2021 01:08:36 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 0
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /404.html
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=iocp7tmcedlu880lqvlghg64t1; path=/
X-Powered-By: ASP.NET
Server: wts/1.6
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 194.245.148.189 | 192.168.56.103 | 3 | |
| 194.245.148.189 | 192.168.56.103 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts