Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 112.213.89.167 | Active | Moloch |
| 139.162.22.174 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 165.3.38.204 | Active | Moloch |
| 174.136.53.234 | Active | Moloch |
| 182.50.132.242 | Active | Moloch |
| 183.110.224.48 | Active | Moloch |
| 198.143.141.58 | Active | Moloch |
| 198.54.117.215 | Active | Moloch |
| 198.54.117.216 | Active | Moloch |
| 199.59.242.153 | Active | Moloch |
| 52.20.84.62 | Active | Moloch |
| 67.20.76.187 | Active | Moloch |
- TCP Requests
-
-
192.168.56.101:49174 112.213.89.167:80www.anngonsaigon.net
-
192.168.56.101:49166 139.162.22.174:80www.warungbangtejo.com
-
192.168.56.101:49176 165.3.38.204:80www.jyyhhx.com
-
192.168.56.101:49173 174.136.53.234:80www.beysconstruction.com
-
192.168.56.101:49165 182.50.132.242:80www.lapshtop.com
-
192.168.56.101:49167 183.110.224.48:80www.xn--2e0br59a7ucquav02b.com
-
192.168.56.101:49169 198.143.141.58:80www.bestmodsforminecraft.com
-
192.168.56.101:49170 198.54.117.215:80www.golfyouth.com
-
192.168.56.101:49171 198.54.117.216:80www.golfyouth.com
-
192.168.56.101:49168 199.59.242.153:80www.teamsportsco.com
-
192.168.56.101:49172 52.20.84.62:80www.crispzen.com
-
192.168.56.101:49175 67.20.76.187:80www.feistybubblegum.com
-
- UDP Requests
-
-
192.168.56.101:49349 164.124.101.2:53
-
192.168.56.101:53258 164.124.101.2:53
-
192.168.56.101:53608 164.124.101.2:53
-
192.168.56.101:54098 164.124.101.2:53
-
192.168.56.101:54130 164.124.101.2:53
-
192.168.56.101:54813 164.124.101.2:53
-
192.168.56.101:55871 164.124.101.2:53
-
192.168.56.101:57471 164.124.101.2:53
-
192.168.56.101:57609 164.124.101.2:53
-
192.168.56.101:58402 164.124.101.2:53
-
192.168.56.101:59417 164.124.101.2:53
-
192.168.56.101:60131 164.124.101.2:53
-
192.168.56.101:61681 164.124.101.2:53
-
192.168.56.101:61798 164.124.101.2:53
-
192.168.56.101:62062 164.124.101.2:53
-
192.168.56.101:62594 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61801 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:54098
-
GET
400
http://www.lapshtop.com/bcwg/?K2JxbH=wUySEiascsr9D8c2BIQ18sSRA5rslpjxBOFBZGfrUsjOddX4oEbTVz81rK/Zkvrysl2nGz8m&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=wUySEiascsr9D8c2BIQ18sSRA5rslpjxBOFBZGfrUsjOddX4oEbTVz81rK/Zkvrysl2nGz8m&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.lapshtop.com
Connection: close
HTTP/1.1 400 Bad Request
Connection: close
GET
301
http://www.warungbangtejo.com/bcwg/?K2JxbH=SgvZNObATFMTlqVuCwYU/mNJmciBV7FQPJy+pG8Ix3bN0Yr9DC0NgmdXt3uIaJgFzQeuYxGC&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=SgvZNObATFMTlqVuCwYU/mNJmciBV7FQPJy+pG8Ix3bN0Yr9DC0NgmdXt3uIaJgFzQeuYxGC&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.warungbangtejo.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Nov 2021 01:23:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.warungbangtejo.com/bcwg/?K2JxbH=SgvZNObATFMTlqVuCwYU/mNJmciBV7FQPJy+pG8Ix3bN0Yr9DC0NgmdXt3uIaJgFzQeuYxGC&DVEh=_6Ll7hO0kB_lC6NP
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
GET
301
http://www.xn--2e0br59a7ucquav02b.com/bcwg/?K2JxbH=pQQL7b8PQjIakczZVfg4mf3gCPRS6D9ZOKyzG2tlTN3KO1Rxn8+tZtRSzcCnozU4yNknuL2g&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=pQQL7b8PQjIakczZVfg4mf3gCPRS6D9ZOKyzG2tlTN3KO1Rxn8+tZtRSzcCnozU4yNknuL2g&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.xn--2e0br59a7ucquav02b.com
Connection: close
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 12 Nov 2021 01:23:31 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.3.1p1
Set-Cookie: PHPSESSID=gom639m8db1lmi5gadmv0dt6rc; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Redirect-By: WordPress
Location: http://xn--2e0br59a7ucquav02b.com/bcwg/?K2JxbH=pQQL7b8PQjIakczZVfg4mf3gCPRS6D9ZOKyzG2tlTN3KO1Rxn8+tZtRSzcCnozU4yNknuL2g&DVEh=_6Ll7hO0kB_lC6NP
GET
200
http://www.teamsportsco.com/bcwg/?K2JxbH=LUVgUL479bIqqk3ORCf1QMU/lNnxalrcAvjpZtsa3xReq2/7WljjEd19Ni9t2KdUDciH5z5N&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=LUVgUL479bIqqk3ORCf1QMU/lNnxalrcAvjpZtsa3xReq2/7WljjEd19Ni9t2KdUDciH5z5N&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.teamsportsco.com
Connection: close
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 12 Nov 2021 01:23:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: parking_session=e61852a9-5866-5766-a48c-72d27e36fa97; expires=Fri, 12-Nov-2021 01:38:37 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TonIHgilruOry0ARwYOrbngpoSe2uW5nU74ksUvCocINPxPVgovG0G0LVkZ7/6Wl5XVMgMFlH1rOG+kt3SWqQQ==
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
GET
301
http://www.bestmodsforminecraft.com/bcwg/?K2JxbH=u3D9O57RwCU+dLWrlGpeDGeo2M9sMCfwIOXzMY2sfMqkuovEuCTIG9e2+hzC4vBST8+hHSxP&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=u3D9O57RwCU+dLWrlGpeDGeo2M9sMCfwIOXzMY2sfMqkuovEuCTIG9e2+hzC4vBST8+hHSxP&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.bestmodsforminecraft.com
Connection: close
HTTP/1.1 301 Moved Permanently
Connection: close
content-type: text/html
content-length: 707
date: Fri, 12 Nov 2021 01:23:43 GMT
server: LiteSpeed
location: https://www.bestmodsforminecraft.com/bcwg/?K2JxbH=u3D9O57RwCU+dLWrlGpeDGeo2M9sMCfwIOXzMY2sfMqkuovEuCTIG9e2+hzC4vBST8+hHSxP&DVEh=_6Ll7hO0kB_lC6NP
vary: Accept-Encoding
GET
0
http://www.islands.sbs/bcwg/?K2JxbH=+v6Ju1bbPEr27rAl6h9Vh6DwdAseF61Q8FTmj5Zf1lbcWVY/FoEI26XDdpmzYlxJa/b1zb2x&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=+v6Ju1bbPEr27rAl6h9Vh6DwdAseF61Q8FTmj5Zf1lbcWVY/FoEI26XDdpmzYlxJa/b1zb2x&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.islands.sbs
Connection: close
GET
0
http://www.golfyouth.com/bcwg/?K2JxbH=gzbrkMMotKIa9vgK81aFxhEtS3UImgZxKG0vXI7g/9E5XFoxbTI47wSWmloWf4m2yFzT3vxc&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=gzbrkMMotKIa9vgK81aFxhEtS3UImgZxKG0vXI7g/9E5XFoxbTI47wSWmloWf4m2yFzT3vxc&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.golfyouth.com
Connection: close
GET
404
http://www.crispzen.com/bcwg/?K2JxbH=+/ZIvyxX6kL8jbADP+b36d4ErYI+YhkPQzrXTA1gLmOg2CKdA32GVpkkuHqugibVYpZRA2Vj&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=+/ZIvyxX6kL8jbADP+b36d4ErYI+YhkPQzrXTA1gLmOg2CKdA32GVpkkuHqugibVYpZRA2Vj&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.crispzen.com
Connection: close
HTTP/1.1 404 Not Found
Server: openresty
Date: Fri, 12 Nov 2021 01:24:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
GET
404
http://www.beysconstruction.com/bcwg/?K2JxbH=/N+etiaYgh4y1AIV/pT1PLv0vE6mOqiJtCGwJr/v9fjPIVjAjiHvqmf2IgKMCPUynu/mdIX8&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=/N+etiaYgh4y1AIV/pT1PLv0vE6mOqiJtCGwJr/v9fjPIVjAjiHvqmf2IgKMCPUynu/mdIX8&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.beysconstruction.com
Connection: close
HTTP/1.1 404 Not Found
Date: Fri, 12 Nov 2021 01:24:11 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
301
http://www.anngonsaigon.net/bcwg/?K2JxbH=wqgILUcZyHa+Z7UtvI0acoklRL2AhWVGWbIreuIdQt/S5jZTqUAJlUqP8Jn8EpWYP6HQfk8g&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=wqgILUcZyHa+Z7UtvI0acoklRL2AhWVGWbIreuIdQt/S5jZTqUAJlUqP8Jn8EpWYP6HQfk8g&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.anngonsaigon.net
Connection: close
HTTP/1.1 301 Moved Permanently
Connection: close
content-type: text/html
content-length: 707
date: Fri, 12 Nov 2021 01:24:16 GMT
server: LiteSpeed
location: https://www.anngonsaigon.net/bcwg/?K2JxbH=wqgILUcZyHa+Z7UtvI0acoklRL2AhWVGWbIreuIdQt/S5jZTqUAJlUqP8Jn8EpWYP6HQfk8g&DVEh=_6Ll7hO0kB_lC6NP
GET
404
http://www.feistybubblegum.com/bcwg/?K2JxbH=hdQFJ8Ir8v5fkgcFd8CzLLrVz37vJgj+NyOD7+70Q0xeWkZLjYckecGpejCZ4HwphARpxocr&DVEh=_6Ll7hO0kB_lC6NP
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=hdQFJ8Ir8v5fkgcFd8CzLLrVz37vJgj+NyOD7+70Q0xeWkZLjYckecGpejCZ4HwphARpxocr&DVEh=_6Ll7hO0kB_lC6NP HTTP/1.1
Host: www.feistybubblegum.com
Connection: close
HTTP/1.1 404 Not Found
Date: Fri, 12 Nov 2021 01:24:27 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
0
http://www.jyyhhx.com/bcwg/?K2JxbH=JdyfCUB7JR9AgohLYV0K4ZmjilZp8V/GSpHmCvhTfp8k2jVCFDVbT9JcHb7zJEZW9ZQYmuhg&9r=2dRd_npH
REQUEST
RESPONSE
BODY
GET /bcwg/?K2JxbH=JdyfCUB7JR9AgohLYV0K4ZmjilZp8V/GSpHmCvhTfp8k2jVCFDVbT9JcHb7zJEZW9ZQYmuhg&9r=2dRd_npH HTTP/1.1
Host: www.jyyhhx.com
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts