Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| as.imgjeoigaa.com | 39.109.117.57 | |
| us.imgjeoigaa.com | 154.221.19.146 |
GET
200
http://us.imgjeoigaa.com/sts/imagc.jpg
REQUEST
RESPONSE
BODY
GET /sts/imagc.jpg HTTP/1.1
User-Agent: HTTPREAD
Host: us.imgjeoigaa.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 20 Jun 2023 09:19:03 GMT
Content-Type: image/jpeg
Content-Length: 1507020
Last-Modified: Wed, 14 Jun 2023 10:34:32 GMT
Connection: keep-alive
ETag: "648997b8-16fecc"
Accept-Ranges: bytes
GET
200
http://as.imgjeoigaa.com/check/safe
REQUEST
RESPONSE
BODY
GET /check/safe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43
Host: as.imgjeoigaa.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Jun 2023 09:19:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
POST
200
http://as.imgjeoigaa.com/check/?sid=842934&key=941465ecfb3fb7d6fe5d647e70e67cf6
REQUEST
RESPONSE
BODY
POST /check/?sid=842934&key=941465ecfb3fb7d6fe5d647e70e67cf6 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43
Content-Length: 160
Host: as.imgjeoigaa.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Jun 2023 09:19:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49165 -> 39.109.117.57:80 | 2045057 | ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts