Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
as.imgjeoigaa.com | 39.109.117.57 | |
us.imgjeoigaa.com | 154.221.19.146 |
GET
200
http://us.imgjeoigaa.com/sts/imagc.jpg
REQUEST
RESPONSE
BODY
GET /sts/imagc.jpg HTTP/1.1
User-Agent: HTTPREAD
Host: us.imgjeoigaa.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Jun 2023 06:57:47 GMT
Content-Type: image/jpeg
Content-Length: 1505996
Last-Modified: Tue, 20 Jun 2023 14:45:47 GMT
Connection: keep-alive
ETag: "6491bb9b-16facc"
Accept-Ranges: bytes
GET
200
http://as.imgjeoigaa.com/check/safe
REQUEST
RESPONSE
BODY
GET /check/safe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43
Host: as.imgjeoigaa.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Jun 2023 06:57:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
POST
200
http://as.imgjeoigaa.com/check/?sid=652746&key=a65e8cd0b8eec374712079683db8bf48
REQUEST
RESPONSE
BODY
POST /check/?sid=652746&key=a65e8cd0b8eec374712079683db8bf48 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43
Content-Length: 160
Host: as.imgjeoigaa.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Jun 2023 06:57:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49165 -> 39.109.117.57:80 | 2045057 | ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts