Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.1xboro7.click | 104.21.47.7 | |
| www.mtproductions.xyz |
CNAME
mtproductions.xyz
|
103.138.151.78 |
| www.getflooringservices.today | 172.67.183.64 | |
| www.ezkiosystem.com | 170.130.208.37 | |
| www.trwc.online | 162.0.238.217 |
- TCP Requests
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:54151 239.255.255.250:1900
-
GET
404
http://www.trwc.online/k2l0/?v2Jx4=TY0eLS25TbGWIPoAvIBkbiGMyWIlUL+junlCch65rY0chgQMasfhvMnMRaLp/GGSn7X9xMH4&jJBP_F=PPJHa6cP0fV4ANB0
REQUEST
RESPONSE
BODY
GET /k2l0/?v2Jx4=TY0eLS25TbGWIPoAvIBkbiGMyWIlUL+junlCch65rY0chgQMasfhvMnMRaLp/GGSn7X9xMH4&jJBP_F=PPJHa6cP0fV4ANB0 HTTP/1.1
Host: www.trwc.online
Connection: close
HTTP/1.1 404 Not Found
Date: Wed, 19 Jul 2023 22:36:39 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 277
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
0
http://www.ezkiosystem.com/k2l0/?v2Jx4=xqYImV8HKxPdTcT8y9GMwftV4Cj/nHOqtw0ItIHCgt3zlewQWki2gcTtgHbczwBAu8VEYRGB&jJBP_F=PPJHa6cP0fV4ANB0
REQUEST
RESPONSE
BODY
GET /k2l0/?v2Jx4=xqYImV8HKxPdTcT8y9GMwftV4Cj/nHOqtw0ItIHCgt3zlewQWki2gcTtgHbczwBAu8VEYRGB&jJBP_F=PPJHa6cP0fV4ANB0 HTTP/1.1
Host: www.ezkiosystem.com
Connection: close
GET
302
http://www.1xboro7.click/k2l0/?v2Jx4=gdIo5mM9lXBdi558t2eJ3ed4IEH2JjF3YUJjs/DuOxOlHAWx6kMfp5pai83Dg+nwI9+C5pp6&jJBP_F=PPJHa6cP0fV4ANB0
REQUEST
RESPONSE
BODY
GET /k2l0/?v2Jx4=gdIo5mM9lXBdi558t2eJ3ed4IEH2JjF3YUJjs/DuOxOlHAWx6kMfp5pai83Dg+nwI9+C5pp6&jJBP_F=PPJHa6cP0fV4ANB0 HTTP/1.1
Host: www.1xboro7.click
Connection: close
HTTP/1.1 302 Found
Date: Wed, 19 Jul 2023 22:37:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=0
X-Robots-Tag: noindex
location: http://1xboro7.click/k2l0/?v2Jx4=gdIo5mM9lXBdi558t2eJ3ed4IEH2JjF3YUJjs/DuOxOlHAWx6kMfp5pai83Dg+nwI9+C5pp6&jJBP_F=PPJHa6cP0fV4ANB0
Via: 1.1 google
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfAEGdWmpzzggnwDBbEHeX3gYmZLfc%2BtQV7cvnxefoc4wfwXTporAi0p9QCpSLXNwxrmQLtf66oYPVDCTx1%2BGnrcOfZqgZiVSd0XXHxOz6ngi1Zu0ITUKI6krVVIZbek5bzSVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e9672c3ab76831a-KIX
alt-svc: h3=":443"; ma=86400
GET
302
http://www.mtproductions.xyz/k2l0/?v2Jx4=o2du+VOpfCxxrHF0jTeQdwEN/Nb3oP3iwGp0y37hEj8zJFJ0k0b8cpmxFrA37JuCeHQ21Z1q&jJBP_F=PPJHa6cP0fV4ANB0
REQUEST
RESPONSE
BODY
GET /k2l0/?v2Jx4=o2du+VOpfCxxrHF0jTeQdwEN/Nb3oP3iwGp0y37hEj8zJFJ0k0b8cpmxFrA37JuCeHQ21Z1q&jJBP_F=PPJHa6cP0fV4ANB0 HTTP/1.1
Host: www.mtproductions.xyz
Connection: close
HTTP/1.1 302 Found
Connection: close
content-type: text/html
content-length: 683
date: Wed, 19 Jul 2023 22:37:40 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: http://www.mtproductions.xyz/cgi-sys/suspendedpage.cgi?v2Jx4=o2du+VOpfCxxrHF0jTeQdwEN/Nb3oP3iwGp0y37hEj8zJFJ0k0b8cpmxFrA37JuCeHQ21Z1q&jJBP_F=PPJHa6cP0fV4ANB0
GET
301
http://www.getflooringservices.today/k2l0/?v2Jx4=FvRqhx5F0gpoyzkzEA/2xbKvy1jG9ib4vK3RJ9Rey27fu6ve9bbhEuDygjhGMwuuWgCzAHD/&jJBP_F=PPJHa6cP0fV4ANB0
REQUEST
RESPONSE
BODY
GET /k2l0/?v2Jx4=FvRqhx5F0gpoyzkzEA/2xbKvy1jG9ib4vK3RJ9Rey27fu6ve9bbhEuDygjhGMwuuWgCzAHD/&jJBP_F=PPJHa6cP0fV4ANB0 HTTP/1.1
Host: www.getflooringservices.today
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Wed, 19 Jul 2023 22:37:58 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Wed, 19 Jul 2023 23:37:58 GMT
Location: https://www.getflooringservices.today/k2l0/?v2Jx4=FvRqhx5F0gpoyzkzEA/2xbKvy1jG9ib4vK3RJ9Rey27fu6ve9bbhEuDygjhGMwuuWgCzAHD/&jJBP_F=PPJHa6cP0fV4ANB0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2Nx4zjsbDkSJv7N59J4PVrT7K1rKCCsAItu%2FO72XgYFzhch6ghBPD2Eeo8dKG0TqDhwkRe9k%2FrSqZFWuIgGnYLnv9BtfYIXRgylM8L85oZ%2FfLAFF580%2F6OjtVTmBiAzntO0MX14%2Bi2YAcAnjN9cYw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e9673b98a7f832f-KIX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49169 -> 103.138.151.78:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts