Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 4 DNS 3 TCP 6 UDP 6 HTTP(S) 6 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
104.21.47.213	Active	Moloch
164.124.101.2	Active	Moloch
172.67.159.243	Active	Moloch
43.154.67.170	Active	Moloch

Name	Response	Post-Analysis Lookup
www.wtd6e.buzz	A 172.67.159.243 A 104.21.41.43	104.21.41.43
www.royaltotojp.life	A 172.67.172.204 A 104.21.47.213	104.21.47.213
www.czcblzky.click	A 43.154.67.170	43.154.67.170

TCP Requests

UDP Requests

GET 404 http://www.czcblzky.click/gs22/?tZi0=J8uqsMNsS5Yn0BkrkL7ZAY4qgjZ7ppo07do+1ANX1PvbNDE/4Q/w494tyz+wglG6mRixLfnE&Unt48=GTd0sn7PmjlLKfx&sql=1

REQUEST

GET /gs22/?tZi0=J8uqsMNsS5Yn0BkrkL7ZAY4qgjZ7ppo07do+1ANX1PvbNDE/4Q/w494tyz+wglG6mRixLfnE&Unt48=GTd0sn7PmjlLKfx&sql=1 HTTP/1.1 Host: www.czcblzky.click Connection: close

RESPONSE

HTTP/1.1 404 Not Found Content-Type: text/plain Date: Tue, 15 Aug 2023 01:41:36 GMT Content-Length: 18 Connection: close

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 404 http://www.czcblzky.click/gs22/

REQUEST

POST /gs22/ HTTP/1.1 Host: www.czcblzky.click Connection: close Content-Length: 42910 Cache-Control: no-cache Origin: http://www.czcblzky.click User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.czcblzky.click/gs22/ Accept-Language: en-US Accept-Encoding: gzip, deflate

RESPONSE

HTTP/1.1 404 Not Found Content-Type: text/plain Date: Tue, 15 Aug 2023 01:41:38 GMT Content-Length: 18 Connection: close

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 302 http://www.wtd6e.buzz/gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1

REQUEST

GET /gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1 HTTP/1.1 Host: www.wtd6e.buzz Connection: close

RESPONSE

HTTP/1.1 302 Found Date: Tue, 15 Aug 2023 01:41:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, must-revalidate Strict-Transport-Security: max-age=0 X-Robots-Tag: noindex location: http://wtd6e.buzz/gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1 Via: 1.1 google CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fSaAyrPK4H0QrMDKLG%2FoXTKDcDVo5pljOsdT9Je9I3aB4o8amO4CrekSECtkYAKfNSP7ApamyKYItZAi69Cd6pceB93woDxIa62ASapaIMrglv1Oj4YqRR4zRkIIjx0ABw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7f6dbce78b130a5a-KIX alt-svc: h3=":443"; ma=86400

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 302 http://www.wtd6e.buzz/gs22/

REQUEST

POST /gs22/ HTTP/1.1 Host: www.wtd6e.buzz Connection: close Content-Length: 42910 Cache-Control: no-cache Origin: http://www.wtd6e.buzz User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.wtd6e.buzz/gs22/ Accept-Language: en-US Accept-Encoding: gzip, deflate

RESPONSE

HTTP/1.1 302 Found Date: Tue, 15 Aug 2023 01:41:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, must-revalidate Strict-Transport-Security: max-age=0 X-Robots-Tag: noindex location: http://wtd6e.buzz/gs22/ Via: 1.1 google CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HOvQWCaH35l41hZkFJQV5RVCVOD9KxhHQZSPHLlK7mt5%2BHvuAJdulKP%2BAVibii%2B1YNG9qTGjWead8v8Nkt7lbjNWVekQsFUbN9KX1b%2B9fQHajyYYoxmP1fSahoSgKZYeJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7f6dbcf60abb8328-KIX alt-svc: h3=":443"; ma=86400

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 403 http://www.royaltotojp.life/gs22/?tZi0=XqGT28VuwgR0tHIWJ12GlexZBkdeEH2omtvxSMlxLbtL0z8j7vfoLf8TYWqqB6Qy1HltMte6&Unt48=GTd0sn7PmjlLKfx&sql=1

REQUEST

GET /gs22/?tZi0=XqGT28VuwgR0tHIWJ12GlexZBkdeEH2omtvxSMlxLbtL0z8j7vfoLf8TYWqqB6Qy1HltMte6&Unt48=GTd0sn7PmjlLKfx&sql=1 HTTP/1.1 Host: www.royaltotojp.life Connection: close

RESPONSE

HTTP/1.1 403 Forbidden Date: Tue, 15 Aug 2023 01:42:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=15 Expires: Tue, 15 Aug 2023 01:42:29 GMT X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiFMg6scBryIFTyK25kCCQ897YBgK6NANDkYsAbjJcCA%2F26DxPT4yTDY7usvXExc7UKIVp964EwM9zIA%2BZGVjVMLDpK8k%2FQKikmWnW0TZbc7fP6PpyXiaVQWeso7pK%2Bjc7VtsmdYtg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 7f6dbd67188daff7-NRT alt-svc: h3=":443"; ma=86400

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 0 http://www.royaltotojp.life/gs22/

REQUEST

POST /gs22/ HTTP/1.1 Host: www.royaltotojp.life Connection: close Content-Length: 42910 Cache-Control: no-cache Origin: http://www.royaltotojp.life User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.royaltotojp.life/gs22/ Accept-Language: en-US Accept-Encoding: gzip, deflate

RESPONSE

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts