Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| moashraya.com | 184.168.117.217 | |
| oopscokir.com | 172.67.179.217 |
GET
404
http://oopscokir.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Cookie: __gads=4240553492:1:65:37; _gat=6.1.7601.64; _ga=1.591594.2020557398.110; _u=5445535432322D5043:746573743232:42383846374230343435354534363943; __io=21_3832866432_4053218753_3017428901; _gid=A4FE497CB1CB
Host: oopscokir.com
HTTP/1.1 404 Not Found
Date: Thu, 31 Aug 2023 01:40:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goK%2Bayp%2FmCIpbbKD9tedepdmGaPAUqvm6UzRTc1aeZvdMM9pcz%2B9uce0%2BoNjtzyvIOnIHodJb8x0HVDmKxHy5wbTDCDAeW9zHIjcnkCvgg4iaQXHRpuSOiNEAHOm1XvU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ff19135affd8326-KIX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49175 -> 104.21.64.90:80 | 2032086 | ET MALWARE Win32/IcedID Request Cookie | A Network Trojan was detected |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49169 184.168.117.217:443 |
C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority | CN=moashraya.com | f5:4f:f0:43:5d:87:29:b9:67:28:34:e9:f9:c2:a3:5d:38:79:d1:55 |
Snort Alerts
No Snort Alerts