Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.ost.design | 185.83.214.222 | |
| www.bookingshop01.top | 172.67.150.87 | |
| www.sqlite.org | 45.33.6.223 |
- TCP Requests
-
-
192.168.56.101:49169 172.67.150.87:80www.bookingshop01.top
-
192.168.56.101:49170 172.67.150.87:80www.bookingshop01.top
-
192.168.56.101:49171 45.33.6.223:80www.sqlite.org
-
192.168.56.101:49172 45.33.6.223:80www.sqlite.org
-
192.168.56.101:49173 45.33.6.223:80www.sqlite.org
-
192.168.56.101:49174 45.33.6.223:80www.sqlite.org
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:59005 239.255.255.250:1900
-
POST
301
http://www.bookingshop01.top/hnmu/
REQUEST
RESPONSE
BODY
POST /hnmu/ HTTP/1.1
Host: www.bookingshop01.top
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Cache-Control: max-age=0
Content-Length: 173
Connection: close
Origin: http://www.bookingshop01.top
Referer: http://www.bookingshop01.top/hnmu/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Sep 2023 10:01:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.bookingshop01.top/hnmu/
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cedT%2FTf3LBmxrKATOn7wnprJTAitJU%2BcYDTZqvtYQ6G7X%2FKvi8rFCjD1GmDYC%2B3uoBFsIskLIZRg1sV%2BT6m4NRg0LZrqFH5vViq0x6mM7bRRDilNfvEUCn22PIN8x5aqzTGzTnKKae0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 802e1c4479e61a35-KIX
alt-svc: h2=":443"; ma=60
GET
301
http://www.bookingshop01.top/hnmu/?zNts=PAkg1urm7N9AVeASEKiY0GMQCzBOtYt4wERqVQow/jdQ5NqazHSv+YEC2ee5pD3t/p5aHGQj+n8MoPHKBsOZlw3EOYcHEuSkqJKafkc=&PZpKO=y9dVejt2Kk4On
REQUEST
RESPONSE
BODY
GET /hnmu/?zNts=PAkg1urm7N9AVeASEKiY0GMQCzBOtYt4wERqVQow/jdQ5NqazHSv+YEC2ee5pD3t/p5aHGQj+n8MoPHKBsOZlw3EOYcHEuSkqJKafkc=&PZpKO=y9dVejt2Kk4On HTTP/1.1
Host: www.bookingshop01.top
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Sep 2023 10:01:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://www.bookingshop01.top/hnmu/?zNts=PAkg1urm7N9AVeASEKiY0GMQCzBOtYt4wERqVQow/jdQ5NqazHSv+YEC2ee5pD3t/p5aHGQj+n8MoPHKBsOZlw3EOYcHEuSkqJKafkc=&PZpKO=y9dVejt2Kk4On
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENKEpJ4mIwbFiEU%2FrQzUFsyzfSEZE4W4sLzYzET3OEDNJ07x5gpOTYtz%2Fuc%2BYXyASoeptk3415P4X7u2Ezqz25CrZ87KUOMOS1WdtEKxUZ6jx5t0laMgUWjBE9%2FWa%2BMeYEz2haU3dTI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 802e1c543ad90a4a-KIX
alt-svc: h2=":443"; ma=60
GET
200
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
REQUEST
RESPONSE
BODY
GET /2020/sqlite-dll-win32-x86-3310000.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.sqlite.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 07 Sep 2023 10:01:30 GMT
Last-Modified: Sun, 26 Jan 2020 18:03:34 GMT
Cache-Control: max-age=120
ETag: "m5e2dd476s791e6"
Content-type: application/zip; charset=utf-8
Content-length: 496102
GET
200
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip
REQUEST
RESPONSE
BODY
GET /2017/sqlite-dll-win32-x86-3160000.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.sqlite.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 07 Sep 2023 10:01:31 GMT
Last-Modified: Mon, 02 Jan 2017 21:10:17 GMT
Cache-Control: max-age=120
ETag: "m586ac1b9s6b84e"
Content-type: application/zip; charset=utf-8
Content-length: 440398
GET
206
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
REQUEST
RESPONSE
BODY
GET /2020/sqlite-dll-win32-x86-3310000.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.sqlite.org
Range: bytes=13140-
Unless-Modified-Since: Sun, 26 Jan 2020 18:03:34 GMT
If-Range: "m5e2dd476s791e6"
Connection: Keep-Alive
HTTP/1.1 206 Partial Content
Connection: keep-alive
Date: Thu, 07 Sep 2023 10:01:32 GMT
Content-Range: bytes 13140-496101/496102
Last-Modified: Sun, 26 Jan 2020 18:03:34 GMT
Cache-Control: max-age=120
ETag: "m5e2dd476s791e6"
Content-type: application/zip; charset=utf-8
Content-length: 482962
GET
200
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip
REQUEST
RESPONSE
BODY
GET /2019/sqlite-dll-win32-x86-3280000.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.sqlite.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 07 Sep 2023 10:01:32 GMT
Last-Modified: Tue, 09 Jul 2019 09:49:15 GMT
Cache-Control: max-age=120
ETag: "m5d24631bs762f9"
Content-type: application/zip; charset=utf-8
Content-length: 484089
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.101:49169 -> 172.67.150.87:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts