Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| gaja79.com | 182.162.73.77 | |
| antichrist.or.kr | 182.162.73.77 |
GET
302
http://antichrist.or.kr/data/cheditor/dir1/lyric64
REQUEST
RESPONSE
BODY
GET /data/cheditor/dir1/lyric64 HTTP/1.1
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: antichrist.or.kr
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 16 Aug 2024 09:28:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Location: http://gaja79.com/link/fow-mh1004.html
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET
200
http://gaja79.com/link/fow-mh1004.html
REQUEST
RESPONSE
BODY
GET /link/fow-mh1004.html HTTP/1.1
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Connection: Keep-Alive
Cache-Control: no-cache
Host: gaja79.com
HTTP/1.1 200 OK
Date: Fri, 16 Aug 2024 09:28:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 724
Connection: close
Content-Type: text/html; charset=UTF-8
GET
302
http://antichrist.or.kr/data/cheditor/dir1/lyric64
REQUEST
RESPONSE
BODY
GET /data/cheditor/dir1/lyric64 HTTP/1.1
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: antichrist.or.kr
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 16 Aug 2024 09:28:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Location: http://gaja79.com/link/fow-mh1004.html
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET
200
http://gaja79.com/link/fow-mh1004.html
REQUEST
RESPONSE
BODY
GET /link/fow-mh1004.html HTTP/1.1
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Connection: Keep-Alive
Cache-Control: no-cache
Host: gaja79.com
HTTP/1.1 200 OK
Date: Fri, 16 Aug 2024 09:28:33 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 724
Connection: close
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49169 -> 182.162.73.77:80 | 2003626 | ET HUNTING Double User-Agent (User-Agent User-Agent) | Potentially Bad Traffic |
| TCP 192.168.56.101:49167 -> 182.162.73.77:80 | 2003626 | ET HUNTING Double User-Agent (User-Agent User-Agent) | Potentially Bad Traffic |
| TCP 192.168.56.101:49168 -> 182.162.73.77:80 | 2003626 | ET HUNTING Double User-Agent (User-Agent User-Agent) | Potentially Bad Traffic |
| TCP 192.168.56.101:49170 -> 182.162.73.77:80 | 2003626 | ET HUNTING Double User-Agent (User-Agent User-Agent) | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts