Analysis

Category Package Started Completed Duration Log
PCAP 2019-11-07 18:45:25 2019-11-07 18:45:25 0 seconds Show Log

    

MalScore

0.0

Benign


Signatures

No signatures

Hosts

Direct IP Country Name
N 75.102.9.195 [VT] United States
N 64.202.116.154 [VT] United States
Y 63.247.95.50 [VT] United States
N 5.166.193.211 [VT] Russian Federation
N 46.63.66.102 [VT] Ukraine
N 46.161.41.220 [VT] Russian Federation
N 195.114.147.96 [VT] Ukraine
N 178.72.151.199 [VT] Armenia
Y 122.155.167.122 [VT] Thailand
N 108.163.248.234 [VT] United States

DNS

Name Response Post-Analysis Lookup
forum.duelingnetwork.com [VT] A 108.163.248.234 [VT]
informuos.com [VT] A 75.102.9.195 [VT]
wiezersf.in.ua [VT] A 64.202.116.154 [VT]
jufer-muirer.su [VT] A 98.14.34.141 [VT]
A 68.45.64.5 [VT]
A 91.200.201.12 [VT]
A 195.114.147.96 [VT]
A 50.171.218.212 [VT]
A 46.63.66.102 [VT]
A 5.166.193.211 [VT]
A 46.33.239.18 [VT]
A 67.68.157.74 [VT]
A 173.171.103.248 [VT]
A 84.16.134.75 [VT]
A 98.113.250.136 [VT]
A 176.102.209.127 [VT]
quret-huler.su [VT] A 77.122.63.13 [VT]
A 50.161.246.210 [VT]
A 70.75.230.0 [VT]
A 99.249.29.20 [VT]
A 81.200.156.219 [VT]
A 46.118.138.90 [VT]
A 24.101.46.15 [VT]
A 178.72.151.199 [VT]
A 37.115.65.28 [VT]
kinure-desrt.su [VT]
leafegrt.com [VT] A 46.161.41.220 [VT]
extremely-ppa.com [VT]
mington-res.com [VT]

Hosts

Direct IP Country Name
N 75.102.9.195 [VT] United States
N 64.202.116.154 [VT] United States
Y 63.247.95.50 [VT] United States
N 5.166.193.211 [VT] Russian Federation
N 46.63.66.102 [VT] Ukraine
N 46.161.41.220 [VT] Russian Federation
N 195.114.147.96 [VT] Ukraine
N 178.72.151.199 [VT] Armenia
Y 122.155.167.122 [VT] Thailand
N 108.163.248.234 [VT] United States

TCP

Source Source Port Destination Destination Port
172.16.165.133 50031 108.163.248.234 forum.duelingnetwork.com 80
172.16.165.133 50169 122.155.167.122 8080
172.16.165.133 50170 122.155.167.122 8080
172.16.165.133 50171 122.155.167.122 8080
172.16.165.133 50136 178.72.151.199 quret-huler.su 80
172.16.165.133 50146 178.72.151.199 quret-huler.su 80
172.16.165.133 50152 178.72.151.199 quret-huler.su 80
172.16.165.133 50156 178.72.151.199 quret-huler.su 80
172.16.165.133 50160 178.72.151.199 quret-huler.su 80
172.16.165.133 50161 178.72.151.199 quret-huler.su 80
172.16.165.133 50163 178.72.151.199 quret-huler.su 80
172.16.165.133 50164 178.72.151.199 quret-huler.su 80
172.16.165.133 50162 195.114.147.96 jufer-muirer.su 80
172.16.165.133 50172 46.161.41.220 leafegrt.com 80
172.16.165.133 50173 46.161.41.220 leafegrt.com 80
172.16.165.133 50174 46.161.41.220 leafegrt.com 80
172.16.165.133 50175 46.161.41.220 leafegrt.com 80
172.16.165.133 50176 46.161.41.220 leafegrt.com 80
172.16.165.133 50177 46.161.41.220 leafegrt.com 80
172.16.165.133 50127 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50140 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50141 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50149 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50150 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50154 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50155 46.63.66.102 jufer-muirer.su 80
172.16.165.133 50165 5.166.193.211 jufer-muirer.su 80
172.16.165.133 50166 5.166.193.211 jufer-muirer.su 80
172.16.165.133 50167 63.247.95.50 8080
172.16.165.133 50168 63.247.95.50 8080
172.16.165.133 50046 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50070 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50071 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50073 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50079 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50124 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50126 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50134 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50135 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50139 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50147 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50148 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50151 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50153 64.202.116.154 wiezersf.in.ua 80
172.16.165.133 50038 75.102.9.195 informuos.com 80

UDP

Source Source Port Destination Destination Port
172.16.165.133 49382 172.16.165.2 53
172.16.165.133 50076 172.16.165.2 53
172.16.165.133 53960 172.16.165.2 53
172.16.165.133 56379 172.16.165.2 53
172.16.165.133 58306 172.16.165.2 53
172.16.165.133 59214 172.16.165.2 53
172.16.165.133 59775 172.16.165.2 53
172.16.165.133 61499 172.16.165.2 53
172.16.165.133 62045 172.16.165.2 53
172.16.165.133 62120 172.16.165.2 53
172.16.165.133 62711 172.16.165.2 53

DNS

Name Response Post-Analysis Lookup
forum.duelingnetwork.com [VT] A 108.163.248.234 [VT]
informuos.com [VT] A 75.102.9.195 [VT]
wiezersf.in.ua [VT] A 64.202.116.154 [VT]
jufer-muirer.su [VT] A 98.14.34.141 [VT]
A 68.45.64.5 [VT]
A 91.200.201.12 [VT]
A 195.114.147.96 [VT]
A 50.171.218.212 [VT]
A 46.63.66.102 [VT]
A 5.166.193.211 [VT]
A 46.33.239.18 [VT]
A 67.68.157.74 [VT]
A 173.171.103.248 [VT]
A 84.16.134.75 [VT]
A 98.113.250.136 [VT]
A 176.102.209.127 [VT]
quret-huler.su [VT] A 77.122.63.13 [VT]
A 50.161.246.210 [VT]
A 70.75.230.0 [VT]
A 99.249.29.20 [VT]
A 81.200.156.219 [VT]
A 46.118.138.90 [VT]
A 24.101.46.15 [VT]
A 178.72.151.199 [VT]
A 37.115.65.28 [VT]
kinure-desrt.su [VT]
leafegrt.com [VT] A 46.161.41.220 [VT]
extremely-ppa.com [VT]
mington-res.com [VT]

HTTP Requests

URI Data
http://forum.duelingnetwork.com/
GET / HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.bing.com/search?q=forum.duelingnetwork+.com&qs=n&form=QBLH&pq=forum.duelingnetwork+.com&sc=1-26&sp=-1&sk=&cvid=a96ffad06dad446d98e3fdd5c21a1f4e
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: forum.duelingnetwork.com
Connection: Keep-Alive

http://informuos.com/9706AeCh.js?UVv=5b45f12d9a34d16a1
GET /9706AeCh.js?UVv=5b45f12d9a34d16a1 HTTP/1.1
Accept: */*
Referer: http://forum.duelingnetwork.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: informuos.com
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/2
GET /8v532c1/2 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://forum.duelingnetwork.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/0a3f4e0fefe479bc4316555d065e05550059005d0007005d0555035402005255;112202;228
GET /8v532c1/0a3f4e0fefe479bc4316555d065e05550059005d0007005d0555035402005255;112202;228 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://wiezersf.in.ua/8v532c1/2
x-flash-version: 11,2,202,228
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/25f06164e04e4c155b500a0b040a0307020d550b0253060f0701560200545407
GET /8v532c1/25f06164e04e4c155b500a0b040a0307020d550b0253060f0701560200545407 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://wiezersf.in.ua/8v532c1/2
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/3ee20726313dcfaa40091309020c0705035d56090455020d0651550006525005;4060129
GET /8v532c1/3ee20726313dcfaa40091309020c0705035d56090455020d0651550006525005;4060129 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/74113073c33a29585b5d530a010b0200070c020a075207080200010305555500;910
GET /8v532c1/74113073c33a29585b5d530a010b0200070c020a075207080200010305555500;910 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive
Cache-Control: no-cache

http://wiezersf.in.ua/8v532c1/023499d18a98da4c5342580f0b025102000a000f0d5b540a050603060f5c0605;4
GET /8v532c1/023499d18a98da4c5342580f0b025102000a000f0d5b540a050603060f5c0605;4 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/023499d18a98da4c5342580f0b025102000a000f0d5b540a050603060f5c0605;4;1
GET /8v532c1/023499d18a98da4c5342580f0b025102000a000f0d5b540a050603060f5c0605;4;1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://jufer-muirer.su/b/shoe/54616
GET /b/shoe/54616 HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 4.0.3219)
Host: jufer-muirer.su
Cache-Control: no-cache

http://wiezersf.in.ua/8v532c1/5b63579c14fc4fef56125d08070c0c50055a0508015509580056060103525b50;5
GET /8v532c1/5b63579c14fc4fef56125d08070c0c50055a0508015509580056060103525b50;5 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://quret-huler.su/mod_articles-authl9.12/jquery/
GET /mod_articles-authl9.12/jquery/ HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 4.0.3219)
Host: quret-huler.su
Cache-Control: no-cache

http://wiezersf.in.ua/8v532c1/5b63579c14fc4fef56125d08070c0c50055a0508015509580056060103525b50;5;1
GET /8v532c1/5b63579c14fc4fef56125d08070c0c50055a0508015509580056060103525b50;5;1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/41f97d65b742bf8955430702055f0306040955020306060e0105560b01015406
GET /8v532c1/41f97d65b742bf8955430702055f0306040955020306060e0105560b01015406 HTTP/1.1
accept-encoding: pack200-gzip, gzip
content-type: application/x-java-archive
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: wiezersf.in.ua
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

http://wiezersf.in.ua/8v532c1/4573442f14fc4fef57455c08060f0755040d04080056025d0101070102515055;6
GET /8v532c1/4573442f14fc4fef57455c08060f0755040d04080056025d0101070102515055;6 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/4573442f14fc4fef57455c08060f0755040d04080056025d0101070102515055;6;1
GET /8v532c1/4573442f14fc4fef57455c08060f0755040d04080056025d0101070102515055;6;1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: wiezersf.in.ua
Connection: Keep-Alive

http://wiezersf.in.ua/8v532c1/5c2be2fcdff77049561b575957095350055b0159515056580057025053570450;1;2
GET /8v532c1/5c2be2fcdff77049561b575957095350055b0159515056580057025053570450;1;2 HTTP/1.1
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: wiezersf.in.ua
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

http://wiezersf.in.ua/8v532c1/5c2be2fcdff77049561b575957095350055b0159515056580057025053570450;1;2;1
GET /8v532c1/5c2be2fcdff77049561b575957095350055b0159515056580057025053570450;1;2;1 HTTP/1.1
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: wiezersf.in.ua
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

http://quret-huler.su/mod_articles-authl9.12/ajax/
GET /mod_articles-authl9.12/ajax/ HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 4.0.3219)
Host: quret-huler.su
Cache-Control: no-cache

http://kinure-desrt.su/b/eve/02bf938f935a58e36f4936ae
GET /b/eve/02bf938f935a58e36f4936ae HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.google.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: kinure-desrt.su
Connection: Keep-Alive

http://kinure-desrt.su/b/opt/5FF681DE9FC3EBF00E26209C
POST /b/opt/5FF681DE9FC3EBF00E26209C HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: kinure-desrt.su
Content-Length: 184
Cache-Control: no-cache

\xcdNu\x9c\xef\xc3\xc4\xbb\xc6\xef\x7f!\xd0K9\x80J\xf2\xadA\x9a!\xc2\x0c\xda\x01\x02\x0b_\xd25:M\x94\xe8\xacn\xc4\x82\xe8\x01>\x1b\x8c\xcc)\x86\xf9\x02p\x8c[\xb2\xf8\e\x98Z	\x01\xf5eU\xc8\xf0\x8d%\xd8\x18\xcb\x18A\xbft\x85\xc5\xe2\xee8\x94\x96\xc5\xd5W\xff\xf4\xf6!\xc0\x02&\xe1\x94I\x01?m\xa0U\x11\xf2C\xd6\xd6\x8f2R\xf6\x9e\xe6\xeb\x17\x8f\xc2\xc0]\xcb\xf8\xa0\xa3\xbf\x07
\xf5O8\xf6\xfc\x83n\xdbL\xba\xba.\xfc\x15\x9d\x11\xf5\xc6!B\xe8b\xe3\x04s\xf7\xb66\x93>\xc9
\xe4\xbd\xef\xb6\x93\xfaM\x8a\xd4\xf5\xd0\xad~\xed;<\xd0\x88L\x08c3\xe1s\x94{7;\xf2
http://kinure-desrt.su/b/letr/1EA1A92B4ED92CE8DF3CE784
GET /b/letr/1EA1A92B4ED92CE8DF3CE784 HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: kinure-desrt.su
Cache-Control: no-cache

http://63.247.95.50:8080/b/opt/FCC14647A7DBE540363E2E2C
POST /b/opt/FCC14647A7DBE540363E2E2C HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 63.247.95.50:8080
Content-Length: 184
Cache-Control: no-cache

9\xad;\x1c\xa6\xf6\x1d\xa4\xd9\xc4\xed4ay\xdb{\xbdg'\x89G\xd3\x99q:Qk:j\x98\xee\x94\x9dT\xc4LHH\x9dO\xb2\x87p\x92C\xb9\xb9\xf7)\x00OMuo\xfc\xc2\xfc\xfc+\xbe\xa4\xcf]\xef\x8d\xf1\xf1\xcc\xdfi9\xf9\xb6\xf2Z~\xc1\xe3\xa3\xb7}\xbd?J\x1f\xa3,\x87=\xe4\xa1\x08W\x80\x1c?I\x9a\xebo\xcfQ\xd4$\x17\xe8\xc3\xe7\x15|\xe1\xedy\xc03\x02k\x99\x05]8\x84@T\xe1\xe9&\xdf\x8c\xbf\x17<\xba\xc5\xac\xb7\x02\xc7O\xfd\x99P+\x00\xee]\xc2!
w\xdf\\x8a\x06'1n\xf3!\x1f\x18\xe3\xfd\xbc\xc7\xe4\xa1QE/\x1c\xb7D\xdb\x02w\xd8\x8c\xcd\x14E2\x8e\x18
http://63.247.95.50:8080/b/letr/6F7797A9F8BD61E86958AA84
GET /b/letr/6F7797A9F8BD61E86958AA84 HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 63.247.95.50:8080
Cache-Control: no-cache

http://122.155.167.122:8080/b/opt/A25489AB5292C9E4C3770288
POST /b/opt/A25489AB5292C9E4C3770288 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 122.155.167.122:8080
Content-Length: 184
Cache-Control: no-cache

\xb5\xde_`\xd4\xf3\xbc\xb1*X\xce\x86\x8bH\xe7\xf3O\xca4\xd2\x9b	\x82\x17\x94\xe2RuH\x8f\xb4\xd8\x90\xb8\xd8\x8eU)\xf1\xe5QI\xed@N\x14sb,\9p<]\x84\x02w\x8a\x7f\x08a\x7f\x80u\xc9\xcb\xd0\xc5\xca\x1a\x96Z\x9c\xa6\x8d\xb3\xc0\x08]!d\xf9\x7fD\xfe\x9a\x08\x95\xce\x9b\xbe\x11\xf7\xd8\xd6\x0e\x8bpf\xb1f\xf9\xc3
\xfd\xdd\xf6U\xac\x7f\xf8y\xd8\xd9\x9e\xf5\x85'\x15\x90\xd2{gykSf\x82\x9a\xa8_\xb0+\x19GPp\xa5\x9d\xca\xe2e\xb4\xa0R\xa7\xd0I\x1a\x96\x8c\x18Qe_\x81\xebDU#,/\xe2\xa9\x08l\x94\xfd
\xba\x8a\xd5\x1d\x87\xd8\x80#\xb7\x97BW\xae4\xac
http://122.155.167.122:8080/b/req/A1D875FEDFBD566E4E589D02
POST /b/req/A1D875FEDFBD566E4E589D02 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 122.155.167.122:8080
Content-Length: 184
Cache-Control: no-cache

\xe9\xee\xee\xbc\xc6\x8a)\x81\xb0\x17\xc2\xfb\xf7\xe2\x88b\xc5\xec\x18\xf2&\xd1\xe1W5*Np\x94\x94\xed\xb0\xf5\xaa@\xbb+\x00$\xf3G(ip\x12\xcc\x80\xb57\x04\x9ejH%\xef<W\xa2.\x1f\x0f\x7fV@ \xd9\x97\x03zi\xf5N\xae\xdf\xb7\xc2\x1b	C\xd3\xec\x10(dlA\x81\x0c@\xfc\xb6\xb8\x92\xc6\x15\x1eY\xa4\x89\x8d\xb3nt\xf8\xb1v\xd3\x8f\xd3\xad\x90\xce\xf6HiVx\xad~\xee\xab\xbfb5\xa7\xdd\x9d\xa6_\xdd\xee\xd5\xe9\x8e\xd6\xae}\x90	&\xf5@\xf4ov\xd7\x0b0f\x83*\x1b	\xads3\xd1\x18\xa62u"\xf5\x1c\xa4\xc5 r\x85	\x17g\xc1\xa5C\xe7<\xbc\x15Ibn\xe6\x89
http://122.155.167.122:8080/b/req/83C1026D7B23D9B9EAC612D5
POST /b/req/83C1026D7B23D9B9EAC612D5 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 122.155.167.122:8080
Content-Length: 184
Cache-Control: no-cache

]p\x07u\x1f\xcc\x11M\x91\x1aT\xf7\xf3\xa2-\xde\xab\x80\x17{\xb6\x8c.\xbe\xcc\xfa\x8b\x11a\xb05o\xec\xc3H:N\x05U}\xd4oz2\xbe\xf3m;\xf27\x9d0w'\xb7\x04'\xa6\xc9\xb9T\x1b\x9d\xe0\xdaH{\xf9\xe7\x983\xe5\x04S\x96\x1a\xe6M\xa2\xb8\xf4$_nM\x18
3\xac\xfd\x1blI\xc9\x94\xec\xeay3\x13\x9a\xba\x9a%Y=!\x8a\xe2#O|n\x8d\xbfz\xc12\xcde\x05\xfam\x06\x8co\x99"\x068\x0e\x1c\xef\x13l\xc3\xd8\xbc\x89O\x81@\x8fh\x8c9\x9c\xf8\xcbkI-\xa5\xf1\x82V\xa4\xbe\xf7z\xd0\xf2\xe2i\xbe\xbb\xcc\xaf&=\xa9g\xba=\x82\x02\xcf\xea\xa3\xed\x05u\x02\xf0
http://leafegrt.com/
GET / HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.google.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: leafegrt.com
Connection: Keep-Alive

http://extremely-ppa.com/
GET / HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.google.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: extremely-ppa.com
Connection: Keep-Alive

http://mington-res.com/
GET / HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.google.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: mington-res.com
Connection: Keep-Alive

http://extremely-ppa.com/style.css
GET /style.css HTTP/1.1
Accept: */*
Referer: http://extremely-ppa.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: extremely-ppa.com
Connection: Keep-Alive

http://leafegrt.com/style.css
GET /style.css HTTP/1.1
Accept: */*
Referer: http://leafegrt.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: leafegrt.com
Connection: Keep-Alive

http://extremely-ppa.com/btn_search.png
GET /btn_search.png HTTP/1.1
Accept: */*
Referer: http://extremely-ppa.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: extremely-ppa.com
Connection: Keep-Alive

http://mington-res.com/style.css
GET /style.css HTTP/1.1
Accept: */*
Referer: http://mington-res.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: mington-res.com
Connection: Keep-Alive

http://leafegrt.com/btn_search.png
GET /btn_search.png HTTP/1.1
Accept: */*
Referer: http://leafegrt.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: leafegrt.com
Connection: Keep-Alive

http://leafegrt.com/logo.png
GET /logo.png HTTP/1.1
Accept: */*
Referer: http://leafegrt.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: leafegrt.com
Connection: Keep-Alive

http://extremely-ppa.com/logo.png
GET /logo.png HTTP/1.1
Accept: */*
Referer: http://extremely-ppa.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: extremely-ppa.com
Connection: Keep-Alive

http://extremely-ppa.com/icon_serch.png
GET /icon_serch.png HTTP/1.1
Accept: */*
Referer: http://extremely-ppa.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: extremely-ppa.com
Connection: Keep-Alive

http://mington-res.com/btn_search.png
GET /btn_search.png HTTP/1.1
Accept: */*
Referer: http://mington-res.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: mington-res.com
Connection: Keep-Alive

http://mington-res.com/logo.png
GET /logo.png HTTP/1.1
Accept: */*
Referer: http://mington-res.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: mington-res.com
Connection: Keep-Alive

http://leafegrt.com/icon_serch.png
GET /icon_serch.png HTTP/1.1
Accept: */*
Referer: http://leafegrt.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: leafegrt.com
Connection: Keep-Alive

http://mington-res.com/icon_serch.png
GET /icon_serch.png HTTP/1.1
Accept: */*
Referer: http://mington-res.com/
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: mington-res.com
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 2.966 seconds )

  • 1.816 CAPE
  • 1.14 NetworkAnalysis
  • 0.007 AnalysisInfo
  • 0.003 Debug

Signatures ( 0.057 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.004 browser_security
  • 0.004 ransomware_extensions
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.002 geodo_banking_trojan
  • 0.002 disables_browser_warn
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children
  • 0.001 masquerade_process_name
  • 0.001 network_torgateway
  • 0.001 recon_checkip

Reporting ( 0.0 seconds )

Task ID 107540
Mongo ID 5dc4664c07e16890f22b6333
Cuckoo release 1.3-CAPE
Delete