Try VMRay Platform
Malicious
Classifications

Injector Spyware

Threat Names

Mal/Generic-S C2/Generic-A Mal/HTMLGen-A

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 hours, 21 minutes, 3 seconds" to "5 seconds" to reveal dormant functionality.

General

167.61 KB total sent, 588.36 KB total received
2 ports: 80, 53
22 contacted IP addresses
80 URLs extracted
101 files downloaded
21 malicious hosts detected

DNS

2.09 KB sent, 3.26 KB received
34 queries for 27 domains
1 name server contacted
10 queries returned errors

HTTP/S

164.50 KB sent, 572.99 KB received
44 URLs, 20 contacted servers
142 sessions detected

61 Hosts

www.wangbaomen23.xyz80
benedixit.com80
www.ui-un.com80
www.rogerstrong.com80
www.vevo-verify.com80
mydesigneredge.com80
www.janus.news80
www.amazing-s.com
www.transportlogistcs.com80
www.studyingmarx.com80
www.farmacianovapiel.com80
www.75788yh.com80
www.acclean-vn.space80
www.mydesigneredge.com80
www.benedixit.com80
www.ridonestore.shop80
www.baichapu8.com80
www.dconnekt.com80
www.blackgrow.info80
www.doonc.xyz80
dconnekt.com
www.hljstzs.com80
www.tangzhilian.com
www.litespeedtech.com
track.uc.cn
limitless-wallaby-uuktqxtcy4fafqqc6liua5a4.herokudns.com80
www.googletagmanager.com
ajax.googleapis.com
support.hostinger.com
g.alicdn.com
www.herokucdn.com
vevo-verify.com80
www.bv79bm.cfd80
www.gaichu-force.site80
cdn.hostinger.com
fonts.googleapis.com
cpanel.hostinger.com
linktr.ee
www.namesilo.com
ridonestore.shop80
www.google.com
www.bitinu.tech
www.warnernc.com
www.homefragrance.sale80
img.sedoparking.com
www.sedo.com
i1.cdn-image.com
gmpg.org
www.pnkgy.fun
cdn.consentmanager.net
s.w.org
maxcdn.bootstrapcdn.com
www.hlteuo.com
www.hostinger.com
hm.baidu.com
delivery.consentmanager.net
iyfodr.com
cdnjs.cloudflare.com
transportlogistcs.com80
image.uc.cn
farmacianovapiel.com80
HTTP Requests (10)DNS Requests (1)WHOIS
POSThttp://www.wangbaomen23.xyz/nfgh/405107.178.250.17780
Malicious
POSThttp://www.wangbaomen23.xyz/nfgh/405107.178.250.17780
Malicious
GEThttp://www.wangbaomen23.xyz/nfgh/?RPDvUsDz=SSX0NbbQXvMHMpTxTC9tQE/80btRM71TVUyQFKg43fZw+6RAlNpixTMW5b7DPEyZQBsE6KFKcB7TD4KDgp/Isv5YNPSXzU4IKU+A51XvwD1b&SOUWwJ=FpVR62hT200107.178.250.17780
Malicious
POSThttp://www.wangbaomen23.xyz/nfgh/405107.178.250.17780
Malicious
POSThttp://www.wangbaomen23.xyz/nfgh/405107.178.250.17780
Malicious
GEThttp://www.wangbaomen23.xyz/nfgh/?RPDvUsDz=SSX0NbbQXvMHMpTxTC9tQE/80btRM71TVUyQFKg43fZw+6RAlNpixTMW5b7DPEyZQBsE6KFKcB7TD4KDgp/Isv5YNPSXzU4IKU+A51XvwD1b&SOUWwJ=FpVR62hT200107.178.250.17780
Malicious
POSThttp://www.wangbaomen23.xyz/nfgh/-107.178.250.17780
Malicious
GEThttp://www.wangbaomen23.xyz/nfgh/?RPDvUsDz=SSX0NbbQXvMHMpTxTC9tQE/80btRM71TVUyQFKg43fZw+6RAlNpixTMW5b7DPEyZQBsE6KFKcB7TD4KDgp/Isv5YNPSXzU4IKU+A51XvwD1b&SOUWwJ=FpVR62hT200107.178.250.17780
Malicious
POSThttp://www.wangbaomen23.xyz/nfgh/-107.178.250.17780
Malicious
GEThttp://www.wangbaomen23.xyz/nfgh/?RPDvUsDz=SSX0NbbQXvMHMpTxTC9tQE/80btRM71TVUyQFKg43fZw+6RAlNpixTMW5b7DPEyZQBsE6KFKcB7TD4KDgp/Isv5YNPSXzU4IKU+A51XvwD1b&SOUWwJ=FpVR62hT200107.178.250.17780
Malicious
RequestResponseFunction Log (3)PCAP Stream (2)

General Information

Timestamp238.339000
URLhttp://www.wangbaomen23.xyz/nfgh/
Original URLhttp://www.wangbaomen23.xyz/nfgh/
Version1.1
MethodPOST

Request Headers

Accepttext/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encodinggzip, deflate
Accept-Languageen-US,en;q=0.5
Hostwww.wangbaomen23.xyz
Originhttp://www.wangbaomen23.xyz
Refererhttp://www.wangbaomen23.xyz/nfgh/
Cache-Controlmax-age=0
Connectionclose
Content-Length193
Content-Typeapplication/x-www-form-urlencoded
User-AgentMozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+

URL Reputation Information

Reputation Status
Malicious
Threat Data-
First Seen-
Last Seen-
Categoriesphishing

File Reputation Information

Filename: N/A
Reputation Status:
N/A
First Seen:-
Last Seen:-
Names:-
Families:-
Classifications: -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image