Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.clansix.xyz | 199.59.242.153 | |
| www.china-zhongzhi.com | 45.192.251.62 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62327 239.255.255.250:1900
-
192.168.56.101:62329 239.255.255.250:3702
-
192.168.56.101:62331 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
POST
0
http://www.clansix.xyz/ixwn/
REQUEST
RESPONSE
BODY
POST /ixwn/ HTTP/1.1
Host: www.clansix.xyz
Connection: close
Content-Length: 281
Cache-Control: no-cache
Origin: http://www.clansix.xyz
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.clansix.xyz/ixwn/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
GET
200
http://www.clansix.xyz/ixwn/?tXU=HKquMzrDdPUL5WCzLxokwwg1M44kElHO2J0O+BGWZnhJatCoGneWRy54iWfWyTz0dcXiGEhv&UlSp=GVgTURZ0B4_lZB
REQUEST
RESPONSE
BODY
GET /ixwn/?tXU=HKquMzrDdPUL5WCzLxokwwg1M44kElHO2J0O+BGWZnhJatCoGneWRy54iWfWyTz0dcXiGEhv&UlSp=GVgTURZ0B4_lZB HTTP/1.1
Host: www.clansix.xyz
Connection: close
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 17 Aug 2021 00:39:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: parking_session=d45e888a-7535-13e3-1264-5fccac9a452c; expires=Tue, 17-Aug-2021 00:44:26 GMT; Max-Age=300; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ILR8GZ/Olwb7gy1InPUdjeve94cXtCv3I5najOcGDg1tgHuKkWxoNThOPOEAoPaBv5/rgOM841Iu1tdVZQaeWw==
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-store, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49205 -> 199.59.242.153:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49205 -> 199.59.242.153:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49205 -> 199.59.242.153:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49205 -> 199.59.242.153:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts