Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.whguideinfrared.com | ||
| www.angelsondope.com |
CNAME
shops.myshopify.com
|
23.227.38.74 |
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
403
http://www.angelsondope.com/kzk9/?9rq=R/Z0QsDeuPK2IesOsqd7CDJalPktbHnC61K2DNge73XUnL83bysF8b2Uw+ps9Pl4Ub5Qrylb&o2J=jL0XZDI0l
REQUEST
RESPONSE
BODY
GET /kzk9/?9rq=R/Z0QsDeuPK2IesOsqd7CDJalPktbHnC61K2DNge73XUnL83bysF8b2Uw+ps9Pl4Ub5Qrylb&o2J=jL0XZDI0l HTTP/1.1
Host: www.angelsondope.com
Connection: close
HTTP/1.1 403 Forbidden
Date: Thu, 19 Aug 2021 10:10:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Sorting-Hat-PodId: 177
X-Sorting-Hat-ShopId: 45777059999
X-Dc: gcp-us-central1
X-Request-ID: d14300be-c700-4e4e-bf1d-63b4ff3afdfa
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 68129725feec0507-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49166 -> 23.227.38.74:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 23.227.38.74:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 23.227.38.74:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts