Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.alexanderpaddles.ca |
CNAME
shops.myshopify.com
|
23.227.38.74 |
| www.mvrslearning.com | ||
| www.facebookmetasucks.com |
CNAME
facebookmetasucks.com
|
34.102.136.180 |
GET
403
http://www.facebookmetasucks.com/hd6y/?AjR=pRQlNGp0j/9/rKI1CXwA3WsoEoSVqTpLNoWD5yqz7s6JboTU5Ho0wmQvrYHs634Oxj54Ibba&njq4iL=9rt0AP1PTrQp
REQUEST
RESPONSE
BODY
GET /hd6y/?AjR=pRQlNGp0j/9/rKI1CXwA3WsoEoSVqTpLNoWD5yqz7s6JboTU5Ho0wmQvrYHs634Oxj54Ibba&njq4iL=9rt0AP1PTrQp HTTP/1.1
Host: www.facebookmetasucks.com
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Fri, 12 Nov 2021 01:37:19 GMT
Content-Type: text/html
Content-Length: 275
ETag: "618be74f-113"
Via: 1.1 google
Connection: close
GET
403
http://www.alexanderpaddles.ca/hd6y/?AjR=Xmm/XwOdma21R3xsJLfbZ/Bd8FZ+HU1dqhq+4XKTtPeOJr7scWjdCucgfLvymmJK1GO9I2ZR&njq4iL=9rt0AP1PTrQp
REQUEST
RESPONSE
BODY
GET /hd6y/?AjR=Xmm/XwOdma21R3xsJLfbZ/Bd8FZ+HU1dqhq+4XKTtPeOJr7scWjdCucgfLvymmJK1GO9I2ZR&njq4iL=9rt0AP1PTrQp HTTP/1.1
Host: www.alexanderpaddles.ca
Connection: close
HTTP/1.1 403 Forbidden
Date: Fri, 12 Nov 2021 01:38:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Sorting-Hat-PodId: 163
X-Sorting-Hat-ShopId: 59876737188
X-Request-ID: b60369e4-1284-4d64-9df6-368da4e4af40
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-Dc: gcp-asia-northeast2
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 6acc09d03e8baec7-KIX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49167 -> 23.227.38.74:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49167 -> 23.227.38.74:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49167 -> 23.227.38.74:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 34.102.136.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 34.102.136.180:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 34.102.136.180:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts