Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.starfish.press | 157.90.241.6 | |
| www.celimot.xyz | 162.0.222.121 |
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
GET
404
http://www.celimot.xyz/g2fg/?mtxhs=uSms+J8o1mIA6+wvZEfStnxeTJHxSsXMJcGf2ExRFCk7DrgbAjxC0fXMma/1S3JhdH+3q7pg&sPxL3H=mnRlt2QHpPdD
REQUEST
RESPONSE
BODY
GET /g2fg/?mtxhs=uSms+J8o1mIA6+wvZEfStnxeTJHxSsXMJcGf2ExRFCk7DrgbAjxC0fXMma/1S3JhdH+3q7pg&sPxL3H=mnRlt2QHpPdD HTTP/1.1
Host: www.celimot.xyz
Connection: close
HTTP/1.1 404 Not Found
Date: Mon, 13 Mar 2023 00:56:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 277
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
302
http://www.starfish.press/g2fg/?mtxhs=lWcjeiBloi4EDbg7MN3rvx7EqhokJu38Iq2Oe6cWJqEYyMwYkHsTTSC60+FG1O/0m2FzwNNs&sPxL3H=mnRlt2QHpPdD
REQUEST
RESPONSE
BODY
GET /g2fg/?mtxhs=lWcjeiBloi4EDbg7MN3rvx7EqhokJu38Iq2Oe6cWJqEYyMwYkHsTTSC60+FG1O/0m2FzwNNs&sPxL3H=mnRlt2QHpPdD HTTP/1.1
Host: www.starfish.press
Connection: close
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 13 Mar 2023 00:56:56 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://www.starfish.press/yunohost/admin
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49170 -> 157.90.241.6:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49170 -> 157.90.241.6:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49170 -> 157.90.241.6:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49168 -> 162.0.222.121:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49168 -> 162.0.222.121:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49168 -> 162.0.222.121:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49168 -> 162.0.222.121:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts