Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.lincornellah.africa | ||
| www.copywriters.agency | ||
| www.liberix.se | ||
| www.billydeluca.com |
CNAME
ext-cust.squarespace.com
|
198.185.159.145 |
- UDP Requests
GET
400
http://www.billydeluca.com/sd03/?jBZ4=bwn3WNXG1QkKkY/peZjHiiVfFEeZEuNxgxDQNfmA0NAm5QlqR0e5861NDsuhGMHW1ZdwAArQ&P0D=Abs0IXf
REQUEST
RESPONSE
BODY
GET /sd03/?jBZ4=bwn3WNXG1QkKkY/peZjHiiVfFEeZEuNxgxDQNfmA0NAm5QlqR0e5861NDsuhGMHW1ZdwAArQ&P0D=Abs0IXf HTTP/1.1
Host: www.billydeluca.com
Connection: close
HTTP/1.1 400 Bad Request
Cache-Control: no-cache, must-revalidate
Content-Length: 77564
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 01:12:21 UTC
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Pragma: no-cache
Server: Squarespace
X-Contextid: 1qouoFj4/4Z7o49zr
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 198.49.23.144:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 198.49.23.144:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 198.49.23.144:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts