Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.weighing.xyz | ||
| www.stockprob.com | 50.117.107.194 | |
| www.dbszdjh.fun | 198.54.117.218 | |
| www.zakhtive.com |
GET
0
http://www.dbszdjh.fun/sy18/?Jt7=U6JHPeuS9cFK+HdosiYdUe3kZUaaEpBIK0NQV+GndtDtxcA30TUEsLLFVDIA4mk86iP5n2oi&EHU40X=gbTpoNAPwL
REQUEST
RESPONSE
BODY
GET /sy18/?Jt7=U6JHPeuS9cFK+HdosiYdUe3kZUaaEpBIK0NQV+GndtDtxcA30TUEsLLFVDIA4mk86iP5n2oi&EHU40X=gbTpoNAPwL HTTP/1.1
Host: www.dbszdjh.fun
Connection: close
GET
200
http://www.stockprob.com/sy18/?Jt7=1Oep3nCFFUrkcIdAUTj14MBiu14AlEMKb8QIMK+sAITCpSEZyQitY4taH9PhDo7Kfu1SD1c1&EHU40X=gbTpoNAPwL
REQUEST
RESPONSE
BODY
GET /sy18/?Jt7=1Oep3nCFFUrkcIdAUTj14MBiu14AlEMKb8QIMK+sAITCpSEZyQitY4taH9PhDo7Kfu1SD1c1&EHU40X=gbTpoNAPwL HTTP/1.1
Host: www.stockprob.com
Connection: close
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jul 2023 22:31:11 GMT
Content-Type: text/html
Content-Length: 801
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49166 -> 50.117.107.194:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49166 -> 50.117.107.194:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49166 -> 50.117.107.194:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49165 -> 198.54.117.215:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49165 -> 198.54.117.215:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49165 -> 198.54.117.215:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts