Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.asgnelwin.com | ||
| www.03ss.vip |
CNAME
63a4ffed.mycdn.online
|
|
| www.mercardosupltda.shop |
CNAME
mercardosupltda.shop
|
154.49.247.55 |
| www.vinteligencia.com | 104.21.52.110 | |
| www.sofbks.top |
- UDP Requests
-
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:53007 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:53004
-
8.8.8.8:53 192.168.56.101:53850
-
8.8.8.8:53 192.168.56.101:54148
-
8.8.8.8:53 192.168.56.101:55146
-
8.8.8.8:53 192.168.56.101:61950
-
192.168.56.103:137 192.168.56.101:137
-
GET
301
http://www.mercardosupltda.shop/sy22/?EZX0sf=3bMgBYp3T8Et67riN3kA3/aeujAUMemYR9Y/JjuHDcyhHg+qjpOYOJGYEHV0e9MGAbxHoQdS&qL3=gjnL3zDh_r
REQUEST
RESPONSE
BODY
GET /sy22/?EZX0sf=3bMgBYp3T8Et67riN3kA3/aeujAUMemYR9Y/JjuHDcyhHg+qjpOYOJGYEHV0e9MGAbxHoQdS&qL3=gjnL3zDh_r HTTP/1.1
Host: www.mercardosupltda.shop
Connection: close
HTTP/1.1 301 Moved Permanently
Connection: close
content-type: text/html
content-length: 707
date: Fri, 04 Aug 2023 00:01:10 GMT
server: LiteSpeed
location: https://www.mercardosupltda.shop/sy22/?EZX0sf=3bMgBYp3T8Et67riN3kA3/aeujAUMemYR9Y/JjuHDcyhHg+qjpOYOJGYEHV0e9MGAbxHoQdS&qL3=gjnL3zDh_r
platform: hostinger
content-security-policy: upgrade-insecure-requests
GET
301
http://www.vinteligencia.com/sy22/?EZX0sf=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&qL3=gjnL3zDh_r
REQUEST
RESPONSE
BODY
GET /sy22/?EZX0sf=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&qL3=gjnL3zDh_r HTTP/1.1
Host: www.vinteligencia.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Fri, 04 Aug 2023 00:01:30 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Fri, 04 Aug 2023 01:01:30 GMT
Location: https://www.vinteligencia.com/sy22/?EZX0sf=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&qL3=gjnL3zDh_r
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wBQhYjtgZKpXj47LZcFS9lVwl0978M5UeXoorBZKO%2FI2eTW5kFJuHKozaaL86fDX1oJTRV2e7ppci4XcLbVYRsUyhCorZ9fJoC4vj7Gp5iG6p4WimqKmEnxHbW5%2FKyyGe15TVV4opkc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7f1286b5a80a1a02-KIX
alt-svc: h3=":443"; ma=86400
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:53004 -> 8.8.8.8:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.101:49168 -> 154.49.247.55:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49169 -> 172.67.198.50:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts