Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.omclaval.com |
CNAME
gcdn0.wixdns.net
|
34.117.168.233 |
| www.sx15k.com |
CNAME
sx15kcom.gotoip55.com
CNAME
web.dl31.vhostgo.com
CNAME
web.dl31.abc188.com
|
211.149.249.34 |
| www.gk84.com |
CNAME
gk84.com
|
107.148.223.82 |
| www.gracefullytouchedartistry.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
GET
404
http://www.gk84.com/sy22/?Mfg=EZXT1couL1SMJvG2qeg6eanykcNOwoSwRkeI+9JF3ekTKFJ8rStu/JDK0lzRposG9gxESXnb&D6h4=O2JdRpPP8
REQUEST
RESPONSE
BODY
GET /sy22/?Mfg=EZXT1couL1SMJvG2qeg6eanykcNOwoSwRkeI+9JF3ekTKFJ8rStu/JDK0lzRposG9gxESXnb&D6h4=O2JdRpPP8 HTTP/1.1
Host: www.gk84.com
Connection: close
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 09 Sep 2023 12:39:04 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
GET
404
http://www.sx15k.com/sy22/?Mfg=uDOmxGSZOI7byjRwM2VfDnyujtJEJ3PREhDiUuqfTZK7lE43sYjySeizw7LCJ3MdEZKjGoPp&D6h4=O2JdRpPP8
REQUEST
RESPONSE
BODY
GET /sy22/?Mfg=uDOmxGSZOI7byjRwM2VfDnyujtJEJ3PREhDiUuqfTZK7lE43sYjySeizw7LCJ3MdEZKjGoPp&D6h4=O2JdRpPP8 HTTP/1.1
Host: www.sx15k.com
Connection: close
HTTP/1.1 404 Not Found
Server: wts/1.6.4
Date: Sat, 09 Sep 2023 12:39:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
X-UA-Compatible: IE=edge,chrome=1
X-Powered-By: PbootCMS
Set-Cookie: lg=cn; path=/
GET
429
http://www.gracefullytouchedartistry.com/sy22/?Mfg=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&D6h4=O2JdRpPP8
REQUEST
RESPONSE
BODY
GET /sy22/?Mfg=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&D6h4=O2JdRpPP8 HTTP/1.1
Host: www.gracefullytouchedartistry.com
Connection: close
HTTP/1.1 429 Too Many Requests
Content-Length: 0
Accept-Ranges: bytes
Date: Sat, 09 Sep 2023 12:39:43 GMT
X-Served-By: cache-hnd18734-HND
X-Cache: MISS
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==
Via: 1.1 google
Connection: close
GET
301
http://www.omclaval.com/sy22/?Mfg=Vmf4Q5/zoPfldgruhOQLZP4+4m5gHfPs/jeCYPGlLiq5dZVswyzLC3uxqGOHhCLAF9vvj7E0&D6h4=O2JdRpPP8
REQUEST
RESPONSE
BODY
GET /sy22/?Mfg=Vmf4Q5/zoPfldgruhOQLZP4+4m5gHfPs/jeCYPGlLiq5dZVswyzLC3uxqGOHhCLAF9vvj7E0&D6h4=O2JdRpPP8 HTTP/1.1
Host: www.omclaval.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Sat, 09 Sep 2023 12:40:27 GMT
Content-Length: 0
location: https://www.omclaval.com/sy22?Mfg=Vmf4Q5%2FzoPfldgruhOQLZP4+4m5gHfPs%2FjeCYPGlLiq5dZVswyzLC3uxqGOHhCLAF9vvj7E0&D6h4=O2JdRpPP8
strict-transport-security: max-age=3600
x-wix-request-id: 1694263224.06644163481729890
Age: 0
X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMcQc9jMwvxdwiWux3O+5J84,qquldgcFrj2n046g4RNSVJCtWuHmiU2MhHGbwSEZTfk=,2d58ifebGbosy5xc+FRalupRXCMbI/6ITbFQfky+EwILLpgzzTX15kHg7qjPZ3AWTaOzad26luC4Q5hIhRb9v6VrCL6zvFeiHWQOUtuDjnw=,2UNV7KOq4oGjA5+PKsX47AhsJ+vHuMACwhr1UQHX7LOa46R9xNIlpQ4eUPYpBuqs,R8nVwPJv9QJL1m78OROO+GIaZvNDCliOZS2hr1qjhZc=,znHLAI6vxugFKypFMbJjosH6BNiATgXAmzHbWl6ukekSO5XmrrCSQNDehIjmfew3+qjXVFYXyBaEYRmjgmSG1g==
Cache-Control: no-cache
server-timing: cache;desc=miss, varnish;desc=miss, dc;desc=ane1_g
X-Content-Type-Options: nosniff
Server: Pepyaka/1.19.10
Via: 1.1 google
Connection: close
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 211.149.249.34 | 192.168.56.103 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49168 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49166 -> 107.148.223.82:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49169 -> 34.117.168.233:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49167 -> 211.149.249.34:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts