Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.one45.vip | 172.67.168.52 | |
www.holzleisten24.shop | 130.185.109.77 |
GET
404
http://www.holzleisten24.shop/ro12/?ATRlddq=YvLwEHT8dFuKpJLsd4JhBcwDYJ3uuNfwUz2wQ6/Fy2txHMel0oHlxc/BdHQb6Vhi/z8z67rB&DxoTK=VDKTtFOx_dip6pX
REQUEST
RESPONSE
BODY
GET /ro12/?ATRlddq=YvLwEHT8dFuKpJLsd4JhBcwDYJ3uuNfwUz2wQ6/Fy2txHMel0oHlxc/BdHQb6Vhi/z8z67rB&DxoTK=VDKTtFOx_dip6pX HTTP/1.1
Host: www.holzleisten24.shop
Connection: close
HTTP/1.1 404 Not Found
Server: nginx/1.6.2
Date: Wed, 13 Sep 2023 22:34:12 GMT
Content-Type: text/html
Content-Length: 168
Connection: close
GET
301
http://www.one45.vip/ro12/?ATRlddq=Zg7IXJepYYHIcsKaQoHhL1/V4j4C4Pb3dF6fc4AkNYCnbF989AFVMYXREkmUQu75oh06LO4h&DxoTK=VDKTtFOx_dip6pX
REQUEST
RESPONSE
BODY
GET /ro12/?ATRlddq=Zg7IXJepYYHIcsKaQoHhL1/V4j4C4Pb3dF6fc4AkNYCnbF989AFVMYXREkmUQu75oh06LO4h&DxoTK=VDKTtFOx_dip6pX HTTP/1.1
Host: www.one45.vip
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Wed, 13 Sep 2023 22:34:30 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Wed, 13 Sep 2023 23:34:30 GMT
Location: https://auto.one45.vip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zgGtgOqvLoCzGogOaaCbAuYcPuYsrQ3MRh5T52uXt54MG3Bjr6IqW3MPOQRaFpMipVJaFenZq%2FOWZY7X9ZDjyPw3owFh8vBxk1OrMUMsXis%2FMZjYSOLUHOIrxJarBXCn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8063dba408718d1e-KIX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49165 -> 130.185.109.77:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49166 -> 172.67.168.52:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts