Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.hbiwhwr.shop |
CNAME
hbiwhwr.shop
|
34.102.136.180 |
| www.summitstracecolumbus.com | 85.202.174.60 | |
| www.278809.com | 154.205.107.177 | |
| www.91967.net | 20.205.142.141 | |
| www.thwmlohr.click | 43.154.67.170 |
- UDP Requests
-
-
192.168.56.101:52815 164.124.101.2:53
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:55149 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:53004
-
GET
200
http://www.summitstracecolumbus.com/sy22/?-ZeHzZ4=nHjvsxR8MNyek9Frd1eEkzxomyZgRhw7CXfe5CvZzjzDG9G5MlwArHUwsFbqxuFMI96piyiY&Ntiptf=llvt
REQUEST
RESPONSE
BODY
GET /sy22/?-ZeHzZ4=nHjvsxR8MNyek9Frd1eEkzxomyZgRhw7CXfe5CvZzjzDG9G5MlwArHUwsFbqxuFMI96piyiY&Ntiptf=llvt HTTP/1.1
Host: www.summitstracecolumbus.com
Connection: close
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 19 Sep 2023 22:30:40 GMT
Content-Type: text/html
Content-Length: 809
Connection: close
GET
301
http://www.91967.net/sy22/?-ZeHzZ4=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&Ntiptf=llvt
REQUEST
RESPONSE
BODY
GET /sy22/?-ZeHzZ4=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&Ntiptf=llvt HTTP/1.1
Host: www.91967.net
Connection: close
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 19 Sep 2023 22:30:58 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.91967.net:8443?-ZeHzZ4=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&Ntiptf=llvt
GET
403
http://www.hbiwhwr.shop/sy22/?-ZeHzZ4=yd0bSXVZUXdU8qKTRdtZDhtRbXCT/uJkAzwFnTNcMl5wHiXF5PZYexVTbwnTO0CSyNbsU44F&Ntiptf=llvt
REQUEST
RESPONSE
BODY
GET /sy22/?-ZeHzZ4=yd0bSXVZUXdU8qKTRdtZDhtRbXCT/uJkAzwFnTNcMl5wHiXF5PZYexVTbwnTO0CSyNbsU44F&Ntiptf=llvt HTTP/1.1
Host: www.hbiwhwr.shop
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Tue, 19 Sep 2023 22:31:41 GMT
Content-Type: text/html
Content-Length: 291
ETag: "64f0b122-123"
Via: 1.1 google
Connection: close
GET
404
http://www.thwmlohr.click/sy22/?-ZeHzZ4=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&Ntiptf=llvt
REQUEST
RESPONSE
BODY
GET /sy22/?-ZeHzZ4=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&Ntiptf=llvt HTTP/1.1
Host: www.thwmlohr.click
Connection: close
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Tue, 19 Sep 2023 22:31:57 GMT
Content-Length: 18
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 20.205.142.141:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49171 -> 43.154.67.170:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49170 -> 34.102.136.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49166 -> 85.202.174.60:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts