Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.izeera.com |
CNAME
varun2365.github.io
|
185.199.111.153 |
| www.verificardsa.com |
CNAME
verificardsa.com
|
23.145.120.242 |
| www.nextino.app | 91.195.240.19 | |
| www.jys639.com | 203.210.27.41 |
GET
404
http://www.jys639.com/t6tg/?ARr=iZSd4WcVLoxrty2SI4zYYm+k8zxr4doV+JNRrflDFWaXgV8umUmWRFTZcO/6j4IcEfQ2bA86&ndlpdZ=u4itArTPyX7D
REQUEST
RESPONSE
BODY
GET /t6tg/?ARr=iZSd4WcVLoxrty2SI4zYYm+k8zxr4doV+JNRrflDFWaXgV8umUmWRFTZcO/6j4IcEfQ2bA86&ndlpdZ=u4itArTPyX7D HTTP/1.1
Host: www.jys639.com
Connection: close
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 Oct 2023 22:32:35 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
GET
404
http://www.verificardsa.com/t6tg/?ARr=e3AQhDkaG9eafEaUpLL/rSilDzf/hET9ej10VBCXgx4U67QE0b9NWX3D0BBjP0VOu+agMW4z&ndlpdZ=u4itArTPyX7D
REQUEST
RESPONSE
BODY
GET /t6tg/?ARr=e3AQhDkaG9eafEaUpLL/rSilDzf/hET9ej10VBCXgx4U67QE0b9NWX3D0BBjP0VOu+agMW4z&ndlpdZ=u4itArTPyX7D HTTP/1.1
Host: www.verificardsa.com
Connection: close
HTTP/1.1 404 Not Found
Date: Thu, 19 Oct 2023 22:32:56 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
301
http://www.izeera.com/t6tg/?ARr=m529FBdnR7W3BTzP5MxjwgE+mkLjoMm+UZfynz2FhzEQtAjK+eSB/JNk4Nuy1iudF5erJ+NJ&ndlpdZ=u4itArTPyX7D
REQUEST
RESPONSE
BODY
GET /t6tg/?ARr=m529FBdnR7W3BTzP5MxjwgE+mkLjoMm+UZfynz2FhzEQtAjK+eSB/JNk4Nuy1iudF5erJ+NJ&ndlpdZ=u4itArTPyX7D HTTP/1.1
Host: www.izeera.com
Connection: close
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 162
Server: GitHub.com
Content-Type: text/html
X-GitHub-Request-Id: F4CE:34E77C:73A4C:9E81C:6531AEA9
Accept-Ranges: bytes
Date: Thu, 19 Oct 2023 22:33:17 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-icn1450028-ICN
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1697754797.037389,VS0,VE180
Vary: Accept-Encoding
X-Fastly-Request-ID: beddcba21316ed7505d75cea5ef59d45b32f8867
Location: https://izeera.com/t6tg/?ARr=m529FBdnR7W3BTzP5MxjwgE+mkLjoMm+UZfynz2FhzEQtAjK+eSB/JNk4Nuy1iudF5erJ+NJ&ndlpdZ=u4itArTPyX7D
GET
200
http://www.nextino.app/t6tg/?ARr=hbKaBdJJ6vFN8tzB35DGgEHrZG9ClC0kvKQfUGuMd838c0khCL09IqdRU/B5FhQhg2CjjGkb&ndlpdZ=u4itArTPyX7D
REQUEST
RESPONSE
BODY
GET /t6tg/?ARr=hbKaBdJJ6vFN8tzB35DGgEHrZG9ClC0kvKQfUGuMd838c0khCL09IqdRU/B5FhQhg2CjjGkb&ndlpdZ=u4itArTPyX7D HTTP/1.1
Host: www.nextino.app
Connection: close
HTTP/1.1 200 OK
date: Thu, 19 Oct 2023 22:33:35 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_A5O611w8t0rAE6wAccL5ICqoMZcZogxuUJTcEEx23HFNEsE7iqRgmDmpCPe22mFLefpcQGSwRR31m20i8wu1/Q==
last-modified: Thu, 19 Oct 2023 22:33:35 GMT
x-cache-miss-from: parking-697977dd84-vn7t6
server: NginX
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49166 -> 203.210.27.41:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49170 -> 185.199.109.153:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49167 -> 23.145.120.242:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49171 -> 91.195.240.19:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts