Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.qixservice.online |
CNAME
onstatic-pt.setupdns.net
|
81.88.57.70 |
| www.jizihao1.com | 39.101.169.136 | |
| www.podplugca.com |
CNAME
ext-sq.squarespace.com
|
198.49.23.144 |
| www.displayfridges.fun | 64.225.91.73 |
GET
404
http://www.qixservice.online/sy22/?GVW8=VBKd4i1TBAeTlYBnm9tWLCP4ww2vn+XVFOQPMnsW4AFxqlBX+KApyR5y0aXQ0sSyxSIvT0ne&uzuD=Zld0rPDHNj
REQUEST
RESPONSE
BODY
GET /sy22/?GVW8=VBKd4i1TBAeTlYBnm9tWLCP4ww2vn+XVFOQPMnsW4AFxqlBX+KApyR5y0aXQ0sSyxSIvT0ne&uzuD=Zld0rPDHNj HTTP/1.1
Host: www.qixservice.online
Connection: close
HTTP/1.1 404 Not Found
Date: Mon, 23 Oct 2023 00:41:04 GMT
Server: Apache
Content-Length: 203
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
400
http://www.podplugca.com/sy22/?GVW8=1SbEEVOB0X5p51zw8Y9tIyj0s4wRGWDD/YTF5BQf3aGuyUlv8rzVEk4tRHrNdM/Dikld30uR&uzuD=Zld0rPDHNj
REQUEST
RESPONSE
BODY
GET /sy22/?GVW8=1SbEEVOB0X5p51zw8Y9tIyj0s4wRGWDD/YTF5BQf3aGuyUlv8rzVEk4tRHrNdM/Dikld30uR&uzuD=Zld0rPDHNj HTTP/1.1
Host: www.podplugca.com
Connection: close
HTTP/1.1 400 Bad Request
Cache-Control: no-cache, must-revalidate
Content-Length: 77564
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 Oct 2023 00:41:23 UTC
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Pragma: no-cache
Server: Squarespace
X-Contextid: cLeVex99/45BBlYs2
Connection: close
GET
500
http://www.jizihao1.com/sy22/?GVW8=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&uzuD=Zld0rPDHNj
REQUEST
RESPONSE
BODY
GET /sy22/?GVW8=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&uzuD=Zld0rPDHNj HTTP/1.1
Host: www.jizihao1.com
Connection: close
HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 23 Oct 2023 00:41:44 GMT
Connection: close
Content-Length: 1141
GET
200
http://www.displayfridges.fun/sy22/?GVW8=aXg/rmbVwlFwwtnhCbViqZ1yX+MILNYt2xJKgyzLKbDp+5cOMXOnKyz8SWn7ESolc4/lQPeb&uzuD=Zld0rPDHNj
REQUEST
RESPONSE
BODY
GET /sy22/?GVW8=aXg/rmbVwlFwwtnhCbViqZ1yX+MILNYt2xJKgyzLKbDp+5cOMXOnKyz8SWn7ESolc4/lQPeb&uzuD=Zld0rPDHNj HTTP/1.1
Host: www.displayfridges.fun
Connection: close
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 23 Oct 2023 00:42:04 GMT
content-type: text/html
content-length: 593
last-modified: Wed, 22 Feb 2023 21:25:52 GMT
etag: "63f68860-251"
accept-ranges: bytes
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49171 -> 64.225.91.73:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49169 -> 198.185.159.144:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49168 -> 81.88.57.70:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts