Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.umertazkeer.com | 103.224.212.216 | |
| www.sklm888.com | 108.186.24.175 | |
| www.gaming-chairs-vn-vi-2885437.fyi | 104.17.157.1 | |
| www.glocraze.com |
CNAME
glocraze.com
|
15.197.148.33 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:59005 239.255.255.250:1900
-
GET
302
http://www.umertazkeer.com/ju29/?0nGP-6=qL/w1+MBvm8GoMYX5IhFQmgMppJTUe9u/duKotMyUJF4p+ww3IubNw5rhrvFOtNFijYs9Y2C&JXULWR=RX0xlPZ8UPmL7V6P
REQUEST
RESPONSE
BODY
GET /ju29/?0nGP-6=qL/w1+MBvm8GoMYX5IhFQmgMppJTUe9u/duKotMyUJF4p+ww3IubNw5rhrvFOtNFijYs9Y2C&JXULWR=RX0xlPZ8UPmL7V6P HTTP/1.1
Host: www.umertazkeer.com
Connection: close
HTTP/1.1 302 Found
date: Mon, 30 Oct 2023 22:45:10 GMT
server: Apache
set-cookie: __tad=1698705910.2220650; expires=Thu, 27-Oct-2033 22:45:10 GMT; Max-Age=315360000
location: http://ww38.umertazkeer.com/ju29/?0nGP-6=qL/w1+MBvm8GoMYX5IhFQmgMppJTUe9u/duKotMyUJF4p+ww3IubNw5rhrvFOtNFijYs9Y2C&JXULWR=RX0xlPZ8UPmL7V6P
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET
200
http://www.sklm888.com/ju29/?0nGP-6=n8Crfq8u97ohQJzT+GN2bIuprmrMns3qA2cyB53CLK5Nkn3ik8XJfCdpmXkpj8M2YodcTKUz&JXULWR=RX0xlPZ8UPmL7V6P
REQUEST
RESPONSE
BODY
GET /ju29/?0nGP-6=n8Crfq8u97ohQJzT+GN2bIuprmrMns3qA2cyB53CLK5Nkn3ik8XJfCdpmXkpj8M2YodcTKUz&JXULWR=RX0xlPZ8UPmL7V6P HTTP/1.1
Host: www.sklm888.com
Connection: close
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Oct 2023 22:45:41 GMT
Content-Type: text/html
Content-Length: 789
Connection: close
GET
409
http://www.gaming-chairs-vn-vi-2885437.fyi/ju29/?0nGP-6=jZmXybCgFR2uD0ejxMDWyZKNvc7QdVfFN8JL5WlE97s3Bg4Qi+fVSOqduvGFqlRkfw/fGckr&JXULWR=RX0xlPZ8UPmL7V6P
REQUEST
RESPONSE
BODY
GET /ju29/?0nGP-6=jZmXybCgFR2uD0ejxMDWyZKNvc7QdVfFN8JL5WlE97s3Bg4Qi+fVSOqduvGFqlRkfw/fGckr&JXULWR=RX0xlPZ8UPmL7V6P HTTP/1.1
Host: www.gaming-chairs-vn-vi-2885437.fyi
Connection: close
HTTP/1.1 409 Conflict
Date: Mon, 30 Oct 2023 22:46:11 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 81e731628b7d305e-ICN
GET
403
http://www.glocraze.com/ju29/?0nGP-6=gDkZXs7NveHu4EW0skg7wBT+4b2V8qQlIvFf+hRei/lqZM1GklKH3GG4bPd4M6MmprPp+Vw1&JXULWR=RX0xlPZ8UPmL7V6P
REQUEST
RESPONSE
BODY
GET /ju29/?0nGP-6=gDkZXs7NveHu4EW0skg7wBT+4b2V8qQlIvFf+hRei/lqZM1GklKH3GG4bPd4M6MmprPp+Vw1&JXULWR=RX0xlPZ8UPmL7V6P HTTP/1.1
Host: www.glocraze.com
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Mon, 30 Oct 2023 22:46:30 GMT
Content-Type: text/html
Content-Length: 291
Connection: close
ETag: "65271109-123"
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 103.224.212.216:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49169 -> 104.17.157.1:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49168 -> 108.186.24.175:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49170 -> 15.197.148.33:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts