Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.commandintelhub.xyz | ||
www.new-minerals.com |
CNAME
cname.xg167.lhxh.cn
|
103.146.179.167 |
www.hcoarrih.com |
GET
404
http://www.new-minerals.com/t6tg/?b6A=KAteo39jXhYLV1ChmFznVIk+hBqN4AymFECkKH2GQakbZ7TdByL07ntBP05Gab5nXO3C3vF7&DbG=_DKHFz
REQUEST
RESPONSE
BODY
GET /t6tg/?b6A=KAteo39jXhYLV1ChmFznVIk+hBqN4AymFECkKH2GQakbZ7TdByL07ntBP05Gab5nXO3C3vF7&DbG=_DKHFz HTTP/1.1
Host: www.new-minerals.com
Connection: close
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 03 Nov 2023 01:03:34 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49169 -> 103.146.179.167:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts