Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.sextapevidhot.com | 103.224.212.211 | |
| www.lineyours.com | ||
| www.ascorpii.com | ||
| www.xpermate.com | 77.245.157.73 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:55149 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
GET
301
http://www.xpermate.com/ju29/?8pwDZZSX=YSdUgFSDvDomRrfxRTc82IB8KvEz5Cudp7FBenL6bBiUULPv2hucH8VGw3UW6gX6WzIP7l0c&mvHpx=Y4C4ZlYp7ZstcN7
REQUEST
RESPONSE
BODY
GET /ju29/?8pwDZZSX=YSdUgFSDvDomRrfxRTc82IB8KvEz5Cudp7FBenL6bBiUULPv2hucH8VGw3UW6gX6WzIP7l0c&mvHpx=Y4C4ZlYp7ZstcN7 HTTP/1.1
Host: www.xpermate.com
Connection: close
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 03 Nov 2023 09:16:36 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://xpermate.com/ju29/?8pwDZZSX=YSdUgFSDvDomRrfxRTc82IB8KvEz5Cudp7FBenL6bBiUULPv2hucH8VGw3UW6gX6WzIP7l0c&mvHpx=Y4C4ZlYp7ZstcN7
GET
302
http://www.sextapevidhot.com/ju29/?8pwDZZSX=GMwV4/acGCaMlZi4K+MQ3vTvNv8+0oL4+WFE2ysoGOt3m0Xi0X0oVpaGXeUG3ymsAqEbf+Ht&mvHpx=Y4C4ZlYp7ZstcN7
REQUEST
RESPONSE
BODY
GET /ju29/?8pwDZZSX=GMwV4/acGCaMlZi4K+MQ3vTvNv8+0oL4+WFE2ysoGOt3m0Xi0X0oVpaGXeUG3ymsAqEbf+Ht&mvHpx=Y4C4ZlYp7ZstcN7 HTTP/1.1
Host: www.sextapevidhot.com
Connection: close
HTTP/1.1 302 Found
date: Fri, 03 Nov 2023 09:17:14 GMT
server: Apache
set-cookie: __tad=1699003034.2042379; expires=Mon, 31-Oct-2033 09:17:14 GMT; Max-Age=315360000
location: http://ww25.sextapevidhot.com/ju29/?8pwDZZSX=GMwV4/acGCaMlZi4K+MQ3vTvNv8+0oL4+WFE2ysoGOt3m0Xi0X0oVpaGXeUG3ymsAqEbf+Ht&mvHpx=Y4C4ZlYp7ZstcN7&subid1=20231103-2017-14d6-87e4-99cd6d81e250
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49169 -> 103.224.212.211:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49168 -> 77.245.157.73:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts