Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.office-honu.com | 163.44.185.180 | |
www.studio352events.com | 208.91.197.132 | |
www.merelweb.com | 172.67.158.89 | |
www.earthdatascape.com |
CNAME
earthdatascape.com
|
62.149.128.45 |
GET
404
http://www.office-honu.com/t2ti/?tXxh=tZ9f+xkGPYGlMQD6QUQgW7Bu5011mP3F3RfKADEubwWsw8RZnTP/abNvRo2Y4yuWOfFkav01&U48Hj=Nte0PL1048jDrzg
REQUEST
RESPONSE
BODY
GET /t2ti/?tXxh=tZ9f+xkGPYGlMQD6QUQgW7Bu5011mP3F3RfKADEubwWsw8RZnTP/abNvRo2Y4yuWOfFkav01&U48Hj=Nte0PL1048jDrzg HTTP/1.1
Host: www.office-honu.com
Connection: close
HTTP/1.1 404 Not Found
Date: Mon, 27 Nov 2023 00:37:16 GMT
Content-Type: text/html
Content-Length: 708
Connection: close
Server: LiteSpeed
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
GET
301
http://www.merelweb.com/t2ti/?tXxh=BOOThCPjnUM7lSCFBnH2BimjClSgW0h7VqsAOgTwhlCUKhxaVw8OFbF4wmCxnm287AtkZOd7&U48Hj=Nte0PL1048jDrzg
REQUEST
RESPONSE
BODY
GET /t2ti/?tXxh=BOOThCPjnUM7lSCFBnH2BimjClSgW0h7VqsAOgTwhlCUKhxaVw8OFbF4wmCxnm287AtkZOd7&U48Hj=Nte0PL1048jDrzg HTTP/1.1
Host: www.merelweb.com
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Nov 2023 00:37:37 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Mon, 27 Nov 2023 01:37:37 GMT
Location: https://www.merelweb.com/t2ti/?tXxh=BOOThCPjnUM7lSCFBnH2BimjClSgW0h7VqsAOgTwhlCUKhxaVw8OFbF4wmCxnm287AtkZOd7&U48Hj=Nte0PL1048jDrzg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27JcBDH6uE6uK%2FViNfW64ztquHggFTxVy3E7jKhaxGsQefHxQlB45VILLL%2FUL%2B2d4k1Qi9PExpCRfGr1HtIx80dkhBfS3NB%2B0tqrXNB7FU7s2tMN7cORFauSyP7Oo9cbNpjH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82c64dbb781f2f26-LAX
alt-svc: h3=":443"; ma=86400
GET
0
http://www.studio352events.com/t2ti/?tXxh=8VRVJ2RxNdqDCe39p/mzazLWBvMIpzi1TvcwnZg1FNPprXhJpJwCdr2o+lwBqF61wTFgCK1+&U48Hj=Nte0PL1048jDrzg
REQUEST
RESPONSE
BODY
GET /t2ti/?tXxh=8VRVJ2RxNdqDCe39p/mzazLWBvMIpzi1TvcwnZg1FNPprXhJpJwCdr2o+lwBqF61wTFgCK1+&U48Hj=Nte0PL1048jDrzg HTTP/1.1
Host: www.studio352events.com
Connection: close
HTTP/1.1 200 OK
Date: Mon, 27 Nov 2023 00:37:55 GMT
Server: Apache
Set-Cookie: vsid=927vr448591075771559574; expires=Sat, 25-Nov-2028 00:37:55 GMT; Max-Age=157680000; path=/; domain=www.studio352events.com; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_KuA9znhtEjogPTTqFiyF8dWc2SmV0TtBY2KSBK9CL+Q/5xITxwWVwKixgSnoDdN8HEIx47pjl37zvkGOjea3hg==
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Connection: close
GET
404
http://www.earthdatascape.com/t2ti/?tXxh=kstlMeg9IcwzJYyFLKGxy4q3LInO5BAGxn+RlyiQLQgBmQ7dbCQPEHLv7OQh7nVjyOSdc9Py&U48Hj=Nte0PL1048jDrzg
REQUEST
RESPONSE
BODY
GET /t2ti/?tXxh=kstlMeg9IcwzJYyFLKGxy4q3LInO5BAGxn+RlyiQLQgBmQ7dbCQPEHLv7OQh7nVjyOSdc9Py&U48Hj=Nte0PL1048jDrzg HTTP/1.1
Host: www.earthdatascape.com
Connection: close
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 27 Nov 2023 00:38:17 GMT
Connection: close
Content-Length: 5061
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49170 -> 208.91.197.132:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49166 -> 163.44.185.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49167 -> 104.21.82.142:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49173 -> 62.149.128.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts