Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.shop-pravaonline.online | 104.21.67.52 | |
www.dogclubuk.com | ||
www.keymuscatgroups.com |
CNAME
keymuscatgroups.com
|
94.130.50.78 |
GET
301
http://www.keymuscatgroups.com/bp31/?yVMpQTlP=yNiC01S4ovnvJ+4O8UQILoBOncymYWrbdHgK3FAKeJB65Mx698O5TOrqAYEBEx6+IzqV5xYJ&1bz=ofrLp
REQUEST
RESPONSE
BODY
GET /bp31/?yVMpQTlP=yNiC01S4ovnvJ+4O8UQILoBOncymYWrbdHgK3FAKeJB65Mx698O5TOrqAYEBEx6+IzqV5xYJ&1bz=ofrLp HTTP/1.1
Host: www.keymuscatgroups.com
Connection: close
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://www.keymuscatgroups.co.om/bp31/?yVMpQTlP=yNiC01S4ovnvJ+4O8UQILoBOncymYWrbdHgK3FAKeJB65Mx698O5TOrqAYEBEx6+IzqV5xYJ&1bz=ofrLp
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Tue, 28 Nov 2023 00:26:36 GMT
Connection: close
Content-Length: 257
GET
0
http://www.shop-pravaonline.online/bp31/?yVMpQTlP=Uqza8+9L64sRJc+c2iCGCqwjPe7m2xZwn2Ag66Dpm3Yoyn941TYF9FYKVDiYLzEfUp+bSjyL&1bz=ofrLp
REQUEST
RESPONSE
BODY
GET /bp31/?yVMpQTlP=Uqza8+9L64sRJc+c2iCGCqwjPe7m2xZwn2Ag66Dpm3Yoyn941TYF9FYKVDiYLzEfUp+bSjyL&1bz=ofrLp HTTP/1.1
Host: www.shop-pravaonline.online
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49166 -> 104.21.67.52:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49165 -> 94.130.50.78:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts