Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.gattgraphic.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
www.bruderhertz.art | ||
www.family-doctor-79417.com | 103.224.212.213 | |
www.martinkeyword.top | 172.67.154.225 | |
www.zhangnational.site | 104.21.49.198 |
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:49154 239.255.255.250:1900
-
GET
301
http://www.martinkeyword.top/b21s/?LZa0=0tEjvMOQZ1u+KiVdVD9NMdDqyg4NNl7IsBZDKOPbb44psP0R1uri9OUTuHQ9LNmBSi0J17UR&uTux=njoTZ26xmz
REQUEST
RESPONSE
BODY
GET /b21s/?LZa0=0tEjvMOQZ1u+KiVdVD9NMdDqyg4NNl7IsBZDKOPbb44psP0R1uri9OUTuHQ9LNmBSi0J17UR&uTux=njoTZ26xmz HTTP/1.1
Host: www.martinkeyword.top
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Wed, 24 Jan 2024 23:54:17 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Thu, 25 Jan 2024 00:54:17 GMT
Location: https://www.martinkeyword.top/b21s/?LZa0=0tEjvMOQZ1u+KiVdVD9NMdDqyg4NNl7IsBZDKOPbb44psP0R1uri9OUTuHQ9LNmBSi0J17UR&uTux=njoTZ26xmz
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EqXAUK%2FlNx2xINakIGSP%2F8jrIkoFWf6451mSNHpv%2BFB9ctRADn6UQKHB3lAL1pq12G5GdQMb9RezU5TSg9zVROe96tW9mVzuLULuxFl2sokLYhWXgyiZM4POnD0VLm45Ke5c3Ni%2FrNI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 84ac3361bde608dc-LAX
alt-svc: h3=":443"; ma=86400
GET
429
http://www.gattgraphic.com/b21s/?LZa0=EodxxVnP6AALhCm6PMojoLYK50H/6a9ovP9+wbqeR1Lo4rltyls8iqRv+JR8KYWFAhTe4tyj&uTux=njoTZ26xmz
REQUEST
RESPONSE
BODY
GET /b21s/?LZa0=EodxxVnP6AALhCm6PMojoLYK50H/6a9ovP9+wbqeR1Lo4rltyls8iqRv+JR8KYWFAhTe4tyj&uTux=njoTZ26xmz HTTP/1.1
Host: www.gattgraphic.com
Connection: close
HTTP/1.1 429 Too Many Requests
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 24 Jan 2024 23:54:37 GMT
X-Served-By: cache-tyo11941-TYO
X-Cache: MISS
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==
Via: 1.1 google
Connection: close
GET
302
http://www.family-doctor-79417.com/b21s/?LZa0=Mxt8ckLWX1wN0TXkckU8PS2/S2ul7U/m+MSjsB7vFpbxPb8t47jkcaQcBHmi0NSFrzd3m2nN&uTux=njoTZ26xmz
REQUEST
RESPONSE
BODY
GET /b21s/?LZa0=Mxt8ckLWX1wN0TXkckU8PS2/S2ul7U/m+MSjsB7vFpbxPb8t47jkcaQcBHmi0NSFrzd3m2nN&uTux=njoTZ26xmz HTTP/1.1
Host: www.family-doctor-79417.com
Connection: close
HTTP/1.1 302 Found
date: Wed, 24 Jan 2024 23:54:58 GMT
server: Apache
set-cookie: __tad=1706140498.5485039; expires=Sat, 21-Jan-2034 23:54:58 GMT; Max-Age=315360000
location: http://ww25.family-doctor-79417.com/b21s/?LZa0=Mxt8ckLWX1wN0TXkckU8PS2/S2ul7U/m+MSjsB7vFpbxPb8t47jkcaQcBHmi0NSFrzd3m2nN&uTux=njoTZ26xmz&subid1=20240125-1054-587a-b165-b4e46a369813
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET
404
http://www.zhangnational.site/b21s/?LZa0=y0Dj+cpzYNB0KREV3i9vRRBmemYalAwO39f2/WBFUnsbQy2Uen8j2v8X32Jt1Fp/TC7TXkMI&uTux=njoTZ26xmz
REQUEST
RESPONSE
BODY
GET /b21s/?LZa0=y0Dj+cpzYNB0KREV3i9vRRBmemYalAwO39f2/WBFUnsbQy2Uen8j2v8X32Jt1Fp/TC7TXkMI&uTux=njoTZ26xmz HTTP/1.1
Host: www.zhangnational.site
Connection: close
HTTP/1.1 404 Not Found
Date: Wed, 24 Jan 2024 23:55:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=guYPKVX9vPDWzCouLt8HFZBOCgioGvighPubtntWdMH%2FnI8zxWnWfaHQ8OJSWlXiW44kIgCmi54ctuGbelcpHrya4lOGhEcYS5mE0TCnllcPiU2qgr93ozyazol2WsxARkxCmoP%2BDrd0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 84ac34dfff250fb9-LAX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.103:49164 -> 104.21.6.136:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.103:49164 -> 104.21.6.136:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49164 -> 104.21.6.136:80 | 2031089 | ET HUNTING Request to .TOP Domain with Minimal Headers | Potentially Bad Traffic |
TCP 192.168.56.103:49167 -> 172.67.166.205:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49166 -> 103.224.212.213:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49165 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts