Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.videomademagic.com | ||
| www.practicalpoppers.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
| www.8129k.vip |
CNAME
8129k.vip
|
3.33.130.190 |
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:50803 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
GET
200
http://www.8129k.vip/btrd/?s0=n0ab3tuoNW8ou3x27TJdb8ResHeKX67jajlVBlqqkiip2P8oXoFhViJTkjsI+JgL2Gr/K3fV&sZODWF=8pH8ULV
REQUEST
RESPONSE
BODY
GET /btrd/?s0=n0ab3tuoNW8ou3x27TJdb8ResHeKX67jajlVBlqqkiip2P8oXoFhViJTkjsI+JgL2Gr/K3fV&sZODWF=8pH8ULV HTTP/1.1
Host: www.8129k.vip
Connection: close
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 26 Sep 2024 00:51:33 GMT
Content-Type: text/html
Content-Length: 205
Connection: close
GET
301
http://www.practicalpoppers.com/btrd/?s0=4sBrGMfWzW1lDsA3tsoeMOTII6sovB2juCtH8oSZyCnKVOcauW78A1MA2pRA0N3X3cw6QLB1&sZODWF=8pH8ULV
REQUEST
RESPONSE
BODY
GET /btrd/?s0=4sBrGMfWzW1lDsA3tsoeMOTII6sovB2juCtH8oSZyCnKVOcauW78A1MA2pRA0N3X3cw6QLB1&sZODWF=8pH8ULV HTTP/1.1
Host: www.practicalpoppers.com
Connection: close
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://www.practicalpoppers.com/btrd/?s0=4sBrGMfWzW1lDsA3tsoeMOTII6sovB2juCtH8oSZyCnKVOcauW78A1MA2pRA0N3X3cw6QLB1&sZODWF=8pH8ULV
Accept-Ranges: bytes
Date: Thu, 26 Sep 2024 00:52:13 GMT
X-Served-By: cache-tyo11948-TYO
X-Cache: MISS
X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,9WD8GAcpJgs/Ng1WkD2i0h9slopJdhD+WySraMrpIY8=
Via: 1.1 google
glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49167 -> 3.33.130.190:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49170 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts