Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.3829752.cfd | 91.238.203.54 | |
| www.destekbirimi.xyz |
CNAME
destekbirimi.xyz
|
45.83.122.3 |
| www.qe2i7cghzpebk.buzz | 154.212.217.131 | |
| www.annistonfrancisco.design |
GET
404
http://www.3829752.cfd/bopi/?UTdDKJW=1n/mJy6ksDjD1SFo6tgU/Wr3viufzKz1zGPKoIZ/eT2C0XRqhpMPr268WDPCq90ugD8pXNLi&mL08lN=WZOxq0HpO2iTW
REQUEST
RESPONSE
BODY
GET /bopi/?UTdDKJW=1n/mJy6ksDjD1SFo6tgU/Wr3viufzKz1zGPKoIZ/eT2C0XRqhpMPr268WDPCq90ugD8pXNLi&mL08lN=WZOxq0HpO2iTW HTTP/1.1
Host: www.3829752.cfd
Connection: close
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Sep 2024 01:30:39 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
ETag: "6663edd0-8a"
GET
301
http://www.destekbirimi.xyz/bopi/?UTdDKJW=9OIArt/8XXMuOuiAXmWQOXk3C62UqizBLfIIJUoXr9mFGY36FaazwV+NPSHlUIcw8LgUWBtQ&mL08lN=WZOxq0HpO2iTW
REQUEST
RESPONSE
BODY
GET /bopi/?UTdDKJW=9OIArt/8XXMuOuiAXmWQOXk3C62UqizBLfIIJUoXr9mFGY36FaazwV+NPSHlUIcw8LgUWBtQ&mL08lN=WZOxq0HpO2iTW HTTP/1.1
Host: www.destekbirimi.xyz
Connection: close
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 26 Sep 2024 01:31:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://www.destekbirimi.xyz/bopi/?UTdDKJW=9OIArt/8XXMuOuiAXmWQOXk3C62UqizBLfIIJUoXr9mFGY36FaazwV+NPSHlUIcw8LgUWBtQ&mL08lN=WZOxq0HpO2iTW
GET
404
http://www.qe2i7cghzpebk.buzz/bopi/?UTdDKJW=RLa7ILqG4DqD2QWAJ5sdOLYMTU4dZMJmeqDFyse7ghEGCiaotSRU8zg4aIvjGBOLKNss/XyU&mL08lN=WZOxq0HpO2iTW
REQUEST
RESPONSE
BODY
GET /bopi/?UTdDKJW=RLa7ILqG4DqD2QWAJ5sdOLYMTU4dZMJmeqDFyse7ghEGCiaotSRU8zg4aIvjGBOLKNss/XyU&mL08lN=WZOxq0HpO2iTW HTTP/1.1
Host: www.qe2i7cghzpebk.buzz
Connection: close
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Sep 2024 01:31:39 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49168 -> 154.212.217.131:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
| TCP 192.168.56.101:49168 -> 154.212.217.131:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49168 -> 154.212.217.131:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
| TCP 192.168.56.101:49167 -> 45.83.122.3:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49167 -> 45.83.122.3:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
| TCP 192.168.56.101:49166 -> 91.238.203.54:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts