Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.programagubernamental.store | ||
| www.scotwork.us | 104.21.75.84 | |
| www.majenta.info |
GET
301
http://www.scotwork.us/g2fg/?Jfy=gMiLTpy0oYEUy47EDaZJ0YPIhSGoXFYVIqBfB3cGNY39N1b0aizH0s/A9IIAdCbpZx7zYbtr&ojq4dR=RVlPiv
REQUEST
RESPONSE
BODY
GET /g2fg/?Jfy=gMiLTpy0oYEUy47EDaZJ0YPIhSGoXFYVIqBfB3cGNY39N1b0aizH0s/A9IIAdCbpZx7zYbtr&ojq4dR=RVlPiv HTTP/1.1
Host: www.scotwork.us
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Thu, 30 Mar 2023 07:31:04 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Thu, 30 Mar 2023 08:31:04 GMT
Location: https://www.scotwork.us/g2fg/?Jfy=gMiLTpy0oYEUy47EDaZJ0YPIhSGoXFYVIqBfB3cGNY39N1b0aizH0s/A9IIAdCbpZx7zYbtr&ojq4dR=RVlPiv
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FfGnT5xCNjocLKRBkCKb2KZh%2FlIX9OJSg9AVMqwU0tiKoBB1Et1Wux5agch8uGpzIDu5Q4u6lBQV1EjsC9YyPylFW%2FlipewrC%2BFtI%2FPWLvlWDjbERF5yRitPSgleMq7Xkpc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7afea69fac9519cd-KIX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49169 -> 172.67.217.149:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49169 -> 172.67.217.149:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49169 -> 172.67.217.149:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts