Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.thepresaleplug.com | ||
| www.ohrana-truda-truda-rf.online | 172.67.144.112 |
GET
301
http://www.ohrana-truda-truda-rf.online/ge83/?pPX=2nm9SBzFpAsGMwKaX6GJHPtsi8QD7hmQKbLOqqduPt9dPD3Sph+kutYOcJDygkW/3BYE0dDT&1bj=jlNDpj_pi
REQUEST
RESPONSE
BODY
GET /ge83/?pPX=2nm9SBzFpAsGMwKaX6GJHPtsi8QD7hmQKbLOqqduPt9dPD3Sph+kutYOcJDygkW/3BYE0dDT&1bj=jlNDpj_pi HTTP/1.1
Host: www.ohrana-truda-truda-rf.online
Connection: close
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jun 2023 22:44:20 GMT
Transfer-Encoding: chunked
Connection: close
Cache-Control: max-age=3600
Expires: Wed, 28 Jun 2023 23:44:20 GMT
Location: https://www.ohrana-truda-truda-rf.online/ge83/?pPX=2nm9SBzFpAsGMwKaX6GJHPtsi8QD7hmQKbLOqqduPt9dPD3Sph+kutYOcJDygkW/3BYE0dDT&1bj=jlNDpj_pi
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79rC5V%2FkUiHFMphCqQpugieNYNmXP4mKIOfWR9NuZPVpNUmxD08y3m%2By9jlllEk1bvx2IlXhCuiXEZTjoqq%2FV%2FsD0PQcfIidYtd6zPbG9TTz%2BcwHOO%2BtAcsjs%2FaZ1bUXbU%2FdXdolzpvhBYTUGAU8qkrYPw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7de9742ada2c8cfa-KIX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49165 -> 172.67.144.112:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 172.67.144.112:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.103:49165 -> 172.67.144.112:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts