NetWork | ZeroBOX

Network Analysis

IP Address Status Action
104.21.12.135 Active Moloch
160.122.148.221 Active Moloch
164.124.101.2 Active Moloch
34.102.136.180 Active Moloch
34.75.52.202 Active Moloch
52.58.78.16 Active Moloch
81.17.18.197 Active Moloch
87.236.16.223 Active Moloch
POST 410 http://www.rafbar.com/u8nw/
REQUEST
RESPONSE
GET 410 http://www.rafbar.com/u8nw/?ArR=GTZNlL4srifKV7o+w2siTAOBcwC+lUBY5oxqGvkubCu3nseBJgD5e0+L6/JLHdvG2vg5MIvg&I6A=4hLpNJ
REQUEST
RESPONSE
POST 301 http://www.ultimatepoolwater.com/u8nw/
REQUEST
RESPONSE
GET 301 http://www.ultimatepoolwater.com/u8nw/?ArR=5pV3Y3LQlTAHcxwnvg+J5bdrE68HsxNUtav1EpPN7ScspS4D4Pk/4j83n4j7zgJV+i3d5aNd&I6A=4hLpNJ
REQUEST
RESPONSE
POST 0 http://www.customessayjojo.com/u8nw/
REQUEST
RESPONSE
GET 301 http://www.customessayjojo.com/u8nw/?ArR=VD0G0CGdCcqSJGj9F5ozBooVoq7ayOcemun/I6O/ytbQ1s6HP9Wd06MBA5a//0vZR3htC47K&I6A=4hLpNJ
REQUEST
RESPONSE
POST 0 http://www.lifehakershagirl.online/u8nw/
REQUEST
RESPONSE
GET 404 http://www.lifehakershagirl.online/u8nw/?ArR=EXiYcxo4bbCmOiu8jraNZMcl9Xa41Px+Bk+bYaDVKnF62kAJD39G59r42R29jKW5593tei3D&I6A=4hLpNJ
REQUEST
RESPONSE
POST 405 http://www.bloodtypealpha.com/u8nw/
REQUEST
RESPONSE
GET 403 http://www.bloodtypealpha.com/u8nw/?ArR=yoc8xqwT44MyZdAyBAA1pFVBjk8JhV1KxJr6rO/M4XaWItqc4FsSwgggqnIeqmBydcMzsW89&I6A=4hLpNJ
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49212 -> 104.21.12.135:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 104.21.12.135:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 104.21.12.135:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 87.236.16.223:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.102.136.180:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 87.236.16.223:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.102.136.180:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 87.236.16.223:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.102.136.180:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 52.58.78.16:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 52.58.78.16:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 52.58.78.16:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.75.52.202:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.75.52.202:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.75.52.202:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts