NetWork | ZeroBOX

Network Analysis

IP Address Status Action
108.170.14.102 Active Moloch
119.81.108.180 Active Moloch
164.124.101.2 Active Moloch
172.67.213.229 Active Moloch
194.9.94.86 Active Moloch
23.225.32.156 Active Moloch
34.102.136.180 Active Moloch
45.39.212.162 Active Moloch
POST 0 http://www.restaurant-utopia.xyz/ef6c/
REQUEST
RESPONSE
GET 301 http://www.restaurant-utopia.xyz/ef6c/?q48=QQd8BU9Fy5B/Jf1+m4pKDxcRFm34j4nz3hSoRKYyqec7FRTFu3B5N5pbbojH/ir2XBTcopEK&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 301 http://www.44mpt.xyz/ef6c/
REQUEST
RESPONSE
GET 301 http://www.44mpt.xyz/ef6c/?q48=jKy9H8VqZwiUle4gjb+CLEX9fpBCwuv2o754Pr7fJKTzkjLdsKrrwvS2m3F+8CxbXLoYiDn1&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 0 http://www.gaminghallarna.net/ef6c/
REQUEST
RESPONSE
GET 200 http://www.gaminghallarna.net/ef6c/?q48=klh7vGPfywtzHDqBe0mXtw9R4RUvLJCc3Nh/2lv7lW0muO/R44RuNcsYgcRk+/HbCIQeLGan&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 0 http://www.ahljsm.com/ef6c/
REQUEST
RESPONSE
GET 200 http://www.ahljsm.com/ef6c/?q48=IVc4rtgM9gra+fG0jQBU9em9uNea1MXNkTy/UnYOuL+WBS8ayE+K1GAK8aa2SvCjoWspa1ZS&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 405 http://www.conversationspit.com/ef6c/
REQUEST
RESPONSE
GET 403 http://www.conversationspit.com/ef6c/?q48=2B3AR6Tylpqs5Gri0FIlqBRxWQiEdo1VgukX0Re3vdIAR+O8ytnn3lUzDvQXM3H/f6RyrHJq&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 405 http://www.planetgreennetwork.com/ef6c/
REQUEST
RESPONSE
GET 403 http://www.planetgreennetwork.com/ef6c/?q48=viiOdeoYufNRN60WkpfLEAw1fJ1OatCxqWV4tuVbpGnby6TfOu9tKnuCwWlJt5WAZl2p+p2R&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 404 http://www.publicationsplace.com/ef6c/
REQUEST
RESPONSE
GET 404 http://www.publicationsplace.com/ef6c/?q48=69obzrOqqjyeWfIWJOBGpgM4gb/C38tuSyxXcmdwhPVCiSErrrcVtImRdCopiSdNHcaNy3Iv&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE
POST 0 http://www.pamperotrabajo.com/ef6c/
REQUEST
RESPONSE
GET 0 http://www.pamperotrabajo.com/ef6c/?q48=KDbDnDLzsuDPs88N0LpNmm61A6mSDcCmQh7h1rTXqzI0ioxvfa7TYmVWl9MBuezo9XnNQKeB&rTFDr=GB1hulOhXlAhMp
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49207 -> 23.225.32.156:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 23.225.32.156:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 23.225.32.156:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 23.225.32.156:80 2031088 ET HUNTING Request to .XYZ Domain with Minimal Headers Potentially Bad Traffic
TCP 192.168.56.101:49219 -> 119.81.108.180:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 119.81.108.180:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 119.81.108.180:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 194.9.94.86:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 194.9.94.86:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 194.9.94.86:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 45.39.212.162:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 45.39.212.162:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 45.39.212.162:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 172.67.213.229:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 172.67.213.229:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 172.67.213.229:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 172.67.213.229:80 2031088 ET HUNTING Request to .XYZ Domain with Minimal Headers Potentially Bad Traffic
TCP 192.168.56.101:49217 -> 108.170.14.102:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 108.170.14.102:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 108.170.14.102:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 34.102.136.180:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 34.102.136.180:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 34.102.136.180:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts