popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 4 TCP 2 UDP 8 HTTP(S) 1 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
156.234.222.237 Active Moloch
164.124.101.2 Active Moloch
192.151.226.170 Active Moloch
GET 404 http://www.vs368.com/sh30/?ElS=H4tMHU755tPJ5yzd3Ew6DVGstGcr6734abZdejQYMRhvD/07Sx7qYkYpXzn94LNWSvgEvl3U&Qtu=JlzpxZHpbLV
REQUEST
RESPONSE
BODY 

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.103:49165 ->
                156.234.222.237:80
            
            2031412
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                UDP
                192.168.56.103:63183 ->
                164.124.101.2:53
            
            2026888
            ET INFO DNS Query for Suspicious .icu Domain
            Potentially Bad Traffic
        

        
        

            
                TCP
                192.168.56.103:49165 ->
                156.234.222.237:80
            
            2031449
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49165 ->
                156.234.222.237:80
            
            2031453
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49171 ->
                192.151.226.170:80
            
            2031412
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49171 ->
                192.151.226.170:80
            
            2031449
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49171 ->
                192.151.226.170:80
            
            2031453
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
    




Suricata TLS


    
No Suricata TLS




                            
Snort Alerts


    
No Snort Alerts