NetWork | ZeroBOX

Network Analysis

IP Address Status Action
104.21.69.166 Active Moloch
163.197.224.28 Active Moloch
164.124.101.2 Active Moloch
185.53.179.174 Active Moloch
199.15.163.128 Active Moloch
GET 404 http://www.coffeeforyou56.com/wh23/?u6Ad=+Z/9GnRooy4uMI/2ytyzBxmfIRzkEihmLnUbG9gon5BvVZqaawbrlsvFopSkMy8/ynATbtGm&9rQl7P=xPJtLXbP
REQUEST
RESPONSE
GET 0 http://www.lesyeuxdanslespoches.com/wh23/?u6Ad=2UBdbPyJ3BJ1PizOWtFy1nFuYMz29j0z90R/CygIgf7oXdu1OYqDC0mFcr3+ZljEfmCRWGcD&9rQl7P=xPJtLXbP
REQUEST
RESPONSE
GET 403 http://www.floridaindianrivergeoves.com/wh23/?u6Ad=HQs9sY6MfmjvG4BCT+S8X4weKQ3jHGmqz4mij5NJ3M2nb+7m/H8tNbVgpdoIwpufVMaXPBq3&9rQl7P=xPJtLXbP
REQUEST
RESPONSE
GET 404 http://www.suratdimond.com/wh23/?u6Ad=jUJ7bRHoxkHA5rahzGpJGSe+g9rlOc6E7RlDBgSrRJk0jchNThhp3wI7m3+F7bQyA0QFLd33&9rQl7P=xPJtLXbP
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49166 -> 104.21.69.166:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.69.166:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.69.166:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts