NetWork | ZeroBOX

Network Analysis

IP Address Status Action
164.124.101.2 Active Moloch
198.49.23.144 Active Moloch
217.70.184.50 Active Moloch
50.116.93.86 Active Moloch
54.89.140.129 Active Moloch
GET 301 http://www.draanabellrojas.com/bn26/?w0G=ESz42sT8rW+LnCOJPKI1BJmLgCAvIFLMdXoy7GKn7503Ilkw0GN90OeerSesb3Sbb4UaqWko&tFQh=YP7HHZXh
REQUEST
RESPONSE
GET 400 http://www.carolinacastro.uk/bn26/?w0G=hJDTMYE2GEFk2vLkfbgsg1PPurnvpoPYEW+56x2KxKDBxbbX/o7VJ0uzxLcMBINsrcDMERzF&tFQh=YP7HHZXh
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49169 -> 198.49.23.144:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 198.49.23.144:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 198.49.23.144:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 50.116.93.86:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 50.116.93.86:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 50.116.93.86:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 217.70.184.50:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 217.70.184.50:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 217.70.184.50:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts