NetWork | ZeroBOX

Network Analysis

IP Address Status Action
103.146.179.136 Active Moloch
148.66.54.130 Active Moloch
164.124.101.2 Active Moloch
165.140.71.65 Active Moloch
185.104.28.238 Active Moloch
192.187.111.219 Active Moloch
199.192.28.110 Active Moloch
217.160.0.91 Active Moloch
23.228.123.194 Active Moloch
23.27.78.200 Active Moloch
45.33.6.223 Active Moloch
64.190.63.111 Active Moloch
74.220.199.6 Active Moloch
76.223.105.230 Active Moloch
GET 404 http://www.callceylon-infinity.com/hubr/?QCFrH7=QGWktfIAtu18+t6NQORxBTtvzjo+nFqh7PlIya0sAjXty+UNsna0QAVZJMoUGZhtBucAVwHYc/82s4klU8XEeQDHowb765v/cfPxxLM=&RbcWz=XTYFdv
REQUEST
RESPONSE
GET 200 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip
REQUEST
RESPONSE
POST 404 http://www.hbslwhcb.com/hubr/
REQUEST
RESPONSE
GET 404 http://www.hbslwhcb.com/hubr/?QCFrH7=5E10n45PC8vNB5pZtNj2sXLK8uWSY44i7aDcSA40kUAwhBPRaI2LrW2xciaMt4VcY7NLJleQuynhqBK73YwksAZi1WQgViquW1DW70o=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 403 http://www.betting.style/hubr/
REQUEST
RESPONSE
GET 200 http://www.betting.style/hubr/?QCFrH7=Igos4DvGYSTYudzWMt6YfvTMrgMRYd/c9vPdAr65R47dBdgzYQRIJWYhFBMjFdvBBv9IJDMtFMntT2Xn4QfH4WErd6ncw9Si7XBW0k4=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 404 http://www.airductshopdk.com/hubr/
REQUEST
RESPONSE
GET 404 http://www.airductshopdk.com/hubr/?QCFrH7=IY6ZMgtXttJgF5cV0sWllCOUaHDATDBCnZNtq8QNvWCyBBYDnskeOxikfpX38PnG5T3Zxr6jgxyRUZdALpyeaupJP3sUL1Dl98sUeiQ=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 404 http://www.bankmobile.online/hubr/
REQUEST
RESPONSE
GET 404 http://www.bankmobile.online/hubr/?QCFrH7=AqcQf51FHOgh7P9E+wpuxnHpBgBzwI/msQRQ0Dyz8q0S90nTnG8ByyoMHYn461jaf1OBwwUC6quuS4TuPkl+q34PRRmwUjUeIaKK3gY=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 404 http://www.gitmart.top/hubr/
REQUEST
RESPONSE
GET 404 http://www.gitmart.top/hubr/?QCFrH7=8LIoJqXtzQoTeM3tSIRjdvK/wvVoI+eZdkhCTWtrmHUI4YaQHcTCw+vN7fasUs/Q0cHIvjOlVkHozVI89gTByPzeHUA52gVSRwAL/jY=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 200 http://www.celestinshipping.org/hubr/
REQUEST
RESPONSE
GET 200 http://www.celestinshipping.org/hubr/?QCFrH7=Vfw1tXj75Mnbbr9waYgxlQ7QagSBA5wKBGGly+Su2Nf6tIgktwqqKgDHr8woq6O0Z5sp1IK/HWsht85Es+CPzw2fwmYXFsAsraj4FMw=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 404 http://www.mtgu.net/hubr/
REQUEST
RESPONSE
GET 301 http://www.mtgu.net/hubr/?QCFrH7=BYsUt3owDFJM7GVfuQIWnXwMgDGHBsC/I/b9ZUSfYrqeSV4owQnpPIjIy5UP/vTtTt2F54HHRXV+MLyWN1XqqGr/sjv3aXZqNOI2ujY=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 404 http://www.kahinghk.com/hubr/
REQUEST
RESPONSE
GET 404 http://www.kahinghk.com/hubr/?QCFrH7=KA2zyijBF8x3Kgke2P+iKCtl6t6cGVl80Cc65JTye6QbcFhOuDw4y56CfsJy2MXD5dQvnaW1nqx7b9Z6wt4S6QZG6sghwLw0rVDMOz0=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 301 http://www.auto-sparepart.com/hubr/
REQUEST
RESPONSE
GET 301 http://www.auto-sparepart.com/hubr/?QCFrH7=shp9tHQK/I+jiDz9HZEHJbj1KzHSlPA6IKLbVtcuxb+Os6cPDAiYF95XnY/LnjHwM9ayWNJXkgFRKo9FtI2zAKU8dQudTiqe32jNO5U=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 403 http://www.guochaochao.com/hubr/
REQUEST
RESPONSE
GET 403 http://www.guochaochao.com/hubr/?QCFrH7=vfnS7kNQ7lGkZwLtMQL9ZqfKyBscb+bEwFm+1uJubApJ6Q5hDNwLUi92Ea3pDCl5aGqTGhnnOe/pMNEIN7harbO0q3jSNOA5A+i+70k=&RbcWz=XTYFdv
REQUEST
RESPONSE
POST 302 http://www.asonsrestaurantbar.co.uk/hubr/
REQUEST
RESPONSE
GET 200 http://www.asonsrestaurantbar.co.uk/hubr/?QCFrH7=LhIi+kEWCIVSy/fPx6ZU7zxwa0K9qbQ4Avh4ugI75RiAcqy+P9f/TzxibnAgVXMDuzt86sgVXJJMNA/faZ0hFKKpQbAodEvnYLncODA=&RbcWz=XTYFdv
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49178 -> 199.192.28.110:80 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic
UDP 192.168.56.101:54883 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 74.220.199.6:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 74.220.199.6:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 74.220.199.6:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49190 -> 192.187.111.219:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49190 -> 192.187.111.219:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49190 -> 192.187.111.219:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49188 -> 23.27.78.200:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49188 -> 23.27.78.200:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 185.104.28.238:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49188 -> 23.27.78.200:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 148.66.54.130:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 185.104.28.238:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 148.66.54.130:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 185.104.28.238:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 148.66.54.130:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 103.146.179.136:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 103.146.179.136:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 103.146.179.136:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 217.160.0.91:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 217.160.0.91:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 217.160.0.91:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 64.190.63.111:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 199.192.28.110:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 64.190.63.111:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 199.192.28.110:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 64.190.63.111:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 199.192.28.110:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 199.192.28.110:80 2031089 ET HUNTING Request to .TOP Domain with Minimal Headers Potentially Bad Traffic
TCP 192.168.56.101:49174 -> 23.228.123.194:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 23.228.123.194:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49186 -> 76.223.105.230:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 23.228.123.194:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49186 -> 76.223.105.230:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49186 -> 76.223.105.230:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 165.140.71.65:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 165.140.71.65:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 165.140.71.65:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts