NetWork | ZeroBOX

Network Analysis

IP Address Status Action
104.21.6.135 Active Moloch
104.21.61.129 Active Moloch
164.124.101.2 Active Moloch
172.245.214.178 Active Moloch
52.147.15.202 Active Moloch
GET 200 http://172.245.214.178/007/Fetsok.dat
REQUEST
RESPONSE
GET 0 http://www.eoujkbvn.shop/my28/?8pgHjRdp=L4acUB+47lynVF4fjl9p6Di64KDq5P2gzlJCkdZJaqemyNdaz3c4hs19zS7nZyQH6vk86Fkh&r6=X4XDHZU8s
REQUEST
RESPONSE
GET 301 http://www.49astleystreet.com/my28/?8pgHjRdp=+VAUe4t+xmaF92noBAsndN56+z0GlyZ4xiIxgvDciribSLdsxv7/Rp1zqOY349oGooJSGIY2&r6=X4XDHZU8s
REQUEST
RESPONSE
GET 301 http://www.hjd04b.com/my28/?8pgHjRdp=l6PR18TDP4lswArBVO5bAFPootK1SxL5gNddDcv8ESa3Cj6F17LLz9lgx0MVn3j38wYGOJcR&r6=X4XDHZU8s
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49170 -> 52.147.15.202:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 104.21.6.135:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 52.147.15.202:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 104.21.6.135:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 52.147.15.202:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 104.21.6.135:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 104.21.61.129:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 104.21.61.129:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 104.21.61.129:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts