NetWork | ZeroBOX

Network Analysis

IP Address Status Action
164.124.101.2 Active Moloch
23.227.38.74 Active Moloch
34.102.136.180 Active Moloch
47.251.52.228 Active Moloch
46.30.213.155 Active Moloch
GET 403 http://www.cuisineconfort.com/pr29/?Sh=S0SwMb/6oZgQzwAmRA9qWrUSbSeRu71rATdJ/boUNw8KzXM8MwG+oUPoGiXkDp9gToBx8Zsu&RX=dnHxRbdHWnS4fP5
REQUEST
RESPONSE
GET 301 http://www.ebndeoo.store/pr29/?Sh=T2TbN0Zq62ho9rLNZMUBepa4dSHomHzO9AtC/XYSeFvuxA7nQTBQ8gktsXrl5MMEMi+Syat/&RX=dnHxRbdHWnS4fP5
REQUEST
RESPONSE
GET 403 http://www.eventequipmentexpress.com/pr29/?Sh=fp/AfiVnqCIH8M1YKHlz0gaU8dW5ScGccE7V/FPeYIQ0AeAEOBMSxwD4Ou/6lh0DqUgisOqN&RX=dnHxRbdHWnS4fP5
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49169 -> 34.102.136.180:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 34.102.136.180:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 34.102.136.180:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 23.227.38.74:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 23.227.38.74:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 23.227.38.74:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 47.251.52.228:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 47.251.52.228:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 47.251.52.228:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts