NetWork | ZeroBOX

Network Analysis

IP Address Status Action
109.106.251.102 Active Moloch
120.48.139.92 Active Moloch
154.55.172.139 Active Moloch
164.124.101.2 Active Moloch
217.26.48.101 Active Moloch
34.149.198.43 Active Moloch
38.239.160.233 Active Moloch
43.154.196.178 Active Moloch
45.33.6.223 Active Moloch
89.31.143.1 Active Moloch
91.106.207.17 Active Moloch

POST 405 http://www.solarwachstum.com/6huu/
REQUEST
RESPONSE
GET 200 http://www.solarwachstum.com/6huu/?YAqknid=w02mQAblJWbyIo6ozgnxrIUPRxqR4gn//aKR4b4C2qQSYqcw3Vi29oLFIvtOIeXnZF+XC4+RsLS3HuGm7zRt9dlAuIsc4gbzWXQ9ldM=&u1E6=Oxybn
REQUEST
RESPONSE
GET 200 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
REQUEST
RESPONSE
POST 405 http://www.kp69f.top/6huu/
REQUEST
RESPONSE
POST 405 http://www.kp69f.top/6huu/
REQUEST
RESPONSE
GET 200 http://www.kp69f.top/6huu/?YAqknid=c/0CEmjcp1qhbjrBdr7qFpTEdTMNmdGL+2G3nk26J8C5sXkvdYxGabdoDx2ERzE1q79WMkYCDIvd6DDSGqF5RzVKrD1kqEcaGqxbLU4=&u1E6=Oxybn
REQUEST
RESPONSE
POST 0 http://www.14zhibo.work/6huu/
REQUEST
RESPONSE
POST 404 http://www.14zhibo.work/6huu/
REQUEST
RESPONSE
GET 404 http://www.14zhibo.work/6huu/?YAqknid=DY82kxx300f8Ik70WvLdREOGU4sx5WmLPZ3/q1TGOtAA9/Gzsd9nceuxwkKKmb1RPsemirf5O/kWho3f6FGpO5KONInBcJ6F+ssJurA=&u1E6=Oxybn
REQUEST
RESPONSE
POST 404 http://www.tarolstroy.store/6huu/
REQUEST
RESPONSE
POST 404 http://www.tarolstroy.store/6huu/
REQUEST
RESPONSE
GET 404 http://www.tarolstroy.store/6huu/?YAqknid=En7LCrBqRDvhnDHpczrHWaIedYbeAgZr6OxVyCrdWihd6XEAizhpO0j/kkT3E0Ail4lmu+00ROJTwCbrXgrUq/0FdQ7yD2DHgTmcEH4=&u1E6=Oxybn
REQUEST
RESPONSE
POST 0 http://www.lancele.com/6huu/
REQUEST
RESPONSE
POST 0 http://www.lancele.com/6huu/
REQUEST
RESPONSE
GET 404 http://www.lancele.com/6huu/?YAqknid=lkPChsOgbmG6IllhHTLtf7ULj1acQ37do+96zoOFU1wEZ7Q3pDLdySJi8tX/LksgKKJ2zleSV8oD4OY5SI7MA2q2BuCSDDIq7z8yKSo=&u1E6=Oxybn
REQUEST
RESPONSE
POST 200 http://www.qfx88.com/6huu/
REQUEST
RESPONSE
POST 200 http://www.qfx88.com/6huu/
REQUEST
RESPONSE
GET 200 http://www.qfx88.com/6huu/?YAqknid=ai4Hj7VNL/eal8v50vngd1esaVL80O28AVhmObBuZqCvkNevFGLtvLG4llGxYwRMqic01nY12J0ERo7jbuO1GzAlXIwPB2kWrkts/2A=&u1E6=Oxybn
REQUEST
RESPONSE
POST 404 http://www.0096061.com/6huu/
REQUEST
RESPONSE
POST 404 http://www.0096061.com/6huu/
REQUEST
RESPONSE
GET 404 http://www.0096061.com/6huu/?YAqknid=cmX/07TqI3ZVBqSk8R867+hdp8bVOoL06AzKIpvdRFeyAj6hvaaJUHhkQ/toAIcVWWdRQEgjpGpGrDxsMG4sQneWN+dP3qrEhepv/3Q=&u1E6=Oxybn
REQUEST
RESPONSE
POST 404 http://www.terrenoscampestres.com/6huu/
REQUEST
RESPONSE
POST 404 http://www.terrenoscampestres.com/6huu/
REQUEST
RESPONSE
GET 301 http://www.terrenoscampestres.com/6huu/?YAqknid=vPEZFS80w83TR1ISai5AEG4cZjK/Z0sPVYJxvP0qkrafDKWjEP7E989Tf/65iA6Wv6B2G+FeAz/F94bTMl2+G2T5U6uSTMLdr8gHGso=&u1E6=Oxybn
REQUEST
RESPONSE
POST 404 http://www.ticimmo.com/6huu/
REQUEST
RESPONSE
POST 404 http://www.ticimmo.com/6huu/
REQUEST
RESPONSE
GET 0 http://www.ticimmo.com/6huu/?YAqknid=TigSyFlwP0RNpBbhC/rdMwC8b/Qg/Ivp2etxz330Y/wAN2mEJT4yMf4cHTRgrqo8FsDkyKZ/RDxnb9SkkKZ8CLMuGFsv81COs/EjZGo=&u1E6=Oxybn
REQUEST
RESPONSE

ICMP traffic

Source Destination ICMP Type Data
192.168.56.103 164.124.101.2 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 34.149.198.43:80 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 43.154.196.178:80 2027877 ET INFO HTTP Request to Suspicious *.work Domain Potentially Bad Traffic
TCP 192.168.56.103:49173 -> 43.154.196.178:80 2027877 ET INFO HTTP Request to Suspicious *.work Domain Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 43.154.196.178:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 34.149.198.43:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 43.154.196.178:80 2027877 ET INFO HTTP Request to Suspicious *.work Domain Potentially Bad Traffic
TCP 192.168.56.103:49176 -> 91.106.207.17:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 43.154.196.178:80 2027877 ET INFO HTTP Request to Suspicious *.work Domain Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 154.55.172.139:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2027868 ET INFO Observed DNS Query to .work TLD Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 217.26.48.101:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49187 -> 154.55.172.139:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49187 -> 154.55.172.139:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49187 -> 154.55.172.139:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 91.106.207.17:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 91.106.207.17:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 91.106.207.17:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 38.239.160.233:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 38.239.160.233:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49182 -> 120.48.139.92:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 38.239.160.233:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 43.154.196.178:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 43.154.196.178:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 43.154.196.178:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 43.154.196.178:80 2027877 ET INFO HTTP Request to Suspicious *.work Domain Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 109.106.251.102:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49193 -> 217.26.48.101:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49193 -> 217.26.48.101:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49193 -> 217.26.48.101:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 89.31.143.1:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 89.31.143.1:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 89.31.143.1:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 38.239.160.233:80 2031413 ET MALWARE FormBook CnC Checkin (POST) M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.149.198.43:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.149.198.43:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.149.198.43:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.149.198.43:80 2031089 ET HUNTING Request to .TOP Domain with Minimal Headers Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 109.106.251.102:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49190 -> 109.106.251.102:80 2031449 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49190 -> 109.106.251.102:80 2031453 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts