NetWork | ZeroBOX

Network Analysis

IP Address Status Action
146.75.50.236 Active Moloch
15.197.148.33 Active Moloch
156.241.138.74 Active Moloch
164.124.101.2 Active Moloch
198.49.23.145 Active Moloch
GET 400 http://www.trailblazerbaby.com/ge06/?cxlL6=Vn36JpzNTKaSb0MTbSztLcrwH0nGOIWlPxp5C0tdRb7z35/kOAEpp28Rs4alwfkjtZwLX/a3&Tj=YBZ0
REQUEST
RESPONSE
GET 301 http://www.seoulbeautytw.com/ge06/?cxlL6=Qc2b7R052BxaaIixZxZchyIrCtI6dOvdNg5lwCRd5bjXdsmVEtEF/rdDBYlFLrvTnx09Yrft&Tj=YBZ0
REQUEST
RESPONSE
GET 200 http://www.bowllywood.com/ge06/?cxlL6=uEJyp/LCRcqeyVkDqWXotAOO7ojlhdOeJwNXEXO62CdMmnp4nkE9E2jcl8Y9Q/hLDx6OjvQc&Tj=YBZ0
REQUEST
RESPONSE
GET 403 http://www.oneresi.com/ge06/?cxlL6=TxZz26qHBFBWLipdaFP8DXj847gFVWoG3E2dnld5pyULLNin+5TsGSuzug1CwjEl4T2LS/ZH&Tj=YBZ0
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49168 -> 156.241.138.74:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 198.49.23.145:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 15.197.148.33:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 146.75.50.236:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts