popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 5 DNS 4 TCP 4 UDP 11 HTTP(S) 3 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
101.32.68.183 Active Moloch
15.197.148.33 Active Moloch
164.124.101.2 Active Moloch
23.227.38.74 Active Moloch
93.89.226.17 Active Moloch
GET 404 http://www.ssongg13026.cfd/t6tg/?jDKP8=Nmqux/666XlLtJ3WEKzUk3EHj+ftlkJxJixPq7eQ/k8b2WLLehoT1axEI2nKmBLwOwlBSnRz&8p0=IbtHbJ
REQUEST
RESPONSE
BODY 

            

        


    



        
            

    
        GET
        
        403
        http://www.zeropointenergyhvac.com/t6tg/?jDKP8=vAEcViLLfRnXrvGHJGOy3S0oM5KgJr+WLGiVWET49+NKpGPyCcxnbWSVNLBpcRBJoM/m8+js&8p0=IbtHbJ
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        403
        http://www.domumix.com/t6tg/?jDKP8=NCr4hxvH2ezd5PnFQvFe4UNVT4u8oc6t8Rf/c3KW26/rudMQ46jCsaNfWBhm2pOWUClrv1g3&8p0=IbtHbJ
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.103:49169 ->
                101.32.68.183:80
            
            2031412
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49170 ->
                15.197.148.33:80
            
            2031412
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49171 ->
                23.227.38.74:80
            
            2031412
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.103:49168 ->
                93.89.226.17:80
            
            2031412
            ET MALWARE FormBook CnC Checkin (GET)
            Malware Command and Control Activity Detected
        

        
    




Suricata TLS


    
No Suricata TLS




                            
Snort Alerts


    
No Snort Alerts