NetWork | ZeroBOX

Network Analysis

IP Address Status Action
13.248.148.254 Active Moloch
164.124.101.2 Active Moloch
66.96.162.150 Active Moloch
GET 403 http://www.batcavela.com/ge06/?kHQD=Q330Nlrdd7wjbNOXaSC7JMUzln/+sA0fy8mpHysJLBlsNI2WRIrp3yqbQPXqvCDIbk6bxFbG&D81h=O2MHdPrXY
REQUEST
RESPONSE
GET 404 http://www.waveoflife.pro/ge06/?kHQD=MT2lmuLr4xW4Y36Na+kfxB+SBx3z6weHsbIXVLyeZmOnioiBuNRbSrEPi8rGHADI09fpEf4R&D81h=O2MHdPrXY
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49167 -> 66.96.162.150:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 13.248.148.254:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts