NetWork | ZeroBOX

Network Analysis

IP Address Status Action
104.21.32.135 Active Moloch
164.124.101.2 Active Moloch
172.67.154.55 Active Moloch
34.149.87.45 Active Moloch
91.195.240.19 Active Moloch
GET 429 http://www.salvanandcie.com/tb8i/?-ZeTi6B=UMOMUPRltOuIOavlOV9TAbzOI3NyPSxU0IiF98vYZIoJYysmNQovnALCNihIDsZ76SkBnDz1&2d=lnxh
REQUEST
RESPONSE
GET 200 http://www.free-indeed.faith/tb8i/?-ZeTi6B=mjsfGumS0MCj+go/ckdO0h+daXKQjTCMjol4fCy+GQ9z9EIRohWOFaX9TAL/50qANRa4gnnD&2d=lnxh
REQUEST
RESPONSE
GET 301 http://www.texwwfrx.com/tb8i/?-ZeTi6B=zluqp2Qif7Juk0jSJTDTdhTVgLgB+eVfrKJdSE4Bz8PdBwx7LJWv3E/FDzXvfZ8eIpu6oPdn&2d=lnxh
REQUEST
RESPONSE
GET 301 http://www.tron-pk.xyz/tb8i/?-ZeTi6B=5rJxyOnP1GB0ESD4ttWy9/4jFy42toRxagw3E+bnB/pmFdmTHJRzMwLMKKbb+ploXs+4W+sP&2d=lnxh
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49171 -> 104.21.32.135:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 104.21.32.135:80 2031088 ET HUNTING Request to .XYZ Domain with Minimal Headers Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 34.149.87.45:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 172.67.154.55:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 91.195.240.19:80 2031412 ET MALWARE FormBook CnC Checkin (GET) Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts