popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 10 DNS 10 TCP 18 UDP 13 HTTP 18 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
15.197.148.33 Active Moloch
154.23.184.194 Active Moloch
154.23.184.240 Active Moloch
164.124.101.2 Active Moloch
172.81.61.224 Active Moloch
185.68.16.50 Active Moloch
206.119.82.172 Active Moloch
44.213.25.70 Active Moloch
45.33.6.223 Active Moloch
51.195.62.41 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:53850 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.101:49181 -> 206.119.82.172:80 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic
UDP 192.168.56.101:61950 -> 164.124.101.2:53 2027870 ET INFO Observed DNS Query to .world TLD Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 154.23.184.240:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
TCP 192.168.56.101:49188 -> 154.23.184.240:80 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic
TCP 192.168.56.101:49170 -> 185.68.16.50:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
TCP 192.168.56.101:49183 -> 15.197.148.33:80 2027879 ET INFO HTTP Request to Suspicious *.world Domain Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 154.23.184.194:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 172.81.61.224:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 206.119.82.172:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
UDP 192.168.56.101:52797 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.101:49184 -> 15.197.148.33:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 15.197.148.33:80 2027879 ET INFO HTTP Request to Suspicious *.world Domain Potentially Bad Traffic
TCP 192.168.56.101:49185 -> 51.195.62.41:80 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 51.195.62.41:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected
TCP 192.168.56.101:49190 -> 44.213.25.70:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts