NetWork | ZeroBOX

Network Analysis

IP Address Status Action
156.251.17.224 Active Moloch
164.124.101.2 Active Moloch
45.33.6.223 Active Moloch
POST 404 http://www.duwixushx.xyz/bmve/
REQUEST
RESPONSE
GET 404 http://www.duwixushx.xyz/bmve/?zER=Rsosln+CouPFD70u1OPXKbJXElFmgu5R0Qz9VzezY2yTYUIF1+nb21DIy1pFOudDIiHjy9JJbERJh7u1Q7B4QPYwE9D6Fj3j1eiWNaQYDUG6o+zT283k7NP57saUsP2d80o7rJ4=&cAItz=FLvgQyU9b0YI
REQUEST
RESPONSE
GET 200 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49175 -> 156.251.17.224:80 2050745 ET MALWARE FormBook CnC Checkin (GET) M5 Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts