NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
104.21.30.11	Active	Moloch
107.163.207.203	Active	Moloch
164.124.101.2	Active	Moloch
184.168.131.241	Active	Moloch
199.59.242.153	Active	Moloch
216.239.38.21	Active	Moloch
72.1.32.168	Active	Moloch

Name	Response	Post-Analysis Lookup
www.mylove4tees.com	A 184.168.131.241 CNAME mylove4tees.com	184.168.131.241
www.sharperimege.com	A 107.163.207.203	107.163.207.203
www.myuspace.com
www.grandfinishremodeling.com	A 216.239.34.21 A 216.239.36.21 A 216.239.38.21 A 216.239.32.21	216.239.32.21
www.income-academy.net	A 104.21.30.11 A 172.67.150.47	104.21.30.11
www.golloctror.com	A 199.59.242.153 CNAME 70716.BODIS.com	199.59.242.153
www.barrieratxfence.info	A 34.224.160.149 A 72.1.32.168	72.1.32.168

TCP Requests

UDP Requests

POST 0 http://www.income-academy.net/aqu2/

GET 301 http://www.income-academy.net/aqu2/?9r4P2=yTaVLqrhN05vYiJqrghKhV1kwkPK3wCJaLMYrf/MNipjQST+eEaDoRfCXS8xMdNgXSn1AdLb&EjU4Sz=gdMTVRIPlB

POST 0 http://www.golloctror.com/aqu2/

GET 200 http://www.golloctror.com/aqu2/?9r4P2=4uR/nYjgwVtYQYbEgqLfVeOvQ0g/0VggqoBfHm1YELVh/dVGB1YhVcaz8p3nfDlAqMtpxI2v&EjU4Sz=gdMTVRIPlB

POST 200 http://www.sharperimege.com/aqu2/

GET 200 http://www.sharperimege.com/aqu2/?9r4P2=kVL+er5siNlB7pe1dLZS/sGAoq3svs4UfEDtCPtiHJKEfyVztMafNvCw4QsKRCCzR1PEWQeU&EjU4Sz=gdMTVRIPlB

POST 200 http://www.barrieratxfence.info/aqu2/

GET 200 http://www.barrieratxfence.info/aqu2/?9r4P2=lXd4zSUgCC+Gjsky/2vKTrlJaFfVYkpLux/MwnR2z2M4YDrYm4lj055+c6MS0ib3/EWLUfQU&EjU4Sz=gdMTVRIPlB

POST 0 http://www.grandfinishremodeling.com/aqu2/

GET 0 http://www.grandfinishremodeling.com/aqu2/?9r4P2=NRZUopoDI9LJwLB83JD0yzozs/oGQMk+mwWEPr2pPkzgK4yBOGRtKPbgK/BnV+66QBsVMhyW&EjU4Sz=gdMTVRIPlB

POST 0 http://www.mylove4tees.com/aqu2/

GET 301 http://www.mylove4tees.com/aqu2/?9r4P2=9ws66imtgg3T3b9kOnthfi50Nu6P9IVW/TE+7j+Pbvzlz2d9z3p7URmmP+8NozKSwRBm4C3L&EjU4Sz=gdMTVRIPlB

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49207 -> 104.21.30.11:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 104.21.30.11:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 104.21.30.11:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 199.59.242.153:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 199.59.242.153:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 199.59.242.153:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 216.239.38.21:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 216.239.38.21:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 216.239.38.21:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 107.163.207.203:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 107.163.207.203:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 107.163.207.203:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 184.168.131.241:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 184.168.131.241:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 184.168.131.241:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 72.1.32.168:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 72.1.32.168:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 72.1.32.168:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts