NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
103.139.0.32	Active	Moloch
164.124.101.2	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.salesnksportswt.top	A 103.139.0.32	103.139.0.32
www.sacredkashilifestudio.net	CNAME sacredkashilifestudio.net A 34.102.136.180	34.102.136.180

UDP Requests

GET 404 http://www.salesnksportswt.top/mxwf/?N2=uYJBTZe+wem0QBywdcFTHeog83TcyiNB0ETXWcjybDUOyRLANZFAapORYGJvd4e0N3a9PRyB&2d=YnaxWrPp

GET 403 http://www.sacredkashilifestudio.net/mxwf/?N2=eipsewIB2PU7fLq0V+MVTYpseXSXiNmBphXFeMyyAJ/wgZWHvgK6rmKFdWqq2CZ89/HqMPFu&2d=YnaxWrPp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
UDP 192.168.56.102:52336 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 103.139.0.32:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 103.139.0.32:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 103.139.0.32:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 103.139.0.32:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 103.139.0.32:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts