NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
161.97.100.26	Active	Moloch
164.124.101.2	Active	Moloch
2.57.90.16	Active	Moloch
52.58.78.16	Active	Moloch

Name	Response	Post-Analysis Lookup
www.sierp.com	A 52.58.78.16	52.58.78.16
www.orders-cialis.info	A 161.97.100.26	161.97.100.26
www.alphamillls.com	CNAME alphamillls.com A 2.57.90.16	2.57.90.16

TCP Requests

UDP Requests

GET 410 http://www.sierp.com/mxwf/?D8k8=Ao4ZudGNGCCq/bz1F1jp8r1nNp3jUASgPiEiflfcY9lwBGukS/0V2qMMjZrQt7h4MdjTjHfn&uTxXA=Apm8lx

GET 404 http://www.alphamillls.com/mxwf/?D8k8=8vU0MhDguONSVZAFdaETy8wVZ8V0psLBFo6hXJA6TygAJBDGiYZVt84widBx7fwwbqBQDNAu&uTxXA=Apm8lx

GET 200 http://www.orders-cialis.info/mxwf/?D8k8=5ldtLAd4WjWQpBn2D9at1Sp5llf8TUCQYgmbUZbfSF6mwcPpZP54RYPSSKh/3i002J3HIC53&uTxXA=Apm8lx

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49206 -> 161.97.100.26:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 161.97.100.26:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 161.97.100.26:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 52.58.78.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 52.58.78.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 52.58.78.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts