NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
34.237.164.220	Active	Moloch
34.98.99.30	Active	Moloch
45.88.202.115	Active	Moloch

Name	Response	Post-Analysis Lookup
www.infinityormus.com	A 45.88.202.115	45.88.202.115
www.infinitytattoocare.com	CNAME infinitytattoocare.com A 34.98.99.30	34.98.99.30
www.theriversidecountyhomepro.com	CNAME theriversidecountyhomepro.com A 34.237.164.220	34.237.164.220

TCP Requests

UDP Requests

GET 301 http://www.infinityormus.com/crg3/?MnW8=aBccGOwErgPre43QnhpcuVoXFq8GKd87aC0dXa3fYTKxl7Jtk/vDSnCkMctKss6ezBqA0jg4&Klh8=p2JXfHEPw

GET 301 http://www.theriversidecountyhomepro.com/crg3/?MnW8=DlXh8HWi82SzBw0RJ/6VGpFkTUcz0we99XtleYKpWXYF2jgY0Vi1rZXcTXO/6Z9n6hEY3EW/&Klh8=p2JXfHEPw

GET 403 http://www.infinitytattoocare.com/crg3/?MnW8=G0O/V1BSeeiOXGa3ZhZYpwmF06RYoj1Q/SmNcifgaLNZ9w6ENH+p3VVN7Ne96pxQbzbLpXw9&Klh8=p2JXfHEPw

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49206 -> 34.237.164.220:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.237.164.220:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.237.164.220:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 45.88.202.115:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 45.88.202.115:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 45.88.202.115:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts