NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.99.131.252	Active	Moloch
34.102.136.180	Active	Moloch
81.169.145.92	Active	Moloch
91.195.240.94	Active	Moloch

Name	Response	Post-Analysis Lookup
www.hanlansmojitovillage.net	CNAME hanlansmojitovillage.net A 34.102.136.180	34.102.136.180
www.denme.net	A 91.195.240.94	91.195.240.94
www.youcanaskmeto.review		99.83.154.118
www.renatradingbv.com	A 81.169.145.92 CNAME renatradingbv.com	81.169.145.92
www.americanstonesusa.com	CNAME americanstonesusa.com A 192.99.131.252	192.99.131.252

TCP Requests

UDP Requests

POST 405 http://www.hanlansmojitovillage.net/nthe/

GET 403 http://www.hanlansmojitovillage.net/nthe/?9rq=54OfAHeNbwRIeCfiK96ZbDhctG36f6+/FiUzkHshmPfrtcl9VWH+3r9WBXmbjhC4FqUNXJfm&OtxhCR=wZR8DbS8cnCHrX

POST 301 http://www.americanstonesusa.com/nthe/

GET 301 http://www.americanstonesusa.com/nthe/?9rq=TiWkgH4T5Cm5Jtj7mtcRQySnot/hSP0U84YZk1QGO5z/hARin1ng6opCrYPb3jK2RkhLtCY1&OtxhCR=wZR8DbS8cnCHrX

GET 301 http://www.denme.net/nthe/?9rq=uFP+K1eRqtahOHqCLa01gYXXRVAJ4EEw5MzhZglrAvjJJOPoqHEm/zZwt34iZ5MGEHDchxnH&OtxhCR=wZR8DbS8cnCHrX

POST 404 http://www.renatradingbv.com/nthe/

GET 404 http://www.renatradingbv.com/nthe/?9rq=KsaFJiGgjonHpO4ehIk3tgTIaP0b2cy5xyNJFw2jBqxV5zHIUO5SdTSTzfRxsFXba+9mBw8e&OtxhCR=wZR8DbS8cnCHrX

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 91.195.240.94:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 91.195.240.94:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 91.195.240.94:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 192.99.131.252:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 192.99.131.252:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 192.99.131.252:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 81.169.145.92:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 81.169.145.92:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 81.169.145.92:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts