NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
107.161.23.204	Active	Moloch
164.124.101.2	Active	Moloch
185.4.31.82	Active	Moloch
192.0.78.24	Active	Moloch
209.17.116.163	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.talkingpoint.tours	A 192.0.78.25 A 192.0.78.24 CNAME talkingpoint.tours	192.0.78.24
www.mezonpezon.com	CNAME mezonpezon.com A 185.4.31.82	185.4.31.82
www.royaltortoisecookieco.online	A 209.17.116.163	209.17.116.163
www.gzwqpsyj.com	A 107.161.23.204 A 198.251.84.92 A 70.39.125.244 A 45.58.190.82 A 188.164.131.200 A 64.32.22.102 A 198.251.81.30 A 204.188.203.155 A 209.141.38.71 A 192.161.187.200 CNAME parking.namesilo.com A 168.235.88.209	209.141.38.71
www.cupecoysuites.com	A 34.102.136.180 CNAME cupecoysuites.com	34.102.136.180
www.penhal.com
www.xn--2kr800ab2z.group

TCP Requests

UDP Requests

POST 0 http://www.mezonpezon.com/arup/

GET 301 http://www.mezonpezon.com/arup/?o2=UNxFnBumKBpgK3E6newINllmoiRNFeGsN9mFY9q/k3SwkriE4cKly4sUG2g85kP3rxM+0vbe&wR=BDKh2baXl4PtG

POST 301 http://www.talkingpoint.tours/arup/

GET 301 http://www.talkingpoint.tours/arup/?o2=2Bor36X4yMIxjbsNw9nIp5JqVEJ42O++igCdDW+bLrYPiTD/F7oXSRDD+M1zQEcm+TanyebS&wR=BDKh2baXl4PtG

POST 0 http://www.royaltortoisecookieco.online/arup/

GET 400 http://www.royaltortoisecookieco.online/arup/?o2=xicXbxHz/T/GJ6xhDm1KxNKS1jpnVDDPGy0hKxh11bForUynj74u7eHQ98aodg6MscVdd2su&wR=BDKh2baXl4PtG

POST 405 http://www.cupecoysuites.com/arup/

GET 403 http://www.cupecoysuites.com/arup/?o2=RwnhE8KYKqsc5MSZ6w7FRLZ4FQLQ/7KQra0CoHItoXR0D3A2SypYSixvdgQRpZ3QFM6Mzxlq&wR=BDKh2baXl4PtG

POST 403 http://www.gzwqpsyj.com/arup/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 185.4.31.82:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 185.4.31.82:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 185.4.31.82:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 192.0.78.24:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 192.0.78.24:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 192.0.78.24:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 209.17.116.163:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 209.17.116.163:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 209.17.116.163:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts