NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
151.106.124.13	Active	Moloch
164.124.101.2	Active	Moloch
34.102.136.180	Active	Moloch
34.98.99.30	Active	Moloch
54.36.145.173	Active	Moloch
74.220.199.6	Active	Moloch
91.195.240.94	Active	Moloch

Name	Response	Post-Analysis Lookup
www.denme.net	A 91.195.240.94	91.195.240.94
www.requotation.com	A 74.220.199.6	74.220.199.6
www.angelsmoonsexshop.com	A 54.36.145.173	54.36.145.173
www.hanlansmojitovillage.net	CNAME hanlansmojitovillage.net A 34.102.136.180	34.102.136.180
www.allianzbersamamu.com	A 151.106.124.13 CNAME allianzbersamamu.com	151.106.124.13
www.ujulus.club	CNAME ujulus.club A 34.98.99.30	34.98.99.30

TCP Requests

UDP Requests

GET 403 http://www.ujulus.club/nthe/?adsDxBr=xsIXR8n8RkoAU67gRj/Abok+PHWVbYMswx8lPi77hM2Z3YjaRlc0eh7Kt5rhpjwWbx+pmVwE&00D=qBZpwRbXK6sp9jn

GET 301 http://www.angelsmoonsexshop.com/nthe/?adsDxBr=T5s/0fbgdl+MaeIuYdVOHRh9jCSGWhC3hP7gi/tBX2fjRLX1bb3e6M4tG92ag7ym3EbeFXtg&00D=qBZpwRbXK6sp9jn

GET 301 http://www.allianzbersamamu.com/nthe/?adsDxBr=2YZdSTXa1loLbzYX+KcnQQkiviJlq8WIBr6m/lVEooYtizd+E4nT8gCCGWlpcQ6d7AGpSO/Q&00D=qBZpwRbXK6sp9jn

GET 200 http://www.requotation.com/nthe/?adsDxBr=V6YTtHW2tzxe58b8wCpp2czyw04EBHapp18dR6qLAa/8BddVtaMq4KYgEeFd5t8erWZpYy6o&00D=qBZpwRbXK6sp9jn

GET 403 http://www.hanlansmojitovillage.net/nthe/?adsDxBr=54OfAHeNbwRIeCfiK96ZbDhctG36f6+/FiUzkHshmPfrtcl9VWH+3r9WBXmbjhC4FqUNXJfm&00D=qBZpwRbXK6sp9jn

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49171 -> 151.106.124.13:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 151.106.124.13:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 151.106.124.13:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 74.220.199.6:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 74.220.199.6:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 74.220.199.6:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 54.36.145.173:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 54.36.145.173:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 54.36.145.173:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts