NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
104.197.108.89	Active	Moloch
164.124.101.2	Active	Moloch
188.166.50.136	Active	Moloch
52.8.80.253	Active	Moloch

Name	Response	Post-Analysis Lookup
www.plxcksd.xyz	CNAME dpa-wcl-alb-1243735834.us-west-1.elb.amazonaws.com A 52.9.167.144 A 52.8.80.253	52.8.80.253
www.affordableapartmentssl.com	A 104.197.108.89 CNAME affordableapartmentssl.com	104.197.108.89
www.candelas.one
www.binoler.xyz	A 188.166.50.136 CNAME binoler.xyz	188.166.50.136

TCP Requests

UDP Requests

GET 404 http://www.plxcksd.xyz/hp6s/?ChOhp=nWxINci6IYVyUMacVxyy/VVZomVhI1dtr5KzNL0MsrLoy2oaJyhKJK8IAcZwTNRL2WaiPkpq&Ez=ltH4x0I

GET 404 http://www.binoler.xyz/hp6s/?ChOhp=Y0r6UfnM38LgcpYKBlb0i50Dv2SvJNbcX2aAiW6VOnO1SbIPk0VLDMIEprqsED4g5ujfqFSw&Ez=ltH4x0I

GET 301 http://www.affordableapartmentssl.com/hp6s/?ChOhp=xduxBy0qZ+DufZSL/R2onClCL9XD8RA8qPy1IQZcPY/Pf+1IWUPWX/JY4Mf09a70XNWl6hDx&Ez=ltH4x0I

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 188.166.50.136:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 188.166.50.136:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 188.166.50.136:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 188.166.50.136:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 52.8.80.253:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 52.8.80.253:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 52.8.80.253:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 52.8.80.253:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49169 -> 104.197.108.89:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 104.197.108.89:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 104.197.108.89:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts