NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
104.129.43.19	Active	Moloch
114.116.39.220	Active	Moloch
103.80.48.27	Active	Moloch
150.95.255.38	Active	Moloch
164.124.101.2	Active	Moloch
192.0.78.25	Active	Moloch

Name	Response	Post-Analysis Lookup
www.restdayrunner.com	A 103.80.48.27 CNAME restdayrunner.com	103.80.48.27
www.cameratademurcia.com	A 150.95.255.38	150.95.255.38
www.animastrue.art	A 192.0.78.25 A 192.0.78.24 CNAME animastrue.art	192.0.78.24
www.heartrusound.com

TCP Requests

UDP Requests

GET 302 http://www.cameratademurcia.com/hp6s/?MZkp=uxFLPsEJ7+F0e4q4Xbjc7ooGr7spuZXJbjCqSwyNOECeVyUWI2YbaUrgXzG3tNErpaJasZRt&U4kp=Ntx0ULGH4Bu8xJ0

GET 301 http://www.animastrue.art/hp6s/?MZkp=ZozstJ7iktbmX5IlXFYfEtw0G6xkBB3eXsvYUCdXr3vEJJAAxFs1+Xa+lbyYS7DFwKFViTJ7&U4kp=Ntx0ULGH4Bu8xJ0

GET 404 http://www.restdayrunner.com/hp6s/?MZkp=DWCLYveIyJzDZ98aMPEyM+WajRPQeicmVQBEOZl9whfEdIOOGt+07CoxCiyYSWFuVNyfQFd7&U4kp=Ntx0ULGH4Bu8xJ0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 150.95.255.38:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 150.95.255.38:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 150.95.255.38:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 103.80.48.27:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 103.80.48.27:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 103.80.48.27:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 192.0.78.25:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 192.0.78.25:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 192.0.78.25:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts