NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
198.54.117.211	Active	Moloch
198.54.117.216	Active	Moloch
66.96.162.129	Active	Moloch

Name	Response	Post-Analysis Lookup
www.buildstarconst.com	A 66.96.162.129	66.96.162.129
www.roxytocin.art	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.210
www.getgoldwithmrsbest.com	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.215
www.susu521.com

TCP Requests

UDP Requests

GET 0 http://www.roxytocin.art/sl4w/?6l8P=EubUdb3A3+v3zBAO2yMZszRUAX6MySP9IuHIW5t779IK3kZlpI6b33bDf1ILvDReab3Uu77l&mlvx=fZU8pTY0MT2trP

GET 404 http://www.buildstarconst.com/sl4w/?6l8P=rWwJ7ET0sHd4gGkB9dVKIEIoJ+RqQrFmVMEdCyZm6skUMbIw/1NiBsgVzJPxFFkOUojtFvF6&mlvx=fZU8pTY0MT2trP

GET 0 http://www.getgoldwithmrsbest.com/sl4w/?6l8P=1JDKyruM/74jwNm/2X+0t2d5cjjeO1YF2ZZr07xm6iLte28LljOvl4p69ACcbMMjDgnwMGvg&mlvx=fZU8pTY0MT2trP

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 66.96.162.129:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 66.96.162.129:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 66.96.162.129:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 198.54.117.216:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 198.54.117.216:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 198.54.117.216:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 198.54.117.211:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 198.54.117.211:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 198.54.117.211:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts