NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
172.67.188.70	Active	Moloch
164.124.101.2	Active	Moloch
209.141.38.71	Active	Moloch
34.102.136.180	Active	Moloch
64.98.145.30	Active	Moloch

Name	Response	Post-Analysis Lookup
www.davispp.com	A 34.102.136.180 CNAME davispp.com	34.102.136.180
www.tzxc3441.xyz	A 107.161.23.204 A 198.251.84.92 A 70.39.125.244 A 45.58.190.82 A 64.32.22.102 A 198.251.81.30 A 204.188.203.155 A 209.141.38.71 A 192.161.187.200 CNAME parking.namesilo.com A 168.235.88.209	107.161.23.204
www.fastonlineprescriptions.com	A 64.98.145.30	64.98.145.30
www.ontopoetics.com	CNAME ontopoetics.com A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

GET 303 http://www.fastonlineprescriptions.com/lt17/?jFN8ld=73rk+orgEpy27+zMAaMQJFeW88Y512m4PCXKYgKW50mcSxWU82Z5cEbtPVfpZQYZiaxiMB9D&Ppm=_0GDCjlXRtrXu

GET 403 http://www.davispp.com/lt17/?jFN8ld=3vga1QHbs5IZQDecmeBRzvB7X4cN9V512nUQDaYLNb3NDtIUZSfjVgh1loWuVKPGH5opG13N&Ppm=_0GDCjlXRtrXu

GET 403 http://www.ontopoetics.com/lt17/?jFN8ld=nZgEXS+oZtvzQ5r51wVjH6BjRJ2Rw1axQ+lriXHyh4vc/hxz0aIffk2tcbCYWJV+PA0U6TQR&Ppm=_0GDCjlXRtrXu

GET 302 http://www.tzxc3441.xyz/lt17/?jFN8ld=CsYv+VTVNUh00Baw9JVYtpO333zQB1BV7Yd43ApDKy0wiwpbKszaan16DSpNCvzEWgZesUAC&Ppm=_0GDCjlXRtrXu

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49167 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 64.98.145.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 64.98.145.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 64.98.145.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 209.141.38.71:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 209.141.38.71:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 209.141.38.71:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 209.141.38.71:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts