NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.01 02:05
LoginMain(1)
05.01 02:05
LoginMain
05.01 02:05
veneziaLogin.js.pobrane
05.01 02:05
troubleshot-modal-info...
05.01 02:05
LoginMain(4)
05.01 02:05
LoginMain(3)
05.01 02:05
LoginMain(2)
05.01 02:05
LoginMain(6)
05.01 02:05
LoginMain(5)
05.01 02:05
background

Latest News
05.01 05:05
Gaze Upon Robby The Ro...
05.01 04:05
Steganography Analysis...
05.01 04:05
North Korea Stole Your...
05.01 04:05
SonicWall Confirms Act...
05.01 04:05
Elektronische Patiente...
05.01 04:05
Anzeige: Digitale Souv...
05.01 02:05
Vintage Stereo Stack B...
05.01 02:05
Key Saudi Rule Change ...
05.01 01:05
티오리, 옥타(Okta)와 협력…신원 기...
05.01 01:05
Tesla Board Started Se...

NetWork | ZeroBOX

IP Address	Status	Action
13.115.25.84	Active	Moloch
156.238.103.4	Active	Moloch
164.124.101.2	Active	Moloch
192.185.174.177	Active	Moloch

Name	Response	Post-Analysis Lookup
www.jasonid.com	CNAME proxy-ssl-geo.webflow.com CNAME proxy-ssl.webflow.com A 54.250.33.70 A 13.115.25.84 A 13.112.212.160	13.115.25.84
uacdrc.cf	A 192.185.174.177	192.185.174.177
www.beadilowa.store
www.lqunnew.com	A 156.238.103.4	156.238.103.4

TCP Requests

UDP Requests

GET 200 http://uacdrc.cf/n/Lcang_Qarrkkgi.png

GET 404 http://www.lqunnew.com/rx29/?lZ6l=tlAkrDQ7fwbEJS3Hr8zrfc95eA87tCkz9dtgGcCaS9Im0s+iFJ0ue5ctkukzeula70a118sC&vRipR=7nGx66NPeB

GET 301 http://www.jasonid.com/rx29/?lZ6l=mHcFwNUVijBkQGx6cjD2hjPUY0thYO+cSfzHyL6zjWc4PIuCSTZNKMVOvZC7qqAHoen1iJ6S&vRipR=7nGx66NPeB

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:55871 -> 164.124.101.2:53	2025107	ET INFO DNS Query for Suspicious .cf Domain	Potentially Bad Traffic
TCP 192.168.56.101:49168 -> 156.238.103.4:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 156.238.103.4:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 156.238.103.4:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49161 -> 192.185.174.177:80	2031092	ET HUNTING Request to .CF Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 13.115.25.84:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 13.115.25.84:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 13.115.25.84:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts