NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
103.145.226.120	Active	Moloch
134.73.225.58	Active	Moloch
164.124.101.2	Active	Moloch
64.190.63.111	Active	Moloch
64.32.22.102	Active	Moloch

Name	Response	Post-Analysis Lookup
www.ruvedaj.xyz
www.arthamandirialkesindo.com	CNAME arthamandirialkesindo.com A 103.145.226.120	103.145.226.120
www.sdfijsdjidf.xyz	A 107.161.23.204 A 198.251.84.92 A 70.39.125.244 A 45.58.190.82 A 64.32.22.102 A 198.251.81.30 A 204.188.203.155 A 209.141.38.71 A 192.161.187.200 CNAME parking.namesilo.com A 168.235.88.209	64.32.22.102
www.cryoablation.xyz	A 64.190.63.111	64.190.63.111
www.zhidao95.com	A 134.73.225.58	134.73.225.58

TCP Requests

UDP Requests

GET 200 http://www.zhidao95.com/m0d4/?LL0=NAAVMfeqbK0z8vD+Qvzh9xXRUU+fA/5gjMBr3ElO5qTI90nZ+R2ISaurvJy762/h5RKa5fTC&APcPAD=dhItCFUXjf9x

GET 302 http://www.sdfijsdjidf.xyz/m0d4/?LL0=qa2HCuehd+OLluEj+ZaoAc9XIsur+rI4EFCYyrG+J7mbG8JHTzLv2WdBKhUJ+7SIbEylXPoH&APcPAD=dhItCFUXjf9x

GET 302 http://www.cryoablation.xyz/m0d4/?LL0=YUmoHpfUPyDRMD4vBz5urBozJPl1O97m0DXdDlwENz/Wz1XTyx+p7AJWswgLEjMsRwA+jz0k&APcPAD=dhItCFUXjf9x

GET 404 http://www.arthamandirialkesindo.com/m0d4/?LL0=mf1bYp/FUP+Ts7S79apP1hkr0w8WZdLzLYn+xRmG0PkAZk5rfm9mwOwUYcGgvUO+IESzcMgd&APcPAD=dhItCFUXjf9x

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49167 -> 64.32.22.102:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 64.32.22.102:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 64.32.22.102:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 64.32.22.102:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 103.145.226.120:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 103.145.226.120:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 103.145.226.120:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 134.73.225.58:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 134.73.225.58:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 134.73.225.58:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 64.190.63.111:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 64.190.63.111:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 64.190.63.111:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 64.190.63.111:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts