NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 12:09
[PASCON 2024-리뷰] 굿모닝아이...
09.22 12:09
[PASCON 2024-강연] 박나룡 소...
09.22 12:09
2024-09-19 - File down...
09.22 11:09
The Surprising Effects...
09.22 10:09
두리코스 댕기머리, 중국인 300만 명이...
09.22 09:09
Announcing SecTemplate...
09.22 08:09
When Raw Network Socke...
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024

NetWork | ZeroBOX

IP Address	Status	Action
103.101.188.123	Active	Moloch
151.101.194.159	Active	Moloch
164.124.101.2	Active	Moloch
166.62.108.196	Active	Moloch
172.217.25.14	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.topgradetutors.net	CNAME topgradetutors.net A 151.101.194.159	151.101.194.159
www.20190606.com	CNAME 8kpj.jiasubook.com A 103.101.188.119 A 103.101.188.123 A 103.101.188.118 A 103.101.188.44 CNAME 8kpjweb.xaomenlebo008.com A 103.101.188.110 A 103.101.188.124 A 103.101.188.125	103.101.188.119
www.sophieberiault.com	A 166.62.108.196 CNAME sophieberiault.com	166.62.108.196
www.milehighcitygames.com	CNAME milehighcitygames.com A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

GET 403 http://www.milehighcitygames.com/xcl/?Tj=fTgN0Et6e/d09dZDxyMRrypPZrJHAeTvzEoww+MZoNOHJJv+5czzLYqto9iAljufQKJX/SVl&SX=dn98bVV0hxJ4

GET 400 http://www.sophieberiault.com/xcl/?Tj=a/FLMe0ya/9YtTuUYok1B7vp/5Gr9at0LM/5wBD76A+xTQCdjVAZGPVTPrI0zw+67MuX3Fmg&SX=dn98bVV0hxJ4

GET 301 http://www.topgradetutors.net/xcl/?Tj=Iac5W1wUqDosYJk6LxlBM2b783u0YGGNexhKQMJrvkzTaDAxSdLOMJq38mi9FvZlS0tSXUVd&SX=dn98bVV0hxJ4

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49813 -> 166.62.108.196:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 166.62.108.196:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 166.62.108.196:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49814 -> 151.101.194.159:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49814 -> 151.101.194.159:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49814 -> 151.101.194.159:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts