NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...

NetWork | ZeroBOX

IP Address	Status	Action
116.193.69.130	Active	Moloch
164.124.101.2	Active	Moloch
172.67.176.229	Active	Moloch
198.185.159.145	Active	Moloch
45.38.9.8	Active	Moloch

Name	Response	Post-Analysis Lookup
www.chuyensuacuasat.com	A 116.193.69.130	116.193.69.130
xwjhdjylqeypyltby.ml	A 104.21.88.107 A 172.67.176.229	172.67.176.229
www.xin-zong.com	A 45.38.9.8	45.38.9.8
www.riseinitiativellc.com	A 198.49.23.145 CNAME ext-sq.squarespace.com A 198.185.159.144 A 198.49.23.144 A 198.185.159.145	198.49.23.145
www.luxbeds.info

TCP Requests

UDP Requests

GET 200 http://xwjhdjylqeypyltby.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-DC99786D69273EFAB2BE036B79EA07C9.html

GET 404 http://www.xin-zong.com/hsd/?GVW8=l9NNfcs8gV38WLNdwwM4MrwWlwMPHZMgRluEmFVCm/U2i1JlW36Q4mMzDwS7eZqBb3yaC0Fn&uzuD=Zld0rPDHNj

GET 400 http://www.riseinitiativellc.com/hsd/?GVW8=S7S7gnEF/SB8sQS1wIlqnp1Ofu7tBBDrW++s6v81ELS9tYHecr3PVg7JMS1bWvKVLvtxdrl4&uzuD=Zld0rPDHNj

GET 404 http://www.chuyensuacuasat.com/hsd/?GVW8=dwSUQeNDSCch504RvWDP9MDBCdi0TMn6ht2P9jbHhkFz+AIKYC+Gjjsmw4VUd0oW1YuPBdDe&uzuD=Zld0rPDHNj

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:61479 -> 164.124.101.2:53	2025106	ET INFO DNS Query for Suspicious .ml Domain	Potentially Bad Traffic
TCP 192.168.56.101:49208 -> 116.193.69.130:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 116.193.69.130:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 116.193.69.130:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 198.185.159.145:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 198.185.159.145:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 198.185.159.145:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 45.38.9.8:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 45.38.9.8:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 45.38.9.8:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts