NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 06:04
8937.e9c8f83d94118188....
04.27 06:04
7914.753c477fc6135f24....
04.27 06:04
gtm.js.pobrane
04.27 06:04
7d0bf13e-79a638a0b87a8...
04.27 06:04
webpack-6751726d88b2d8...
04.27 06:04
6814.91bf0d11abffee40....
04.27 06:04
main-292e27553c8f5cb8....
04.27 06:04
framework-ca706bf673a1...
04.27 06:04
ee8b1517-cc4d7300db272...
04.27 06:04
75fc9c18-02b28d24f737c...

Latest News
04.27 11:04
Another Coil Winder Pr...
04.27 10:04
IT Sicherheitsnews tae...
04.27 10:04
IT Sicherheitsnews tae...
04.27 10:04
북한 라자루스, 한국 금융·IT·통신 분...
04.27 09:04
SAP 넷위버 제로데이 취약점 사이버공격...
04.27 09:04
Updte: zipdump.py Vers...
04.27 09:04
대전자동차정비학원 현대직업전문학교, 스카...
04.27 08:04
YKK’s Self-Propelled Z...
04.27 07:04
Vorsicht beim KI-Chat:...
04.27 07:04
Gen Z und KI: Warum 44...

NetWork | ZeroBOX

IP Address	Status	Action
154.86.221.17	Active	Moloch
164.124.101.2	Active	Moloch
198.185.159.144	Active	Moloch
198.54.117.210	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.rwproducedeliveryknoxville.com	A 198.49.23.145 A 198.185.159.145 A 198.185.159.144 CNAME ext-sq.squarespace.com A 198.49.23.144	198.49.23.145
www.abbbbha13.art
www.sparetimr.net	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.211
www.cheikh-faye.com	A 154.86.221.17	154.86.221.17
www.theaccountableteamscoach.com	CNAME theaccountableteamscoach.com A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

GET 400 http://www.rwproducedeliveryknoxville.com/pmc/?Ez=mnj0FNt3a7nl1Ql0YoriOJf4cAinzVMKSi3j+C+aJnvhp8rA6ZNo2qczZQeE2eLS4QZ4NBwe&lhud=Txol_2I

GET 403 http://www.theaccountableteamscoach.com/pmc/?Ez=gVzqDSSmhDwCcbrvrqFyqNa496pKegJJtCWYCwkmBn7L/f0dBhMWKcgRHIa8WjOwOWR88Fy0&lhud=Txol_2I

GET 200 http://www.cheikh-faye.com/pmc/?Ez=45Jbv0zHXhCFcWB5cyZRlvCJJu0mHxT7nLQ17GVtdzGeB18Y8Ww2I3k3rk2swPMbwEwxbWWO&lhud=Txol_2I

GET 0 http://www.sparetimr.net/pmc/?Ez=AlQ1RzJ/kwnlpQLinP/2GByIkuZWaj6fbRJnek0eZ1YVl3+ZWM7od8C6qhD96Nb7SsHk40GT&lhud=Txol_2I

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49207 -> 198.54.117.210:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 198.54.117.210:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 198.54.117.210:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 198.185.159.144:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 198.185.159.144:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 198.185.159.144:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 154.86.221.17:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 154.86.221.17:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 154.86.221.17:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts