NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
그라스메디 ‘자유펫’, 2025 JKC ...
11.13 09:11
November Patch Tuesday...
11.13 09:11
WAV2VGM Plays Audio Vi...
11.13 09:11
로코모션뷰, 무료 AI 뉴스레터와 함께 ...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
166.88.88.165	Active	Moloch
172.217.25.14	Active	Moloch
34.102.136.180	Active	Moloch
81.17.18.198	Active	Moloch
85.159.66.93	Active	Moloch

Name	Response	Post-Analysis Lookup
www.canal2radio.com
www.orenocasino.xyz	A 127.0.0.1	127.0.0.1
www.pageba.com	A 166.88.88.165	166.88.88.165
www.qhjahq.com
www.modaorganik.online	CNAME natroredirect.natrocdn.com CNAME redirect.natrocdn.com A 85.159.66.93	85.159.66.93
www.nopeace.club	A 34.102.136.180 CNAME nopeace.club	34.102.136.180
www.repairxlinic.com	A 81.17.18.198	192.187.111.220

TCP Requests

UDP Requests

POST 404 http://www.modaorganik.online/gno4/

GET 404 http://www.modaorganik.online/gno4/?Cdxx=inCHmHQx&8pM0A2eH=BO+JAK3WUuHkv76DXY2qbY1eFm2FwWlNAT+SdgcTsnpp/O/AGEox2Zn14AF6xFoc6Yx+QCRw

POST 0 http://www.pageba.com/gno4/

GET 200 http://www.pageba.com/gno4/?8pM0A2eH=BekcA0zE2Qfvjgkitx3hXxY/LtGeaMvVowhUBv7fu5s/Kyr7kzR8iknwRG6Az76IoowRzlJD&Cdxx=inCHmHQx

POST 405 http://www.nopeace.club/gno4/

GET 403 http://www.nopeace.club/gno4/?Cdxx=inCHmHQx&8pM0A2eH=KZ7BCcZ3EzMJ9dKjtwrKB1ycBn3tQcIheymLGVWowQrm9C5ZRctKyHlHlzyu5OKn2Me/PjCJ

POST 0 http://www.repairxlinic.com/gno4/

GET 302 http://www.repairxlinic.com/gno4/?8pM0A2eH=VlxPKIwT3K/hN2e1yJrW5Lz2XHBics2EM+3Tk2QRZ3RYrWF+tq3r6iFQ487gNLhBJd97gOkj&Cdxx=inCHmHQx

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49818 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49818 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49818 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 85.159.66.93:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 85.159.66.93:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 85.159.66.93:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 166.88.88.165:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 166.88.88.165:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 166.88.88.165:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49820 -> 81.17.18.198:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49820 -> 81.17.18.198:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49820 -> 81.17.18.198:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts