NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 08:11
122 million people’s b...
11.15 08:11
Angry Judge Questions ...
11.15 08:11
122 million people&amp...
11.15 07:11
FCC to soon announce l...
11.15 07:11
Michael Burry Boosts C...
11.15 07:11
Thomas Kurtz, Co-Creat...
11.15 06:11
Malware Spotlight: A ...
11.15 06:11
Disney's Streaming Suc...
11.15 06:11
Applied Materials Fore...
11.15 06:11
Bluetooth Dongle Gives...

NetWork | ZeroBOX

IP Address	Status	Action
104.221.198.153	Active	Moloch
164.124.101.2	Active	Moloch
182.50.132.242	Active	Moloch
34.98.99.30	Active	Moloch
52.58.78.16	Active	Moloch
94.136.40.51	Active	Moloch
216.83.33.79	Active	Moloch

Name	Response	Post-Analysis Lookup
www.omairmaryam.com	A 34.98.99.30 CNAME omairmaryam.com	34.98.99.30
www.urodiran.com	CNAME urodiran.com A 104.221.198.153	104.221.198.153
www.thobeya.com	A 52.58.78.16	52.58.78.16
www.tauding.com
www.verogustopromise.com	A 94.136.40.51	94.136.40.51
www.valkconstruction.com	CNAME valkconstruction.com A 182.50.132.242	182.50.132.242

TCP Requests

UDP Requests

GET 403 http://www.omairmaryam.com/p1nr/?Ezu=IXLoWTYa0i8eeaqh9bIbqgec+k0wROqM3Un4DSIZKmT9QhQjPHtCJ9Ndxhca04s3uzXMmJbg&q48=Gbt4axj8p

GET 400 http://www.valkconstruction.com/p1nr/?Ezu=8HEGUiNVk0P9GMdG7dRCWlLM4qA2uBc2lIgIvMG2dToNREUXv6C5nmr0SQXPy4Z7ZuDvaebt&q48=Gbt4axj8p

GET 404 http://www.verogustopromise.com/p1nr/?Ezu=7JXCB8na1Fe02e3JKmTYWfcqjD2gSn26h4jWqLkZ1za0EaaNhXB08XCk6j/Ud9tLAiKUkKsg&q48=Gbt4axj8p

GET 410 http://www.thobeya.com/p1nr/?Ezu=paOrJiqdhggGbgCyC06/uSngCO14/KrleymFdLJqnVZImz5h6h50/Oa4nfx0i+NQsT7AsnY+&q48=Gbt4axj8p

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49164 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49164 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49164 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49165 -> 182.50.132.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.58.78.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49165 -> 182.50.132.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.58.78.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49165 -> 182.50.132.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.58.78.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 94.136.40.51:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 94.136.40.51:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 94.136.40.51:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts