NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 09:11
존쿡 델리미트 외식 매장서 ‘연말맞이 다...
11.16 09:11
서울퓨처랩, 누적체험객 6만명 돌파…프로...
11.16 09:11
니지모리스튜디오 갤러리, 일본 일러스트 ...
11.16 09:11
RISC-V Pushes 400 Mill...
11.16 09:11
IT Sicherheitsnews tae...
11.16 07:11
Anduril’s Chair Consul...
11.16 07:11
Senators Call for Prob...
11.16 06:11
Microsoft Windows NTLM...
11.16 06:11
Drinking water systems...
11.16 06:11
Mögliches Destatis-Dat...

NetWork | ZeroBOX

IP Address	Status	Action
154.92.6.107	Active	Moloch
164.124.101.2	Active	Moloch
192.254.185.89	Active	Moloch
3.223.115.185	Active	Moloch

Name	Response	Post-Analysis Lookup
www.schuldenzaesurgesetz.info
www.wang0911.com	A 154.92.6.107 CNAME 8kpjweb.xaomenlebo008.com CNAME 8kpjback.javalebogame008.com	154.92.6.107
www.sxhuanghe.com	CNAME HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com A 3.223.115.185	3.223.115.185
www.onenesstokyo.com
www.fussionpromos.com	A 192.254.185.89 CNAME fussionpromos.com	192.254.185.89

TCP Requests

UDP Requests

GET 406 http://www.wang0911.com/otcl/?uzu4=W0aQsAfnZT9K8WsD4i5637X8WoT/2UA8HayUDBPHV5pQR9uMddXCE1ucNEuG5AYfMdvmFofK&OjQl7x=9r74bd4h

GET 301 http://www.fussionpromos.com/otcl/?uzu4=R6pBimEX126Y/7jz26NSIB+pAf+iSCkbIcynLs+ia55rI8fnMgFdof6zFKq4BsG3kSXOUZFo&OjQl7x=9r74bd4h

GET 302 http://www.sxhuanghe.com/otcl/?uzu4=bykNueCGzGef1kTLSC6P98gcCLtJHJm8XaoDN192w2lHtEo2seD5whRxipE3R8Jwf92JqfL+&OjQl7x=9r74bd4h

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 192.254.185.89:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 192.254.185.89:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 192.254.185.89:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 154.92.6.107:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 154.92.6.107:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 154.92.6.107:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 3.223.115.185:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 3.223.115.185:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 3.223.115.185:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts