NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 11:11
Souring S&amp;P 50...
11.16 10:11
IT Sicherheitsnews tae...
11.16 10:11
Studie: KI soll Portra...
11.16 10:11
IT Sicherheitsnews tae...
11.16 09:11
T-Mobile’s Network Bre...
11.16 09:11
Spotted at Supercon: G...
11.16 09:11
IT Sicherheitsnews tae...
11.16 09:11
Bitfinex Hacker Gets 5...
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행

NetWork | ZeroBOX

IP Address	Status	Action
150.95.255.38	Active	Moloch
157.7.107.216	Active	Moloch
164.124.101.2	Active	Moloch
66.96.162.147	Active	Moloch

Name	Response	Post-Analysis Lookup
www.stickyflasks.com	A 66.96.162.147	66.96.162.147
www.maedazouen-osaka.com	A 150.95.255.38	150.95.255.38
www.lifeofaroma.com	A 157.7.107.216	157.7.107.216

TCP Requests

UDP Requests

GET 302 http://www.stickyflasks.com/g0ib/?Mvdl=ZWuaS7WofFbkvxyzet/9Sha7YIdf1NUVm0nCdNVXeFpr4IHHq2QjGgDhYkF3CGr6lmNA7Cmu&QPXl7=GdPL

GET 302 http://www.maedazouen-osaka.com/g0ib/?Mvdl=Y0KAwGFF7aeiUaXqGXtzE1r6FISNPFrGB685Z2xEnT7rwx7wj+Z0quRc/4NDShlxc6aW+ibn&QPXl7=GdPL

GET 301 http://www.lifeofaroma.com/g0ib/?Mvdl=eGvHNFMMHGiXXF9RTNFfS4KI7T0Hg4PlR5l/Ac1Au3uAREYhIrjqRt2sRRHGWT6dq8ueFK+P&QPXl7=GdPL

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 66.96.162.147:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 66.96.162.147:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 66.96.162.147:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 157.7.107.216:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 157.7.107.216:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 157.7.107.216:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 150.95.255.38:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 150.95.255.38:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 150.95.255.38:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts