NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
TikTok Parent ByteDanc...
11.17 12:11
Hackers, Patents, and ...
11.17 12:11
IT Sicherheitsnews tae...
11.17 12:11
Umweltfreundlicher Wha...

NetWork | ZeroBOX

IP Address	Status	Action
162.241.216.98	Active	Moloch
164.124.101.2	Active	Moloch
208.91.197.46	Active	Moloch
34.102.136.180	Active	Moloch
34.98.99.30	Active	Moloch
99.83.154.118	Active	Moloch
45.137.22.77	Active	Moloch

Name	Response	Post-Analysis Lookup
www.solteratrashvalet.com	CNAME solteratrashvalet.com A 34.102.136.180	34.102.136.180
www.nexusbisous.com
www.dbhguitar.com	CNAME dbhguitar.com A 162.241.216.98	162.241.216.98
www.thehealthnwellness.com	A 34.98.99.30 CNAME thehealthnwellness.com	34.98.99.30
www.luhwahyuni.com
www.bodycamsforus.com	CNAME bodycamsforus.com A 34.102.136.180	34.102.136.180
www.hotsmartdevice.com	A 208.91.197.46	208.91.197.46
www.designtipstricks.com	A 99.83.154.118	99.83.154.118

TCP Requests

UDP Requests

POST 0 http://www.hotsmartdevice.com/t5n8/

GET 200 http://www.hotsmartdevice.com/t5n8/?XPJTM6s8=nGckRINTvjYvr27q8uWXmj3R2efNehYICnV0xqn8lf6t1eEWsuSRDxhvEO9S7voKDmPUenGk&EBZ=ZTFHsb8XYda47

POST 405 http://www.solteratrashvalet.com/t5n8/

GET 403 http://www.solteratrashvalet.com/t5n8/?XPJTM6s8=5Q4FtBtI/hhSVFiGApjsEsWy/ejkd3s6xw87lNC+/+DGfRnI/21m4vZdJrxaL5y7nigeH0o1&EBZ=ZTFHsb8XYda47

POST 0 http://www.designtipstricks.com/t5n8/

GET 403 http://www.designtipstricks.com/t5n8/?XPJTM6s8=4yzfNb9/a4UGTolcsXwcdj1cfLUMdahnm/eyg5XqDx6+dwQzjbSiwxPuVbMiKoJwGK2pbusB&EBZ=ZTFHsb8XYda47

POST 405 http://www.bodycamsforus.com/t5n8/

GET 403 http://www.bodycamsforus.com/t5n8/?XPJTM6s8=qCpgDbxZ46++gCIfutiyI//r5UwS9EorX8NBpnAnFaDz61CxQZ65GSWEqrocOO/Q5yTJs+ES&EBZ=ZTFHsb8XYda47

POST 500 http://www.dbhguitar.com/t5n8/

GET 500 http://www.dbhguitar.com/t5n8/?XPJTM6s8=VmDk+4iWU41g0u13a5FZSAeENeKA59VMtXn63LheEkEMx5qyHUEUfUQ+vYfh2cdaaVx0+J7v&EBZ=ZTFHsb8XYda47

POST 405 http://www.thehealthnwellness.com/t5n8/

GET 403 http://www.thehealthnwellness.com/t5n8/?XPJTM6s8=EmOAYvuHEXJ8Ka8GbB3CnZeeKwhVYoLVzBZEEWsudyVICEp5bfG8pbRix4HIcH0NQyGdTrIs&EBZ=ZTFHsb8XYda47

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 208.91.197.46:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 208.91.197.46:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 208.91.197.46:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 162.241.216.98:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 162.241.216.98:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 162.241.216.98:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 99.83.154.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 99.83.154.118:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 99.83.154.118:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts