NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 07:11
IT Sicherheitsnews stü...
11.17 06:11
World’s First Virtual ...
11.17 06:11
IT Sicherheitsnews stü...
11.17 06:11
KI und Coding: Wie Kün...
11.17 06:11
Bye-bye, Windows 10: E...
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
103.139.0.32	Active	Moloch
164.124.101.2	Active	Moloch
18.205.36.100	Active	Moloch
209.99.40.222	Active	Moloch
34.102.136.180	Active	Moloch
91.194.91.202	Active	Moloch
99.83.154.118	Active	Moloch

Name	Response	Post-Analysis Lookup
www.inanavcifitnessclub.com	A 209.99.40.222	209.99.40.222
www.sunshineenergyind.com	A 99.83.154.118	99.83.154.118
www.myfreezic.com	A 103.139.0.32	103.139.0.32
www.getzlppi.com	A 34.102.136.180 CNAME getzlppi.com	34.102.136.180
www.equltycol.com
www.operationbuy.com
www.mercurydatas.com	A 91.194.91.202	91.194.91.202
www.brightstarqr.com	A 18.205.36.100 CNAME fundamental-chard-0k38c0olp0kqami6i52rqqst.herokudns.com A 54.162.128.250 A 52.204.242.176 A 54.157.58.70	54.157.58.70
www.jogiyoga.support
www.tonailcure.icu

TCP Requests

UDP Requests

GET 301 http://www.mercurydatas.com/24ng/?EZUTzDu=73RKxnoEEGPHaiqYHtD+jTsNxYvkw6Ei3DrZaFJsPwj3AJHixVrZdfXfQY48NHPO2bpqzq2Z&DzrLW=VBZtT4dPwd244h

GET 403 http://www.getzlppi.com/24ng/?EZUTzDu=L5LGxFrJmFFW7+IY9g8iVUirVSu4fjeQj90+j0oTYvKK8rEJklo6J2dxJua7XjT6OpHJ/fPt&DzrLW=VBZtT4dPwd244h

GET 200 http://www.inanavcifitnessclub.com/24ng/?EZUTzDu=7B/mxEe684X+Fe8GJ5WQJKEToqxOKLoYRHSlnqT22Suhy7fkAEyyqsV6IsAMnECK+ppvVgFJ&DzrLW=VBZtT4dPwd244h

GET 404 http://www.brightstarqr.com/24ng/?EZUTzDu=8v1BaeXDdHouIcyDdFDGzu6REvBUz6OB3JNjO8R+mAtpk36d8yYIQhxbWZgde9Q6oLtpMRoQ&DzrLW=VBZtT4dPwd244h

GET 404 http://www.myfreezic.com/24ng/?EZUTzDu=YF1kztGDlRJpsfA9HLEjfHWM3KfZfu6pVivDrAZmlPi8ADA1cW10jKFzSf6SS65dyB8FAXy7&DzrLW=VBZtT4dPwd244h

GET 403 http://www.sunshineenergyind.com/24ng/?EZUTzDu=35iWi52lGojBS87VvIGnpLKhNq28n3UubyUFC8niPWNy7gVZgtz7k+ypAgcpiko10aWgDcvJ&DzrLW=VBZtT4dPwd244h

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
UDP 192.168.56.102:59731 -> 164.124.101.2:53	2026888	ET INFO DNS Query for Suspicious .icu Domain	Potentially Bad Traffic
TCP 192.168.56.102:49170 -> 18.205.36.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 18.205.36.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 18.205.36.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 103.139.0.32:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 103.139.0.32:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 103.139.0.32:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 99.83.154.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 209.99.40.222:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 209.99.40.222:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 209.99.40.222:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 99.83.154.118:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 99.83.154.118:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 91.194.91.202:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 91.194.91.202:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 91.194.91.202:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts