NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...
11.18 03:11
디저트39, 필리핀·미국에 이어 몽골 진출
11.18 03:11
Beyoncé to Join Netfli...
11.18 03:11
에스엠해썹, 2024 스마트공장 지원사업...
11.18 03:11
삼진벽난로, 알펜시아 에스테이트 초프리미...
11.18 03:11
Analog Shift Register ...
11.18 03:11
엠기어스, BMW 통합 호환…신제품 엠스...
11.18 02:11
상상력집단, 고양시 시니어 맞춤형 AI ...

NetWork | ZeroBOX

IP Address	Status	Action
154.205.199.202	Active	Moloch
164.124.101.2	Active	Moloch
182.50.132.242	Active	Moloch
74.220.199.6	Active	Moloch
37.0.10.39	Active	Moloch

Name	Response	Post-Analysis Lookup
www.oyster-gal.com	CNAME oyster-gal.com A 182.50.132.242	182.50.132.242
www.ericaleighjensen.com	A 74.220.199.6	74.220.199.6
www.cisiworld.com	A 154.205.199.202	154.205.199.202

TCP Requests

UDP Requests

GET 404 http://www.cisiworld.com/hs3h/?w6A=8yrHHh9+bSiZSqWo8J+KbKp5VJ9nnSbrpd5iLWOB0w/p5e+QnIfabaNSSGocLMFaFg6s3fqH&-ZS=W6O83nLhI

GET 400 http://www.oyster-gal.com/hs3h/?w6A=BQdxFGsIzLpJhhsNJumaC8i1NTQ6v/gnKL4j0SDTA8mzI6I3M/hLcvQW6vgj3JSKpdGSKElg&-ZS=W6O83nLhI

GET 200 http://www.ericaleighjensen.com/hs3h/?w6A=xV65ikd/hi3Vj7uvEUAD5gbWGs8+QeVoNuHaI0MVrFB9Z1FE6uua4RlninifA7tr5QncnhCd&-ZS=W6O83nLhI

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 154.205.199.202:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 182.50.132.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 154.205.199.202:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 182.50.132.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 154.205.199.202:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 182.50.132.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 74.220.199.6:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 74.220.199.6:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 74.220.199.6:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts