NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 05:11
[긴급] 현재 사이버 공격에 악용중인 팔...
11.19 05:11
온도의민족, 출시 동시에 일시품절...리...
11.19 05:11
[긴급] 중국 해커, 포티넷 VPN 제로...
11.19 05:11
자운, 강남 무이재한방병원과 업무협약 체결
11.19 05:11
Chinese Hackers Exploi...
11.19 04:11
꿈꿀시간, 자체개발 코인형 세제 출시
11.19 04:11
비전원격평생교육원, 2025년도 1학기 ...
11.19 04:11
비전그룹 & Tuma Enterp...
11.19 04:11
Detecting the Presence...
11.19 04:11
CISA Alert: Active Exp...

NetWork | ZeroBOX

IP Address	Status	Action
13.248.160.216	Active	Moloch
154.64.119.157	Active	Moloch
164.124.101.2	Active	Moloch
198.54.117.216	Active	Moloch
199.59.242.153	Active	Moloch
23.110.124.89	Active	Moloch
23.227.38.74	Active	Moloch
34.80.190.141	Active	Moloch

Name	Response	Post-Analysis Lookup
www.expatriatecafe.com	A 154.64.119.157	154.64.119.157
www.daybydayneeds.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.vezmnmnr.xyz
www.cfaatampa.com	A 34.80.190.141 CNAME td-balancer-ae1-190-141.wixdns.net CNAME 47363d5c-balancer.wixdns.net CNAME www114.wixdns.net CNAME balancer.wixdns.net	34.80.190.141
www.macadamangel.com
www.diyetema.xyz
www.sanchalanprokashon.com
www.helcarpostos.com
www.fanaticscardgroup.com	CNAME parkingpage.namecheap.com A 198.54.117.216 A 198.54.117.212 A 198.54.117.211 A 198.54.117.215 A 198.54.117.210 A 198.54.117.217 A 198.54.117.218	198.54.117.211
www.daewon-talks.net
www.contactcenter9.email
www.bizz-connects.com
www.beijingrongfeng.com	A 23.110.124.89	23.110.124.89
www.koltemp.com	A 199.59.242.153	199.59.242.153
www.canopuslector.com	CNAME migatoperro.app.publica.la CNAME ad83420ef3101bf80.awsglobalaccelerator.com A 13.248.160.216 A 76.223.34.22	76.223.34.22

TCP Requests

UDP Requests

POST 0 http://www.cfaatampa.com/o2go/

GET 301 http://www.cfaatampa.com/o2go/?Dxlpd=Pl/Ol+nOsw6/w/y+aU9P1RKojiUc7vyeNPaxTQPmfD352vP1/9QBqpNGE02dwnx78NU/bhk7&mnSh=TxlhkdU

POST 0 http://www.canopuslector.com/o2go/

GET 308 http://www.canopuslector.com/o2go/?Dxlpd=ZAUpSgkpEDg8niFzuNKe6gEWnHhBWtidA2LwxNth08Qz4PbCXRD40C59E3bfaaHzXCIDtzc4&mnSh=TxlhkdU

POST 0 http://www.expatriatecafe.com/o2go/

GET 0 http://www.expatriatecafe.com/o2go/?Dxlpd=+cW4o3L1nfvEkkPOkZGTjQfjWekF/hM2MaTEXDdcC09Onuz+XEMDyox0luu0PClFcWinXzsf&mnSh=TxlhkdU

POST 0 http://www.daybydayneeds.com/o2go/

GET 403 http://www.daybydayneeds.com/o2go/?Dxlpd=/FrPOgiDhDip/ySNZI8OLKS5OxIhXPdMrfM/1s/okw0wECr+nAKcZ38irIHgJAMCO3WjHnMc&mnSh=TxlhkdU

POST 405 http://www.fanaticscardgroup.com/o2go/

GET 0 http://www.fanaticscardgroup.com/o2go/?Dxlpd=8H0rDLcccfrSnzJo6xqaIh8cFRP5shFVfEo30ND+W3j0LJ9pYzmIPxBjjF03wuELOtv43EjU&mnSh=TxlhkdU

POST 0 http://www.koltemp.com/o2go/

GET 200 http://www.koltemp.com/o2go/?Dxlpd=d/I/y4E919y90/NgD6lGRdsG+efKLObNvHJeST29zYsXDGROtBHMrcb1ki8bN5CEtxKsUn6o&mnSh=TxlhkdU

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49210 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 154.64.119.157:80	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 154.64.119.157:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 154.64.119.157:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 154.64.119.157:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 199.59.242.153:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 199.59.242.153:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 199.59.242.153:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 34.80.190.141:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 34.80.190.141:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 13.248.160.216:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 34.80.190.141:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 13.248.160.216:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 13.248.160.216:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 198.54.117.216:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 198.54.117.216:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 198.54.117.216:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts