NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.21 12:11
Palo Alto Networks sec...
11.21 12:11
Boss Byproducts: Calth...
11.21 12:11
How Sysdig streamlines...
11.20 11:11
Trump’s Second Term: W...
11.20 11:11
Black Friday Scammers ...
11.20 11:11
Who’s managing cyberse...
11.20 11:11
“Sad announcement” ema...
11.20 11:11
Rapid7 Extends AWS Sup...
11.20 11:11
“Sad announcement” ema...
11.20 11:11
MicroStrategy Raises C...

NetWork | ZeroBOX

IP Address	Status	Action
107.187.86.150	Active	Moloch
112.121.161.235	Active	Moloch
147.255.132.172	Active	Moloch
164.124.101.2	Active	Moloch
217.70.184.50	Active	Moloch
34.102.136.180	Active	Moloch
37.123.118.150	Active	Moloch

Name	Response	Post-Analysis Lookup
www.slowtravelco.com
www.jyh8882.com	A 112.121.161.235 CNAME a4.sddns.net	112.121.161.235
www.fearlessthread.com	A 34.102.136.180 CNAME fearlessthread.com	34.102.136.180
www.flirtylocals.xyz
www.medchemic.com	A 147.255.132.172	147.255.132.172
www.traexcel.com
www.floridawp.com	A 107.187.86.150	107.187.86.150
www.lipagent.com
www.krallechols.quest	A 37.123.118.150	37.123.118.150
www.lafabriqueabeille.com	A 217.70.184.50 CNAME webredir.vip.gandi.net	217.70.184.50

TCP Requests

UDP Requests

GET 403 http://www.krallechols.quest/scb0/?GzuD=XHAF2WnsVWh3Xtb4trV3Cr1d9KXYf9+Xd4yyhdgFxkN4v728EEpujlORpbln8yXvxRQ7qyh6&AlB=O2MxhlsHi

GET 301 http://www.jyh8882.com/scb0/?GzuD=bwd76U6LKZBpNEQppVR7cMNK+MMlT0YfxlJ4bO8ndhDvr8vJL26qIqHfcLJfN8ylP/phNSmM&AlB=O2MxhlsHi

GET 403 http://www.fearlessthread.com/scb0/?GzuD=e+prZ6QI+RKMJqROSGOehneQQaNYgX6sD4NIoSlaRQr2yLMWPyCBcsmU1B9QH+Vq/gKOdjUH&AlB=O2MxhlsHi

GET 404 http://www.floridawp.com/scb0/?GzuD=9/BqtxNJhSE/jnEmhw/jJ2i6+zR3ejBZmh2LifaRE3cbasx521HSBP9EZz5Y1ayCoextGFjB&AlB=O2MxhlsHi

GET 404 http://www.medchemic.com/scb0/?GzuD=rH1WwaW1yHBAvxkBaGNiAvQbWXUrp1RT/W1FLLKV2kI7heGaZanJJSmQIo3vE23qZDCeIbu+&AlB=O2MxhlsHi

GET 200 http://www.lafabriqueabeille.com/scb0/?GzuD=Fq2LCo+OmuFI0F6UFf6oGUX4emiKH+nbJ+jp6lKcU3kbPt44QMZnfh9LthJX8Ei6b12Ppx2P&AlB=O2MxhlsHi

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 147.255.132.172:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 147.255.132.172:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 147.255.132.172:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 107.187.86.150:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 107.187.86.150:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 107.187.86.150:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 217.70.184.50:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 217.70.184.50:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 217.70.184.50:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 112.121.161.235:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 112.121.161.235:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 112.121.161.235:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 37.123.118.150:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 37.123.118.150:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 37.123.118.150:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts