NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.01 10:05
Zc3.exe
05.01 10:05
zal.exe
05.01 10:05
sc.bin
05.01 10:05
budiao.exe
05.01 10:05
XPT.exe
05.01 10:05
%C3%BCreticifirma.dll
05.01 09:05
SoftwareUpdate
05.01 08:05
d.exe
05.01 08:05
b.exe
05.01 08:05
es.exe

Latest News
05.01 12:05
RSAC: AI may force a r...
05.01 12:05
Murata Shares Drop by ...
05.01 11:05
ISC Stormcast For Thur...
05.01 11:05
Altman-Backed Startup ...
05.01 11:05
Oski Stealer Technical...
05.01 11:05
Neutron Flux Impact on...
05.01 11:05
2025년 한국전자거래학회-한국스마트미디...
05.01 11:05
RSAC 2025: Vishing def...
05.01 11:05
[특별기고] SKT 유심 해킹 사고, 보...
05.01 10:05
Distributed NER Model ...

NetWork | ZeroBOX

IP Address	Status	Action
103.253.215.130	Active	Moloch
108.167.149.240	Active	Moloch
164.124.101.2	Active	Moloch
196.247.61.11	Active	Moloch
198.185.159.144	Active	Moloch
206.188.192.231	Active	Moloch
3.224.108.191	Active	Moloch
52.205.156.53	Active	Moloch

Name	Response	Post-Analysis Lookup
www.mephisto-romania.com	A 196.247.61.11	196.247.61.11
www.cloud-logix.com	A 54.85.127.12 A 34.233.68.112 CNAME AutoScale-HDRedirect-ALB-1-1859847625.us-east-1.elb.amazonaws.com A 52.205.156.53 A 54.175.111.239 A 3.224.108.191 A 34.206.234.252 A 52.207.158.25 A 54.152.188.51 A 52.54.60.54	52.54.60.54
www.ayudasdelgobierno.com	A 108.167.149.240 CNAME ayudasdelgobierno.com	108.167.149.240
www.myclubrover.com	A 198.49.23.145 A 198.185.159.145 A 198.185.159.144 CNAME ext-sq.squarespace.com A 198.49.23.144	198.49.23.144
www.otpravka-pochti-23v.xyz
www.monacheesa.com	A 206.188.192.231	206.188.192.231
www.palmjava.com	A 103.253.215.130 CNAME palmjava.com	103.253.215.130

TCP Requests

UDP Requests

GET 301 http://www.palmjava.com/rf5o/?iB8DPfF8=xsG6FxdjqnF8uuYfyLNWqgH4SBtC5LcGbac3ZUyiiDQ8vcA5MRjpYhUzq3jffd2ZTqaN20YJ&Ir=Y48Du8sh

GET 301 http://www.ayudasdelgobierno.com/rf5o/?iB8DPfF8=J/apB9ZiXP6OuF86W+fAr5sk5ZNGf1mieNBpy9Iv+UyF/MsyOEZKsoGBhRQOBOKs3XreoL7F&Ir=Y48Du8sh

GET 301 http://www.mephisto-romania.com/rf5o/?iB8DPfF8=ognUjWY6KOidWyfcMPakERI2bed9J+C9zZCf9F9Go147zPP3kIl/oXNBbev8HkyRHCGMOdNK&Ir=Y48Du8sh

GET 400 http://www.monacheesa.com/rf5o/?iB8DPfF8=pqBniIUMcKAVrfUDXBsY6Zdq+nAKaopX/nkNDTwKSe3hkcegDeaCXTITtOuZg8axbBEUW87Q&Ir=Y48Du8sh

GET 400 http://www.myclubrover.com/rf5o/?iB8DPfF8=JOUvoATkCjKj98dDZiiXPstlnChN/Oj8kkN7tCWBwmLCwOh5imTYHs1jUspe3LhL6SDHlyF3&Ir=Y48Du8sh

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 103.253.215.130:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 103.253.215.130:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 103.253.215.130:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 198.185.159.144:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 198.185.159.144:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 198.185.159.144:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 196.247.61.11:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 196.247.61.11:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 196.247.61.11:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 108.167.149.240:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 108.167.149.240:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 108.167.149.240:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 206.188.192.231:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 206.188.192.231:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 206.188.192.231:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts