NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.01 10:05
Zc3.exe
05.01 10:05
zal.exe
05.01 10:05
sc.bin
05.01 10:05
budiao.exe
05.01 10:05
XPT.exe
05.01 10:05
%C3%BCreticifirma.dll
05.01 09:05
SoftwareUpdate
05.01 08:05
d.exe
05.01 08:05
b.exe
05.01 08:05
es.exe

Latest News
05.01 12:05
RSAC: AI may force a r...
05.01 12:05
Murata Shares Drop by ...
05.01 11:05
ISC Stormcast For Thur...
05.01 11:05
Altman-Backed Startup ...
05.01 11:05
Oski Stealer Technical...
05.01 11:05
Neutron Flux Impact on...
05.01 11:05
2025년 한국전자거래학회-한국스마트미디...
05.01 11:05
RSAC 2025: Vishing def...
05.01 11:05
[특별기고] SKT 유심 해킹 사고, 보...
05.01 10:05
Distributed NER Model ...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.0.78.24	Active	Moloch
192.185.174.18	Active	Moloch
204.188.203.155	Active	Moloch
23.88.111.156	Active	Moloch

Name	Response	Post-Analysis Lookup
www.thebeautifullifeofthearth.com	A 192.0.78.25 A 192.0.78.24 CNAME thebeautifullifeofthearth.com	192.0.78.24
www.xlblvd37.xyz	A 107.161.23.204 A 198.251.84.92 A 70.39.125.244 A 45.58.190.82 A 64.32.22.102 A 198.251.81.30 A 204.188.203.155 A 209.141.38.71 A 192.161.187.200 CNAME parking.namesilo.com A 168.235.88.209	198.251.84.92
advanced-ms.ml	A 192.185.174.18	192.185.174.18
www.mommoth.club	A 23.88.111.156	23.88.111.156

TCP Requests

UDP Requests

GET 200 http://advanced-ms.ml/n/Vnwayys_Nqgxigqk.bmp

GET 404 http://www.mommoth.club/sn12/?nPnpM8=M1FrCRBfZI4URM1OR9+PPRBG9+ZjtDf1KcSpQBV/o5qXUsKvPLp9knFexYRpxxJTz8QEmRaD&Lh0h=ZTdp6Lqh8

GET 302 http://www.xlblvd37.xyz/sn12/?nPnpM8=YM3GtV5qVLKpLRh+oYdy1+APxsbC0CfQN910FlDgY/N7Dk/bfVHsGC8BVqJyM7FpwOLWU+uU&Lh0h=ZTdp6Lqh8

GET 301 http://www.thebeautifullifeofthearth.com/sn12/?nPnpM8=+bAqrraOPFP6G7VNldvEvmQlIsf6EpITHpJV0mplF4OII8J3s/Rhv2hUxoigmbYJPULf8A1w&Lh0h=ZTdp6Lqh8

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:51935 -> 164.124.101.2:53	2025106	ET INFO DNS Query for Suspicious .ml Domain	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 192.185.174.18:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 192.185.174.18:80	2031091	ET HUNTING Request to .ML Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 192.185.174.18:80	2032988	ET INFO HTTP Request to a *.ml domain	Potentially Bad Traffic
TCP 192.168.56.103:49168 -> 23.88.111.156:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 23.88.111.156:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 23.88.111.156:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 204.188.203.155:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 204.188.203.155:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 204.188.203.155:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 204.188.203.155:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 192.0.78.24:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 192.0.78.24:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 192.0.78.24:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts