NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.28 11:04
Life on K2-18b? Don’t ...
04.28 11:04
Thiel-Backed Fintech N...
04.28 11:04
[UPDATE] [niedrig] GNU...
04.28 11:04
[UPDATE] [mittel] popp...
04.28 11:04
[UPDATE] [mittel] popp...
04.28 11:04
[UPDATE] [mittel] Red ...
04.28 11:04
[UPDATE] [hoch] popple...
04.28 11:04
Sicherheitslücken: Att...
04.28 11:04
⚡ Weekly Recap: Critic...
04.28 10:04
Cybersecurity CEO Char...

NetWork | ZeroBOX

IP Address	Status	Action
154.22.100.62	Active	Moloch
155.159.61.221	Active	Moloch
162.0.238.93	Active	Moloch
162.214.129.149	Active	Moloch
164.124.101.2	Active	Moloch
192.185.217.47	Active	Moloch
192.185.35.86	Active	Moloch
195.24.68.23	Active	Moloch
2.57.90.16	Active	Moloch
206.233.197.135	Active	Moloch
45.33.6.223	Active	Moloch
66.29.151.40	Active	Moloch

Name	Response	Post-Analysis Lookup
www.brennancorps.info	A 2.57.90.16 CNAME brennancorps.info	2.57.90.16
www.eufidelizo.com	CNAME eufidelizo.com A 192.185.217.47	192.185.217.47
www.foxwhistle.com	A 154.22.100.62	154.22.100.62
www.courdak.info	A 66.29.151.40	66.29.151.40
www.automotiveparts-store.com	CNAME automotiveparts-store.com A 162.0.238.93	162.0.238.93
www.seufi.com	A 2.57.90.16 CNAME seufi.com	2.57.90.16
www.afterdarksocial.club	A 162.214.129.149	162.214.129.149
www.lopezmodeling.com	A 192.185.35.86 CNAME lopezmodeling.com	192.185.35.86
www.lyonfinancialusa.com	A 206.233.197.135	206.233.197.135
www.patrickguarte.com	A 155.159.61.221	155.159.61.221
www.19t221013d.tokyo
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.phootka.ru	A 195.24.68.23	195.24.68.23

TCP Requests

UDP Requests

GET 404 http://www.eufidelizo.com/henz/?8pdL3zD=wcp3urA+/rGtUuNVdzf16ZeZGpZq4XGXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqWKQvjoVWw+U5Y7ODGkonKNL7W0=&3f_X2=Q2JhLx4h0JC

GET 404 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip

GET 200 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip

POST 301 http://www.lyonfinancialusa.com/henz/

GET 301 http://www.lyonfinancialusa.com/henz/?8pdL3zD=I97X75yj3reE70KD0H/Cak1oo2zHy9G/KKFZ2xPoakAfOE75REIsiEdUspxqeb3/DlFpoh36cAjqvl85DwXllB7WLme1uHpNnCumkME=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.afterdarksocial.club/henz/

GET 404 http://www.afterdarksocial.club/henz/?8pdL3zD=8TptbrIX6F4NxrWdTnVKCiNdtmXGEuELv5cUeaX5N5UPFd9Hxy/eCwrx8CSqMIuqYtp16J6ah9tFi3/97BblSlVnUMukTQJmI59ItyY=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.patrickguarte.com/henz/

GET 404 http://www.patrickguarte.com/henz/?8pdL3zD=5p9Ov6C7qce51hIp6nkbqV/d59cDddN77lLEFw6Ufibk2yN56suGmW9SnR2oT5DaW1POG/xMOeVc/Muqlx89dGklgcJInIpBk29/OFI=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.brennancorps.info/henz/

GET 404 http://www.brennancorps.info/henz/?8pdL3zD=P4ST2IJPckjMYpRf2hTG7XGyBDGAy7OOggEf6mHPhnME1yGBMW0exDItYRA37f+XnLyPH15dACF6dKWBGe8FrnsbvwR+k5hXy5NlDxw=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.lopezmodeling.com/henz/

GET 404 http://www.lopezmodeling.com/henz/?8pdL3zD=dpH6BKfQQ0cm5ImeofuKRskABJrBNfLp0vSyI4bn1RZjePkdeS9a/FiQgEdxlvmzsB0l+sQcpRgj8HqvSEXtkBUtM/7b2ek1qpGMuFI=&3f_X2=Q2JhLx4h0JC

POST 200 http://www.foxwhistle.com/henz/

GET 200 http://www.foxwhistle.com/henz/?8pdL3zD=jIhXpQA4pSG2yYWBbTjo4KjMDsvsQ9F5uiLrR0YNz1ez7r/FQUV2XPmUrykxRWDvkt62w03aCUUodajM6m+91s+tfqSr6z5AiriQQhU=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.phootka.ru/henz/

GET 404 http://www.phootka.ru/henz/?8pdL3zD=w1bwPjtuf2ZlKfJJwO+BTMATo3IZhxYr0xwxA7aVeAjkl5kFf+SBsbPh/8ORAg46rPRxP2SAJydpY5hX47JJGDyZCrebhSML6UzwAv0=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.courdak.info/henz/

GET 404 http://www.courdak.info/henz/?8pdL3zD=vdyVzLcxoZUoogW6+NKMfwQ5LAGTMZCWuq0zGM5B+O39UoDsvg/hobD3JDgVlVzjVFZes90R2RhtZev/AI+f5OQ7oLMklDSyOnM4EYU=&3f_X2=Q2JhLx4h0JC

POST 301 http://www.automotiveparts-store.com/henz/

GET 301 http://www.automotiveparts-store.com/henz/?8pdL3zD=l755dn3SV1HJ85bgdYLXX0FitE0O++oBuxO/p/rOD3cyNdqLfUPJLAMkl1O9xhY/fGSw1luYDYlS6H/677nep41+QBgryFqg6K8ooWg=&3f_X2=Q2JhLx4h0JC

POST 404 http://www.seufi.com/henz/

GET 404 http://www.seufi.com/henz/?8pdL3zD=IBGzHMg16oJNSPrzw250+MvRfpuZJ+UNeLGkgBGOsROhXn3QAnT7j8xX9Jlog+RFk3dGiXHpM08k153fm/VBkqw4m0Htf2ZTok+naIQ=&3f_X2=Q2JhLx4h0JC

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 155.159.61.221:80 -> 192.168.56.101:49176	2400012	ET DROP Spamhaus DROP Listed Traffic Inbound group 13	Misc Attack

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts