NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.29 05:04
tomcaterror.bmpqoq
04.29 04:04
qoq.ps1
04.29 04:04
Important_Document.pdf...
04.29 04:04
dllbase64reverse.txt.exe
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...
04.29 10:04
csr.bin
04.29 10:04
test.exe
04.29 10:04
FreePhotoShop%20Meme%2...
04.29 10:04
discord.exe

Latest News
04.30 02:04
The DIY 1982 Picture P...
04.30 02:04
More Scans for SMS Gat...
04.30 02:04
Quantum threat mitigat...
04.30 02:04
Palo Alto Networks' re...
04.30 02:04
Google Serverless Spar...
04.30 02:04
Google Serverless Spar...
04.30 02:04
Meta Launches Standalo...
04.30 02:04
Intel Says Clients Pre...
04.30 02:04
Elektronische Patiente...
04.30 02:04
Microsoft announces th...

NetWork | ZeroBOX

IP Address	Status	Action
104.21.69.166	Active	Moloch
163.197.224.28	Active	Moloch
164.124.101.2	Active	Moloch
185.53.179.174	Active	Moloch
199.15.163.128	Active	Moloch

Name	Response	Post-Analysis Lookup
www.coffeeforyou56.com	A 172.67.210.140 A 104.21.69.166	104.21.69.166
www.suratdimond.com	A 163.197.224.28	163.197.224.28
www.lesyeuxdanslespoches.com	CNAME balancer-ccm.wixdns.net CNAME gcdn0.wixdns.net CNAME td-balancer-199-15-163-128.wixdns.net A 199.15.163.128	199.15.163.148
www.floridaindianrivergeoves.com	A 185.53.179.174	185.53.179.174

TCP Requests

UDP Requests

GET 404 http://www.coffeeforyou56.com/wh23/?u6Ad=+Z/9GnRooy4uMI/2ytyzBxmfIRzkEihmLnUbG9gon5BvVZqaawbrlsvFopSkMy8/ynATbtGm&9rQl7P=xPJtLXbP

GET 0 http://www.lesyeuxdanslespoches.com/wh23/?u6Ad=2UBdbPyJ3BJ1PizOWtFy1nFuYMz29j0z90R/CygIgf7oXdu1OYqDC0mFcr3+ZljEfmCRWGcD&9rQl7P=xPJtLXbP

GET 403 http://www.floridaindianrivergeoves.com/wh23/?u6Ad=HQs9sY6MfmjvG4BCT+S8X4weKQ3jHGmqz4mij5NJ3M2nb+7m/H8tNbVgpdoIwpufVMaXPBq3&9rQl7P=xPJtLXbP

GET 404 http://www.suratdimond.com/wh23/?u6Ad=jUJ7bRHoxkHA5rahzGpJGSe+g9rlOc6E7RlDBgSrRJk0jchNThhp3wI7m3+F7bQyA0QFLd33&9rQl7P=xPJtLXbP

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49166 -> 104.21.69.166:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.69.166:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.69.166:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts