NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 04:11
비전그룹 & Tuma Enterp...
11.19 04:11
Detecting the Presence...
11.19 04:11
CISA Alert: Active Exp...
11.19 03:11
여행예감, 고객 맞춤형 해외여행 상품권 출시
11.19 03:11
Taiwanese Banks Curtai...
11.19 03:11
Sony in Talks to Buy J...
11.19 03:11
Keppel DC REIT Buys Ge...
11.19 03:11
25년 주요 침해사고 탐지·조치·대응 시...
11.19 03:11
엑티브아이티, LG유플러스 2024년 1...
11.19 03:11
AI 기반 메타버스 상담 플랫폼 ‘유마인...

NetWork | ZeroBOX

IP Address	Status	Action
103.188.120.191	Active	Moloch
164.124.101.2	Active	Moloch
81.169.145.82	Active	Moloch
85.15.189.140	Active	Moloch

Name	Response	Post-Analysis Lookup
www.ldkj9qq.vip
www.reinifix.net	CNAME reinifix.net A 81.169.145.82	81.169.145.82
www.hyrxo.win	A 103.188.120.191 A 103.24.53.30 CNAME jh03-site-21.cdn-ng.net CNAME hv12s8212.ledetipe.com	103.24.53.30
www.1cweb.online	A 85.15.189.140	85.15.189.140
www.cortinasagave.store

TCP Requests

UDP Requests

GET 404 http://www.hyrxo.win/gn35/?_DKdKJa=Px4xbTIrKwyUbcbV7Sa4MFdwj6MuY8cQxHdgLkOTvjLt2qFRB4E1b+Ud0Zeqp82x10XYRgaJ&QZ3=ehux_8Xh401XOrt

GET 404 http://www.1cweb.online/gn35/?_DKdKJa=GGTZroRoL1BXwM3MXiLpR9yEKm8KXFWUPJQo2rBdJCC/pgm2ifzqsBXvCGkh1lxdt+0GDl+4&QZ3=ehux_8Xh401XOrt

GET 404 http://www.reinifix.net/gn35/?_DKdKJa=/oLJKsvMxImT2IdLjwC7RXLGQP6Il4Qvv7Du59jzs3EP6cW1xcwdDxVo3LxxLXdrTKNn2jpT&QZ3=ehux_8Xh401XOrt

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3
192.168.56.103	164.124.101.2	3
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49168 -> 81.169.145.82:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 81.169.145.82:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 81.169.145.82:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 85.15.189.140:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 85.15.189.140:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 85.15.189.140:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 103.188.120.191:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 103.188.120.191:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 103.188.120.191:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts