NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 03:11
여행예감, 고객 맞춤형 해외여행 상품권 출시
11.19 03:11
Taiwanese Banks Curtai...
11.19 03:11
Sony in Talks to Buy J...
11.19 03:11
Keppel DC REIT Buys Ge...
11.19 03:11
25년 주요 침해사고 탐지·조치·대응 시...
11.19 03:11
엑티브아이티, LG유플러스 2024년 1...
11.19 03:11
AI 기반 메타버스 상담 플랫폼 ‘유마인...
11.19 03:11
리튬포어스, 카카오프렌즈 미니미 초소형 ...
11.19 03:11
신벗고, 국내산 황토흙으로 만든 ‘황토 ...
11.19 03:11
Tearing Down A SLA Pri...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.0.78.24	Active	Moloch
35.227.197.36	Active	Moloch
76.223.105.230	Active	Moloch

Name	Response	Post-Analysis Lookup
www.ndyc.africa
www.rahilprakash.com	CNAME rahilprakash.com A 76.223.105.230 A 13.248.243.5	13.248.243.5
www.cloud-spartan.co.uk	A 35.227.197.36	35.227.197.36
www.oliviahodges04.uk	A 192.0.78.25 A 192.0.78.24 CNAME oliviahodges04.uk	192.0.78.24

TCP Requests

UDP Requests

GET 301 http://www.oliviahodges04.uk/sa79/?T8kD=3HmUkRFWstZ/xsvvXCVgYJLRrrcnJmgiwegIDeQwZYyLk7GSagwRMPBNdLuE3jtARa50r64A&Vnw0Z=-Z2hTbdPQ2dhN4y

GET 301 http://www.rahilprakash.com/sa79/?T8kD=FQxM/LfEtsdNPd9lcQ3fHhWjGCP7SrZqu0I9GJfO6cOgbFH11N56o5A937py/xwkq6yJtR1f&Vnw0Z=-Z2hTbdPQ2dhN4y

GET 403 http://www.cloud-spartan.co.uk/sa79/?T8kD=jkxHAd9GAbQei4M5qdOAezShFl0g6rfkBT3I54TzQtwvhmYtcfZekS4RyxImys3XUoylJySQ&Vnw0Z=-Z2hTbdPQ2dhN4y

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49169 -> 192.0.78.24:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 192.0.78.24:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 192.0.78.24:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 76.223.105.230:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 76.223.105.230:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 76.223.105.230:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 35.227.197.36:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 35.227.197.36:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 35.227.197.36:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts