NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 03:11
여행예감, 고객 맞춤형 해외여행 상품권 출시
11.19 03:11
Taiwanese Banks Curtai...
11.19 03:11
Sony in Talks to Buy J...
11.19 03:11
Keppel DC REIT Buys Ge...
11.19 03:11
25년 주요 침해사고 탐지·조치·대응 시...
11.19 03:11
엑티브아이티, LG유플러스 2024년 1...
11.19 03:11
AI 기반 메타버스 상담 플랫폼 ‘유마인...
11.19 03:11
리튬포어스, 카카오프렌즈 미니미 초소형 ...
11.19 03:11
신벗고, 국내산 황토흙으로 만든 ‘황토 ...
11.19 03:11
Tearing Down A SLA Pri...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.185.34.69	Active	Moloch
34.102.136.180	Active	Moloch
63.141.242.45	Active	Moloch

Name	Response	Post-Analysis Lookup
www.dxyzcmag2020.com	A 192.185.34.69 CNAME dxyzcmag2020.com	192.185.34.69
www.cheerleader.social	A 34.102.136.180 CNAME cheerleader.social	34.102.136.180
www.thegolfteeshop.co.uk	A 63.141.242.45	192.187.111.221

TCP Requests

UDP Requests

GET 302 http://www.thegolfteeshop.co.uk/ne28/?nt=K/QquFSLCT6SHQtXqS9KZNz2E1nT41LQyHDinzr5rCYDnh7lOTnJor+/6Ao5uyam5FAZgZdS&3f=IDKDM4yx

GET 403 http://www.cheerleader.social/ne28/?nt=QIBqzfyuwmd08S5Fr4cAIJuVYfBbaPfWiet8qJkSDORvSiAt06bTXOkMjqzUMWWfimWxqrUt&3f=IDKDM4yx

GET 301 http://www.dxyzcmag2020.com/ne28/?nt=7UlcrdHfjryVNLuav6biQlnb/gmvZFc382PxA7WDlNsESSGRXHNiF386U5itZs7WgqnA+czL&3f=IDKDM4yx

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 192.185.34.69:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 192.185.34.69:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 192.185.34.69:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 63.141.242.45:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 63.141.242.45:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 63.141.242.45:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts