NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 09:09
Critical Vulnerability...
09.20 09:09
Amazon Fire TV Stick S...
09.20 09:09
[NEU] [mittel] Red Hat...
09.20 09:09
Passwordless AND Keyle...
09.20 09:09
[UPDATE] [mittel] IBM ...
09.20 08:09
Farmers Look to AI-Pow...
09.20 08:09
Microsoft’s AI Power N...
09.20 08:09
Simplify NIS2 complian...
09.20 08:09
COBB Tuning Hit With $...
09.20 08:09
Iranian APT UNC1860 Li...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
167.172.228.26	Active	Moloch
34.102.136.180	Active	Moloch
34.149.87.45	Active	Moloch
43.154.67.170	Active	Moloch

Name	Response	Post-Analysis Lookup
www.mysticheightstrail.com	CNAME mysticheightstrail.com A 34.102.136.180	34.102.136.180
www.zhperviepixie.com	CNAME zhperviepixie.com A 167.172.228.26	167.172.228.26
www.drpenawaraircondhargarahmah.com
www.gracefullytouchedartistry.com	CNAME cdn1.wixdns.net CNAME td-ccm-neg-87-45.wixdns.net A 34.149.87.45	34.149.87.45
www.thwmlohr.click	A 43.154.67.170	43.154.67.170

TCP Requests

UDP Requests

GET 403 http://www.mysticheightstrail.com/sy22/?EDK8gDR=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&BZ=E2M4oNPx_Ln

GET 404 http://www.zhperviepixie.com/sy22/?EDK8gDR=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&BZ=E2M4oNPx_Ln

GET 429 http://www.gracefullytouchedartistry.com/sy22/?EDK8gDR=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&BZ=E2M4oNPx_Ln

GET 404 http://www.thwmlohr.click/sy22/?EDK8gDR=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&BZ=E2M4oNPx_Ln

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 167.172.228.26:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 43.154.67.170:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 34.149.87.45:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts