NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 09:09
Critical Vulnerability...
09.20 09:09
Amazon Fire TV Stick S...
09.20 09:09
[NEU] [mittel] Red Hat...
09.20 09:09
Passwordless AND Keyle...
09.20 09:09
[UPDATE] [mittel] IBM ...
09.20 08:09
Farmers Look to AI-Pow...
09.20 08:09
Microsoft’s AI Power N...
09.20 08:09
Simplify NIS2 complian...
09.20 08:09
COBB Tuning Hit With $...
09.20 08:09
Iranian APT UNC1860 Li...

NetWork | ZeroBOX

IP Address	Status	Action
103.224.182.252	Active	Moloch
164.124.101.2	Active	Moloch
172.67.172.5	Active	Moloch
192.187.101.110	Active	Moloch
194.58.112.174	Active	Moloch
199.21.76.77	Active	Moloch
199.59.243.224	Active	Moloch
206.237.167.5	Active	Moloch
45.33.6.223	Active	Moloch
66.29.149.4	Active	Moloch

Name	Response	Post-Analysis Lookup
www.houtaijiaju.com	A 206.237.167.5	206.237.167.5
www.ronikonmet.online	A 194.58.112.174	194.58.112.174
www.ozu-sushi.com	A 199.59.243.224	199.59.243.224
www.admiralx-qjff.buzz	A 172.67.172.5 A 104.21.79.241	172.67.172.5
www.saintprojetdesalers.com	A 103.224.182.252	103.224.182.252
www.innovativefewsustra.com	A 199.21.76.77	199.21.76.77
www.aboutmart.info	A 66.29.149.4	66.29.149.4
www.hummall.com	A 192.187.101.110 CNAME hummall.com	192.187.101.110
www.sqlite.org	A 45.33.6.223	45.33.6.223

TCP Requests

UDP Requests

POST 0 http://www.houtaijiaju.com/stcf/

GET 0 http://www.houtaijiaju.com/stcf/?RMuHL=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&J8=1fA1FL4

GET 404 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip

GET 200 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip

POST 302 http://www.saintprojetdesalers.com/stcf/

POST 302 http://www.saintprojetdesalers.com/stcf/

GET 302 http://www.saintprojetdesalers.com/stcf/?RMuHL=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&J8=1fA1FL4

POST 404 http://www.ronikonmet.online/stcf/

POST 404 http://www.ronikonmet.online/stcf/

GET 404 http://www.ronikonmet.online/stcf/?RMuHL=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&J8=1fA1FL4

POST 404 http://www.hummall.com/stcf/

POST 404 http://www.hummall.com/stcf/

GET 301 http://www.hummall.com/stcf/?RMuHL=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&J8=1fA1FL4

POST 301 http://www.admiralx-qjff.buzz/stcf/

POST 301 http://www.admiralx-qjff.buzz/stcf/

GET 301 http://www.admiralx-qjff.buzz/stcf/?RMuHL=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&J8=1fA1FL4

POST 200 http://www.innovativefewsustra.com/stcf/

POST 200 http://www.innovativefewsustra.com/stcf/

GET 200 http://www.innovativefewsustra.com/stcf/?RMuHL=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&J8=1fA1FL4

POST 404 http://www.aboutmart.info/stcf/

POST 404 http://www.aboutmart.info/stcf/

GET 404 http://www.aboutmart.info/stcf/?RMuHL=U3Hdzf4+NthdwoRpHnYAtQn3xNbqAVbGixRD45JbkQ2tjCPrd668asZ32u/Z/WUAQbK0mo64IDMrfMoRJRydMFx21uDMy5x8Dc/xGxo=&J8=1fA1FL4

POST 200 http://www.ozu-sushi.com/stcf/

POST 200 http://www.ozu-sushi.com/stcf/

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49182 -> 172.67.172.5:80	2032991	ET INFO HTTP Request to a *.buzz domain	Potentially Bad Traffic
TCP 192.168.56.102:49180 -> 172.67.172.5:80	2032991	ET INFO HTTP Request to a *.buzz domain	Potentially Bad Traffic
TCP 192.168.56.102:49181 -> 172.67.172.5:80	2032991	ET INFO HTTP Request to a *.buzz domain	Potentially Bad Traffic
TCP 199.21.76.77:80 -> 192.168.56.102:49185	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts