NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...

NetWork | ZeroBOX

IP Address	Status	Action
15.197.130.221	Active	Moloch
15.197.148.33	Active	Moloch
15.197.204.56	Active	Moloch
156.245.54.118	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
www.diverseindiatours.com	A 15.197.130.221	15.197.130.221
www.sanpan010.com
www.hndswicco.best	A 15.197.204.56 A 3.33.243.145	15.197.204.56
www.time-edu.net	A 156.245.54.118	156.245.54.118
www.chucobuilt.net	A 15.197.148.33 A 3.33.130.190 CNAME chucobuilt.net	15.197.148.33

TCP Requests

UDP Requests

GET 403 http://www.hndswicco.best/ge06/?P6A=PQptMrbywirwOBsv2/k9gasn5Q9AT3eVC9w1MPVM+581myTPrrPRsbPASzXeYXe5c34Wjnkd&1bS=W6O8DXLhJ

GET 403 http://www.diverseindiatours.com/ge06/?P6A=IlJ6uct7nLNOkVUg7dSIO1ufNnudgOP1rBW9T1wcy5Ojeqv/jFwMq4W339KeBHdyAUeSR3I5&1bS=W6O8DXLhJ

GET 403 http://www.chucobuilt.net/ge06/?P6A=mgJZc34E+QHjHDFP2795MijuneaKxhMRMXDMLqe7oIpY9TsA6d7BobIv4A2nrFt6YRi7hqu+&1bS=W6O8DXLhJ

GET 403 http://www.time-edu.net/ge06/?P6A=3gVulpDN/zRIaENLvBRBOU+GJXsTSPVd6fpjgkIicxSY0YrdfquFm+i5o+mpo+HrdASdsMrY&1bS=W6O8DXLhJ

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 15.197.130.221:80 -> 192.168.56.101:49167	2527001	ET Threatview.io High Confidence Cobalt Strike C2 IP group 2	Misc Attack
TCP 192.168.56.101:49168 -> 15.197.148.33:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 15.197.130.221:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 15.197.204.56:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 156.245.54.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts