NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...
01.18 03:01
A Field Expedient Weld...
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
65.254.250.192	Active	Moloch
76.76.21.241	Active	Moloch

Name	Response	Post-Analysis Lookup
www.ngmnetwork.com	A 65.254.250.192	65.254.250.192
www.appsrocky.top
www.jonathanvuportfolio.website	A 76.76.21.123 A 76.76.21.241	76.76.21.123

UDP Requests

GET 401 http://www.ngmnetwork.com/o5gu/?nRntHD=nt54C05KUkIvbOhXcmX2JQxj1c8TC2AD0f5qM8oIBe83LqreralmCs6eOllIegrlb6Ji0dmb&Lh38w=ATUDS8l

GET 308 http://www.jonathanvuportfolio.website/o5gu/?nRntHD=s49Z/zB4WxMPm1wKIpwtofnGUZAAmhHqcm3eZ7CT59XMMjyacZTQ4OMMqMGT9RUeDBDjK0yu&Lh38w=ATUDS8l

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:50800 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 65.254.250.192:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 76.76.21.241:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts