NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 05:11
Iranian threat group t...
11.14 05:11
Palo Alto Networks sec...
11.14 05:11
Agencies push for digi...
11.14 05:11
Statt Wechsel auf Wind...
11.14 05:11
KI-Übersetzer für Meet...
11.14 05:11
ChatGPT knackt Rekord:...
11.14 05:11
Amazon stellt 40.000 K...
11.14 05:11
[Control systems] Siem...
11.14 05:11
OpenAI Nears Launch of...
11.14 04:11
Execs identify AI-driv...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
164.132.235.17	Active	Moloch
184.168.131.241	Active	Moloch
198.185.159.145	Active	Moloch
20.43.94.199	Active	Moloch
34.102.136.180	Active	Moloch
37.59.172.100	Active	Moloch

Name	Response	Post-Analysis Lookup
www.bastroppumpkinpatch.com	A 184.168.131.241 CNAME bastroppumpkinpatch.com	184.168.131.241
www.orthorghet.com
www.12grids.com	A 34.102.136.180 CNAME 12grids.com	34.102.136.180
www.actu-positives.com	A 164.132.235.17	164.132.235.17
www.bristolfestivals.network	A 198.49.23.145 CNAME ext-sq.squarespace.com A 198.185.159.144 A 198.49.23.144 A 198.185.159.145	198.49.23.144
www.caishen366.com
www.manufacturademexico.com	CNAME manufacturademexico.com A 37.59.172.100	37.59.172.100
www.communityredport.com

TCP Requests

UDP Requests

POST 405 http://www.12grids.com/amis/

GET 403 http://www.12grids.com/amis/?uZi0=psrw+R6Q9Jjde+E3CcaLJDP0XdBln8JLHvq3u3Pgl5rTrpe13P6N0QtZNFTT+LzRljSMbO1p&Vnt48=GTd0sn7PSV8h7fY

POST 0 http://www.manufacturademexico.com/amis/

GET 502 http://www.manufacturademexico.com/amis/?uZi0=sPdhRSzn5V3HtrT4YMduOlaljhy3aEu0KnwFtxuLUZsWoGYhKpJFzPTxi2g56+/rwHwdINSs&Vnt48=GTd0sn7PSV8h7fY

POST 0 http://www.bastroppumpkinpatch.com/amis/

GET 301 http://www.bastroppumpkinpatch.com/amis/?uZi0=Zztpo3Qg6eQvKRHyXCtHHCkqSp5t5TCMPeCDMzGI5iClRJ18pLJ4+tNlnvg2Sp1RBSWHCjAo&Vnt48=GTd0sn7PSV8h7fY

POST 502 http://www.bristolfestivals.network/amis/

GET 400 http://www.bristolfestivals.network/amis/?uZi0=usZm+hsbL/FsEOjR3VWL7jHfDQnA3qjkeu6s4A35LkS4Fs/X4CFjwFQKANIX3W+bg6ZPhFtv&Vnt48=GTd0sn7PSV8h7fY

POST 0 http://www.actu-positives.com/amis/

GET 301 http://www.actu-positives.com/amis/?uZi0=YzdasE/8BZtD+pBVZFDVL42OR+puwIFqNbrJQtY8fKpFyhW17l2eSpfRlPlWcFlVBa/JtS8h&Vnt48=GTd0sn7PSV8h7fY

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49221 -> 198.185.159.145:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 198.185.159.145:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 198.185.159.145:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 164.132.235.17:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 164.132.235.17:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 164.132.235.17:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 184.168.131.241:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 184.168.131.241:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 184.168.131.241:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 37.59.172.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 37.59.172.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 37.59.172.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts