NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
103.229.126.73	Active	Moloch
144.48.240.173	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49163 -> 144.48.240.173:29106	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 144.48.240.173:29106	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.102:49163 -> 144.48.240.173:29106	2016698	ET HUNTING Suspicious services.exe in URI	Potentially Bad Traffic
TCP 192.168.56.102:49164 -> 144.48.240.173:29106	2016698	ET HUNTING Suspicious services.exe in URI	Potentially Bad Traffic
TCP 144.48.240.173:29106 -> 192.168.56.102:49164	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 144.48.240.173:29106 -> 192.168.56.102:49163	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 144.48.240.173:29106 -> 192.168.56.102:49164	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 144.48.240.173:29106 -> 192.168.56.102:49164	2020500	ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)	Exploit Kit Activity Detected
TCP 144.48.240.173:29106 -> 192.168.56.102:49164	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 144.48.240.173:29106 -> 192.168.56.102:49164	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 144.48.240.173:29106 -> 192.168.56.102:49164	2014520	ET INFO EXE - Served Attached HTTP	Misc activity
TCP 144.48.240.173:29106 -> 192.168.56.102:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 144.48.240.173:29106 -> 192.168.56.102:49163	2020500	ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)	Exploit Kit Activity Detected
TCP 144.48.240.173:29106 -> 192.168.56.102:49163	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 144.48.240.173:29106 -> 192.168.56.102:49163	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 144.48.240.173:29106 -> 192.168.56.102:49163	2014520	ET INFO EXE - Served Attached HTTP	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts