NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
TikTok Parent ByteDanc...
11.17 12:11
Hackers, Patents, and ...
11.17 12:11
IT Sicherheitsnews tae...
11.17 12:11
Umweltfreundlicher Wha...

NetWork | ZeroBOX

IP Address	Status	Action
156.96.119.123	Active	Moloch
164.124.101.2	Active	Moloch
23.146.242.85	Active	Moloch

Name	Response	Post-Analysis Lookup
d-wave.duckdns.org	A 156.96.119.123	156.96.119.123
dyn-bin.duckdns.org	A 23.146.242.85	23.146.242.85

TCP Requests
- 192.168.56.102:49165 23.146.242.85:80
  dyn-bin.duckdns.org

UDP Requests

GET 200 http://dyn-bin.duckdns.org/remcos_d_fIqfwC80.bin

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:52336 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
UDP 192.168.56.102:64995 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
TCP 156.96.119.123:1144 -> 192.168.56.102:49171	2400015	ET DROP Spamhaus DROP Listed Traffic Inbound group 16	Misc Attack

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts