NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.19 07:11
Scammer Black Friday o...
11.19 07:11
How Stealer Logs Targe...
11.19 07:11
ICE Can Already Sidest...
11.19 07:11
US to Fund Chip ‘Digit...
11.19 07:11
[UPDATE] [kritisch] VM...
11.19 07:11
[UPDATE] [kritisch] Pa...
11.19 07:11
Sicherheitslücken in N...
11.19 07:11
Lücken in FortiClient,...
11.19 07:11
Datenleck bei Infoscor...
11.19 07:11
IT Sicherheitsnews stü...

NetWork | ZeroBOX

IP Address	Status	Action
192.227.228.38	Active	Moloch
99.86.207.50	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49167 192.227.228.38:80
- 99.86.207.50:443 192.168.56.103:49186

UDP Requests

GET 200 http://192.227.228.38/0014/vbc.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49167 -> 192.227.228.38:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 192.227.228.38:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.227.228.38:80 -> 192.168.56.103:49167	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.227.228.38:80 -> 192.168.56.103:49167	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.227.228.38:80 -> 192.168.56.103:49167	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 192.227.228.38:80 -> 192.168.56.103:49167	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts