NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 06:11
Spot the Difference: E...
11.19 06:11
The Barcode Beast Like...
11.19 06:11
China’s Chip Advances ...
11.19 06:11
이지중고가전, 나눔과 환경보호로 사회적공...
11.19 06:11
Spot the Difference: E...
11.19 05:11
[AIS 2024 영상] KISA 강동우...
11.19 05:11
WVC대학교, 테솔자격증 장학생 모집 실시
11.19 05:11
[긴급] 현재 사이버 공격에 악용중인 팔...
11.19 05:11
온도의민족, 출시 동시에 일시품절...리...
11.19 05:11
[긴급] 중국 해커, 포티넷 VPN 제로...

NetWork | ZeroBOX

IP Address	Status	Action
81.68.216.37	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 http://81.68.216.37/server.exe

GET 200 http://81.68.216.37/server.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49161 -> 81.68.216.37:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49161 -> 81.68.216.37:80	2022550	ET MALWARE Possible Malicious Macro DL EXE Feb 2016	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 81.68.216.37:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 81.68.216.37:80	2022550	ET MALWARE Possible Malicious Macro DL EXE Feb 2016	A Network Trojan was detected
TCP 81.68.216.37:80 -> 192.168.56.101:49161	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 81.68.216.37:80 -> 192.168.56.101:49163	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 81.68.216.37:80 -> 192.168.56.101:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 81.68.216.37:80 -> 192.168.56.101:49163	2020500	ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)	Exploit Kit Activity Detected
TCP 81.68.216.37:80 -> 192.168.56.101:49163	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 81.68.216.37:80 -> 192.168.56.101:49163	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 81.68.216.37:80 -> 192.168.56.101:49163	2014520	ET INFO EXE - Served Attached HTTP	Misc activity
TCP 81.68.216.37:80 -> 192.168.56.101:49161	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 81.68.216.37:80 -> 192.168.56.101:49161	2020500	ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)	Exploit Kit Activity Detected
TCP 81.68.216.37:80 -> 192.168.56.101:49161	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 81.68.216.37:80 -> 192.168.56.101:49161	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 81.68.216.37:80 -> 192.168.56.101:49161	2014520	ET INFO EXE - Served Attached HTTP	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts