NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...
09.21 12:09
Updated CISA exploited...
09.21 12:09
Several orgs purported...
09.21 12:09
New CISA guidance seek...
09.21 12:09
Lumma Stealer deployed...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.246.220.85	Active	Moloch
64.185.227.156	Active	Moloch

Name	Response	Post-Analysis Lookup
api.ipify.org	A 64.185.227.156 CNAME api4.ipify.org A 104.237.62.211 A 173.231.16.76	173.231.16.76

UDP Requests

GET 200 http://185.246.220.85/damianozx.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49163 -> 185.246.220.85:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.246.220.85:80 -> 192.168.56.103:49163	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 185.246.220.85:80 -> 192.168.56.103:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.246.220.85:80 -> 192.168.56.103:49163	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 185.246.220.85:80 -> 192.168.56.103:49163	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 64.185.227.156:443 -> 192.168.56.103:49169	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49169 -> 64.185.227.156:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts