NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.19 03:01
Putting Cheap Motorcyc...
01.19 03:01
Trump Will ‘Most Likel...
01.19 01:01
DOJ confirms arrested ...
01.19 12:01
Sicher und günstig: Sc...
01.19 12:01
Learn New Tools, or Ho...
01.18 10:01
Deutschland auf Platz ...
01.18 10:01
Suchmaschine: Google-S...
01.18 10:01
24H2: Microsoft drängt...
01.18 09:01
FBI Warned Agents It B...
01.18 09:01
JTAG & SWD Debuggi...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
202.79.173.167	Active	Moloch

Name	Response	Post-Analysis Lookup
feetifu.net

TCP Requests

UDP Requests

GET 200 http://202.79.173.167:8000/1

GET 200 http://202.79.173.167:8000/2

GET 200 http://202.79.173.167:8000/3

GET 200 http://202.79.173.167:8000/4

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 202.79.173.167:8000 -> 192.168.56.101:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 202.79.173.167:8000 -> 192.168.56.101:49163	2023711	ET MALWARE JS/WSF Downloader Dec 08 2016 M7	A Network Trojan was detected
TCP 202.79.173.167:8000 -> 192.168.56.101:49163	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 202.79.173.167:8000 -> 192.168.56.101:49163	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 202.79.173.167:8000 -> 192.168.56.101:49163	2014520	ET INFO EXE - Served Attached HTTP	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts