NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 07:11
Former FTX Coder Wang ...
11.14 06:11
Jenkins security advis...
11.14 06:11
Nu Posts Record Return...
11.14 06:11
Cisco Gives Strong Rev...
11.14 06:11
US Accuses China of ‘B...
11.14 06:11
Landscape Motif Makes ...
11.14 05:11
Iranian threat group t...
11.14 05:11
Palo Alto Networks sec...
11.14 05:11
Agencies push for digi...
11.14 05:11
Statt Wechsel auf Wind...

NetWork | ZeroBOX

IP Address	Status	Action
185.117.88.231	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
yigeyo.xyz	A 185.117.88.231	185.117.88.231

TCP Requests
- 185.117.88.231:80 192.168.56.103:49163

UDP Requests

GET 200 http://yigeyo.xyz/21_2/huge.dat

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49163 -> 185.117.88.231:80	2011227	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))	Potentially Bad Traffic
TCP 185.117.88.231:80 -> 192.168.56.103:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts