NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 09:11
Mishing: The Rising Mo...
11.13 09:11
Europe’s Tech Startups...
11.13 09:11
NASA Announces New Tri...
11.13 09:11
Microsoft’s Gaming Chi...
11.13 09:11
Amazon Makes it Harder...
11.13 09:11
Brain Implant Startups...
11.13 09:11
Comprehensive Guide to...
11.13 08:11
Major Cyber Attacks in...
11.13 08:11
Tesla’s Meme-Like Stoc...
11.13 08:11
HawkEye Malware: Techn...

NetWork | ZeroBOX

IP Address	Status	Action
117.236.188.177	Active	Moloch
134.35.106.7	Active	Moloch
146.70.53.161	Active	Moloch
151.234.69.79	Active	Moloch
151.235.83.141	Active	Moloch
164.124.101.2	Active	Moloch
178.217.173.26	Active	Moloch
185.215.113.66	Active	Moloch
20.72.235.82	Active	Moloch
217.30.171.37	Active	Moloch
46.248.37.21	Active	Moloch
5.233.65.104	Active	Moloch
78.106.189.161	Active	Moloch
82.137.218.134	Active	Moloch
94.183.35.131	Active	Moloch
95.59.234.182	Active	Moloch

Name	Response	Post-Analysis Lookup
www.update.microsoft.com	A 20.72.235.82 CNAME redir.update.msft.com.trafficmanager.net	20.72.235.82

TCP Requests
- 192.168.56.103:49163 185.215.113.66:80
- 192.168.56.103:49164 185.215.113.66:80

UDP Requests

GET 404 http://185.215.113.66/1

GET 200 http://185.215.113.66/2

GET 200 http://185.215.113.66/2

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:52762 -> 94.183.35.131:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.103:52762 -> 151.234.69.79:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.103:52762 -> 5.233.65.104:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
TCP 185.215.113.66:80 -> 192.168.56.103:49164	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
UDP 192.168.56.103:52762 -> 146.70.53.161:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.103:52762 -> 178.217.173.26:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.103:52762 -> 117.236.188.177:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts