NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
110.42.3.95	Active	Moloch
116.202.81.93	Active	Moloch
118.25.101.87	Active	Moloch
119.176.96.94	Active	Moloch
125.229.77.252	Active	Moloch
146.148.25.153	Active	Moloch
155.159.241.238	Active	Moloch
157.97.109.159	Active	Moloch
162.0.211.158	Active	Moloch
162.240.68.86	Active	Moloch
178.17.168.102	Active	Moloch
182.92.155.50	Active	Moloch
184.154.46.96	Active	Moloch
80.66.75.214	Active	Moloch
197.234.223.180	Active	Moloch
213.100.160.101	Active	Moloch
213.199.32.146	Active	Moloch
34.43.67.154	Active	Moloch
37.16.7.184	Active	Moloch
38.249.14.69	Active	Moloch
38.249.8.144	Active	Moloch
47.99.144.17	Active	Moloch
63.134.234.92	Active	Moloch
68.183.179.133	Active	Moloch
77.246.158.216	Active	Moloch
79.124.17.242	Active	Moloch
79.96.222.94	Active	Moloch
83.243.47.17	Active	Moloch
87.230.85.251	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

POST 200 http://80.66.75.214/g8djmsaxA/index.php

POST 200 http://80.66.75.214/g8djmsaxA/index.php?scr=1

POST 200 http://80.66.75.214/g8djmsaxA/index.php

GET 200 http://80.66.75.214/g8djmsaxA/Plugins/cred64.dll

POST 200 http://80.66.75.214/g8djmsaxA/index.php

GET 200 http://80.66.75.214/g8djmsaxA/Plugins/clip64.dll

POST 200 http://80.66.75.214/g8djmsaxA/index.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 155.159.241.238:21 -> 192.168.56.103:57971	2400024	ET DROP Spamhaus DROP Listed Traffic Inbound group 25	Misc Attack
TCP 192.168.56.103:49166 -> 80.66.75.214:80	2044597	ET MALWARE Amadey Bot Activity (POST) M1	A Network Trojan was detected
TCP 192.168.56.103:49166 -> 80.66.75.214:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 80.66.75.214:80 -> 192.168.56.103:49166	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 80.66.75.214:80 -> 192.168.56.103:49166	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 80.66.75.214:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts