NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.21 01:04
update.exe
04.21 01:04
dxw86.exe
04.21 01:04
USDTFlash.exe
04.21 01:04
newfour.exe
04.21 01:04
nircmd.exe
04.21 01:04
dwinxp64.exe
04.21 01:04
rr.exe
04.21 01:04
Deku_X_Cheat.dll
04.21 01:04
random.exe
04.21 01:04
Explerer.exe

Latest News
04.21 03:04
본아페티, 미국 와이오밍 S급 벤토나이트...
04.21 03:04
TSMC Warns of Limits o...
04.21 03:04
코오롱베니트, 자체 개발 ‘AI 비전 인...
04.21 02:04
뮤즈라이브 키트앨범, Those Damn...
04.21 02:04
쿠도커뮤니케이션, ‘2025 TXOne ...
04.21 02:04
Preventing Galvanic Co...
04.21 02:04
엠리무진, ‘디 올 뉴 팰리세이드 하이리...
04.21 02:04
케이토네트웍스, 단일 벤더 SASE 플랫...
04.21 02:04
시큐아이 'BLUEMAX WIPS', W...
04.21 02:04
엔키화이트햇, K-CTI 2025서 ‘O...

NetWork | ZeroBOX

IP Address	Status	Action
176.113.115.6	Active	Moloch
176.113.115.7	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests
- 192.168.56.101:137 192.168.56.255:137
- 192.168.56.103:137 192.168.56.101:137

GET 200 http://176.113.115.7/mine/random.exe

POST 200 http://176.113.115.6/Ni9kiput/index.php

POST 200 http://176.113.115.6/Ni9kiput/index.php

GET 200 http://176.113.115.7/files/7033027882/ZqkKpwG.exe

POST 200 http://176.113.115.6/Ni9kiput/index.php

GET 200 http://176.113.115.7/files/5163778194/zx4PJh6.exe

POST 200 http://176.113.115.6/Ni9kiput/index.php

GET 200 http://176.113.115.7/files/7684569444/advnrNo.exe

POST 200 http://176.113.115.6/Ni9kiput/index.php

POST 200 http://176.113.115.6/Ni9kiput/index.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49167 -> 176.113.115.7:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 176.113.115.7:80 -> 192.168.56.101:49167	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 176.113.115.7:80 -> 192.168.56.101:49167	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 176.113.115.7:80 -> 192.168.56.101:49167	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 176.113.115.7:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 176.113.115.7:80 -> 192.168.56.101:49178	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 176.113.115.7:80 -> 192.168.56.101:49178	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 176.113.115.7:80 -> 192.168.56.101:49178	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49173 -> 176.113.115.7:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 176.113.115.7:80 -> 192.168.56.101:49173	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 176.113.115.7:80 -> 192.168.56.101:49173	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 176.113.115.7:80 -> 192.168.56.101:49173	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49173 -> 176.113.115.7:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts