NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
04.30 02:04
Back to Reality with t...
04.30 02:04
넷앱, 스토리지 계층 사이버보안 표준 새...
04.30 02:04
Xiaomi Joins China AI ...
04.30 02:04
Toyota to Partner With...
04.30 02:04
한국핀테크지원센터, ‘2025년 핀테크 ...
04.30 02:04
KISA, 공공기관 고객만족도 조사 최고...
04.30 01:04
레퍼런스체크코리아, 커리어플랜과 전략적 ...
04.30 01:04
킹메이커, 약국 특화 마케팅으로 평균 매...
04.30 01:04
중국의 '은밀한 위협', 전기차 배터리가...
04.30 12:04
포유디지탈, 초록우산 울산지역본부 아동 ...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
208.95.112.1	Active	Moloch
92.255.85.2	Active	Moloch

Name	Response	Post-Analysis Lookup
ip-api.com	A 208.95.112.1	208.95.112.1

TCP Requests

UDP Requests

GET 200 http://92.255.85.2/qx.exe

:	GET /qx.exe HTTP/1.1
Host:	92.255.85.2
Connection:	Keep-Alive

:	HTTP/1.1 200 OK
Content-Type:	application/octet-stream
Last-Modified:	Wed, 02 Apr 2025 10
Accept-Ranges:	bytes
ETag:	"46ce3f19b8a3db1
Server:	Microsoft-IIS/10.0
Date:	Fri, 04 Apr 2025 00
Content-Length:	55296

GET 200 http://ip-api.com/line

:	GET /line HTTP/1.1
Host:	ip-api.com
Connection:	Keep-Alive

:	HTTP/1.1 200 OK
Date:	Fri, 04 Apr 2025 00
Content-Type:	text/plain; charset=utf-8
Content-Length:	126
Access-Control-Allow-Origin:	*
X-Ttl:	60
X-Rl:	44

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2054141	ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49161 -> 92.255.85.2:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49161 -> 92.255.85.2:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 92.255.85.2:80 -> 192.168.56.101:49161	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 92.255.85.2:80 -> 192.168.56.101:49161	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 92.255.85.2:80 -> 192.168.56.101:49161	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts