NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.21 03:04
US.png
04.21 03:04
jquery.dataTables.js.p...
04.21 03:04
jquery-2.2.1.min.js.po...
04.21 03:04
jquery.min.js.pobrane
04.21 03:04
pace.min.js.pobrane
04.21 03:04
bootstrap.bundle.min.j...
04.21 03:04
aes.js.pobrane
04.21 03:04
toastr.min.js.pobrane
04.21 03:04
dataTables.bootstrap4....
04.21 03:04
sweetalert.min.js.pobrane

Latest News
04.21 02:04
The Most Printable 3D ...
04.21 02:04
Über 216.000 Daten von...
04.21 02:04
Texte in Audiodateien ...
04.21 02:04
Peking: Humanoide Robo...
04.21 12:04
갤럭시 스마트폰,삼성 중고폰 공장 초기화...
04.21 12:04
IT Sicherheitsnews tae...
04.21 12:04
Bundescloud: Kosten fü...
04.20 11:04
Reverse Engineering Ac...
04.20 11:04
Low Cost Oscilloscope ...
04.20 10:04
Chinese Ghost Hackers ...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
52.26.80.133	Active	Moloch

Name	Response	Post-Analysis Lookup
secure01-redirect.net	A 52.26.80.133	52.26.80.133

TCP Requests

UDP Requests

POST 200 http://secure01-redirect.net/gc20/fre.php

POST 200 http://secure01-redirect.net/gc20/fre.php

POST 200 http://secure01-redirect.net/gc20/fre.php

POST 200 http://secure01-redirect.net/gc20/fre.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 52.26.80.133:80	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	A Network Trojan was detected
TCP 192.168.56.102:49168 -> 52.26.80.133:80	2025381	ET MALWARE LokiBot Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 52.26.80.133:80	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	A Network Trojan was detected
TCP 52.26.80.133:80 -> 192.168.56.102:49168	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	A Network Trojan was detected
TCP 52.26.80.133:80 -> 192.168.56.102:49168	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	A Network Trojan was detected
TCP 192.168.56.102:49172 -> 52.26.80.133:80	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	A Network Trojan was detected
TCP 192.168.56.102:49172 -> 52.26.80.133:80	2025381	ET MALWARE LokiBot Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 52.26.80.133:80	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 52.26.80.133:80	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.26.80.133:80	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	A Network Trojan was detected
TCP 192.168.56.102:49169 -> 52.26.80.133:80	2025381	ET MALWARE LokiBot Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.26.80.133:80	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.26.80.133:80	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 52.26.80.133:80	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	A Network Trojan was detected
TCP 192.168.56.102:49166 -> 52.26.80.133:80	2025381	ET MALWARE LokiBot Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 52.26.80.133:80	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts