NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 05:11
Iranian threat group t...
11.14 05:11
Palo Alto Networks sec...
11.14 05:11
Agencies push for digi...
11.14 05:11
Statt Wechsel auf Wind...
11.14 05:11
KI-Übersetzer für Meet...
11.14 05:11
ChatGPT knackt Rekord:...
11.14 05:11
Amazon stellt 40.000 K...
11.14 05:11
[Control systems] Siem...
11.14 05:11
OpenAI Nears Launch of...
11.14 04:11
Execs identify AI-driv...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
194.147.115.117	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 http://194.147.115.117/zzztop/PhoenixMiner.exe

GET 200 http://194.147.115.117/zzztop/This.exe

GET 200 http://194.147.115.117/zzztop/This.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

Command	Params	Type
CONNECT	%s HTTP/%s	client

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49199 -> 194.147.115.117:80	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.101:49199 -> 194.147.115.117:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49199 -> 194.147.115.117:80	2019935	ET INFO AutoIt User Agent Executable Request	A Network Trojan was detected
TCP 194.147.115.117:80 -> 192.168.56.101:49199	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 194.147.115.117:80 -> 192.168.56.101:49199	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 194.147.115.117:80	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.101:49203 -> 194.147.115.117:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49203 -> 194.147.115.117:80	2019935	ET INFO AutoIt User Agent Executable Request	A Network Trojan was detected
TCP 192.168.56.101:49203 -> 194.147.115.117:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 194.147.115.117:80 -> 192.168.56.101:49203	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 194.147.115.117:80 -> 192.168.56.101:49203	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 194.147.115.117:80	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.101:49205 -> 194.147.115.117:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49205 -> 194.147.115.117:80	2019935	ET INFO AutoIt User Agent Executable Request	A Network Trojan was detected
TCP 192.168.56.101:49205 -> 194.147.115.117:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 194.147.115.117:80 -> 192.168.56.101:49205	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 194.147.115.117:80 -> 192.168.56.101:49205	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts