NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.03 05:10
cliloc_fix.exe
10.02 02:10
66fbfccd837ac_vadggdsa...
10.02 02:10
66fc5c187ba75_lyla343.exe
10.02 02:10
66fbfcc301a31_swws.exe
10.02 02:10
66fbd9a4db4c9_Governme...
10.02 02:10
66fb2538369cb_EdgeUpda...
10.02 02:10
cc.js
10.02 02:10
kixx.js
10.02 02:10
66f55533ca7d6_RDPWInst...
10.02 02:10
SPOOF.exe

Latest News
10.03 08:10
Cybersecurity Is Every...
10.03 08:10
Threat actor believed ...
10.03 08:10
Pi Zero Power Optimiza...
10.03 08:10
License Plate Readers ...
10.03 08:10
INTERPOL Arrests 8 in ...
10.03 07:10
What Travelers Need to...
10.03 07:10
Education Industry Thr...
10.03 07:10
Release Notes: Safebro...
10.03 07:10
Q2 2024 Cyber Attacks ...
10.03 07:10
Is it a good idea to p...

NetWork | ZeroBOX

IP Address	Status	Action
103.124.173.35	Active	Moloch
103.54.41.193	Active	Moloch
103.66.72.217	Active	Moloch
154.79.245.158	Active	Moloch
172.217.25.14	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.102:49812 103.54.41.193:443
- 192.168.56.102:49797 172.217.25.14:443

UDP Requests

GET 200 https://103.54.41.193/tot90/TEST22-PC_W617601.F773CB1B97BB6C3311087FB95D3B54AB/5/kps/

ICMP traffic

Source	Destination	ICMP Type	Data
154.79.246.193	192.168.56.102	3
154.79.246.193	192.168.56.102	3
154.79.246.193	192.168.56.102	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49812 -> 103.54.41.193:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 103.54.41.193:443 -> 192.168.56.102:49812	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49812 103.54.41.193:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	bb:48:e9:a1:55:37:8d:d3:de:c1:26:8f:7a:43:8c:19:5e:bb:da:25

Snort Alerts

No Snort Alerts