NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js
09.20 10:09
66ebf725efe38_lyla.exe

Latest News
09.20 11:09
ISC Stormcast For Frid...
09.20 11:09
2024-09-18 SAMBASPY Ja...
09.20 11:09
구립신내노인종합복지관, 지역사회와 함께 ...
09.20 11:09
자동차 부품 제조업체 쉽딱, '트리플X2...
09.20 11:09
[PASCON 2024-영상] 라온시큐어...
09.20 11:09
2024 SAO Contest: The ...
09.20 11:09
Building new hospitals...
09.20 11:09
D-Link Product Securit...
09.20 10:09
2024-09-18 Earth Baxia...
09.20 10:09
Rockwell Automation Pr...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
186.66.15.10	Active	Moloch
186.97.172.178	Active	Moloch
190.110.179.139	Active	Moloch
27.72.107.215	Active	Moloch
34.107.221.82	Active	Moloch

Name	Response	Post-Analysis Lookup
prod.detectportal.prod.cloudops.mozgcp.net	AAAA 2600:1901:0:38d7::	34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.net	A 34.107.221.82	34.107.221.82
mozilla.org	A 44.236.72.93 A 44.236.48.31 A 44.235.246.155	44.236.48.31
detectportal.firefox.com	CNAME prod.detectportal.prod.cloudops.mozgcp.net CNAME detectportal.prod.mozaws.net A 34.107.221.82	34.107.221.82

TCP Requests

UDP Requests

GET 200 https://190.110.179.139/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/

GET 200 https://27.72.107.215/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/

GET 200 https://186.97.172.178/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/

GET 200 https://186.97.172.178/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/

GET 200 https://27.72.107.215/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/

GET 200 http://detectportal.firefox.com/success.txt?ipv4

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49811 -> 190.110.179.139:443	2404311	ET CNC Feodo Tracker Reported CnC Server group 12	A Network Trojan was detected
TCP 192.168.56.102:49812 -> 27.72.107.215:443	2404316	ET CNC Feodo Tracker Reported CnC Server group 17	A Network Trojan was detected
TCP 192.168.56.102:49814 -> 186.66.15.10:443	2404310	ET CNC Feodo Tracker Reported CnC Server group 11	A Network Trojan was detected
TCP 192.168.56.102:49811 -> 190.110.179.139:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49812 -> 27.72.107.215:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 190.110.179.139:443 -> 192.168.56.102:49811	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 27.72.107.215:443 -> 192.168.56.102:49812	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49813 -> 186.97.172.178:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 186.97.172.178:443 -> 192.168.56.102:49813	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49811 190.110.179.139:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	a4:a1:81:06:c2:26:c0:b1:d3:f0:fe:7a:2c:ff:b4:d6:09:65:aa:e7
TLSv1 192.168.56.102:49812 27.72.107.215:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	a4:a1:81:06:c2:26:c0:b1:d3:f0:fe:7a:2c:ff:b4:d6:09:65:aa:e7
TLSv1 192.168.56.102:49813 186.97.172.178:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	03:f9:52:49:c0:e2:62:9b:bf:52:1c:0d:34:ce:e9:25:49:fb:7e:cc

Snort Alerts

No Snort Alerts