NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 01:11
마이다스그룹, ‘AI 기반 면접 가이드’...
11.15 01:11
Chinese Data Center Fi...
11.15 01:11
한국이엔티씨, 2024년 고용노동부 주관...
11.15 12:11
Nebraskan Farmers Were...
11.15 12:11
휘틀, 4L 대용량 음식물처리기 ‘더슬림...
11.15 12:11
깨끗한나라 '디어스킨' 올리브영 관악타운...
11.15 12:11
모카시스템, '2024 도시·지역혁신대상...
11.15 12:11
전략 RPG ‘리메멘토–하얀 그림자’ C...
11.15 12:11
케이스티파이(CASETiFY), 5층 규...
11.15 11:11
2024-11-14 - Raspberry...

NetWork | ZeroBOX

IP Address	Status	Action
138.34.28.219	Active	Moloch
164.124.101.2	Active	Moloch
38.110.103.113	Active	Moloch
80.15.2.105	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 302 https://138.34.28.219/rob116/TEST22-PC_W617601.E07BB07373A3BB3F491F304B3B719B93/5/file/

GET 302 https://138.34.28.219/cookiechecker?uri=/rob116/TEST22-PC_W617601.E07BB07373A3BB3F491F304B3B719B93/5/file/

GET 302 https://138.34.28.219/index.html

GET 200 https://138.34.28.219/login.cgi?uri=/index.html

GET 404 https://38.110.103.113/rob116/TEST22-PC_W617601.E07BB07373A3BB3F491F304B3B719B93/5/file/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 80.15.2.105:443 -> 192.168.56.102:49166	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49166 -> 80.15.2.105:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49165 -> 38.110.103.113:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49164 -> 138.34.28.219:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 80.15.2.105:443 -> 192.168.56.102:49167	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 80.15.2.105:443 -> 192.168.56.102:49168	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 80.15.2.105:443 -> 192.168.56.102:49169	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49169 -> 80.15.2.105:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49165 38.110.103.113:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:10:C4:5A/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:10:C4:5A/emailAddress=support@ubnt.com	f8:a6:1d:83:c7:74:cb:aa:74:13:1b:31:74:93:a5:b4:a4:1b:bd:c5
TLSv1 192.168.56.102:49164 138.34.28.219:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-F4:92:BF:D6:1C:49/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-F4:92:BF:D6:1C:49/emailAddress=support@ubnt.com	0f:6c:9c:c8:a9:10:1e:c8:98:3f:01:df:32:ad:f1:7f:5d:d0:4c:54

Snort Alerts

No Snort Alerts