NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 01:11
Akamai?s Perspective o...
11.16 12:11
김수키 에서 만든 피싱 사이트 동덕여자대...
11.16 12:11
This Week in Security:...
11.16 12:11
Sintesi riepilogativa ...
11.16 12:11
Babble Babble Babble B...
11.16 12:11
Updated whitepaper: Ar...
11.16 12:11
Wie KI räumliche Vorst...
11.16 12:11
Whatsapp erinnert euch...
11.16 12:11
SaaS für Standards dig...
11.16 12:11
Gegen den Trend: Diese...

NetWork | ZeroBOX

IP Address	Status	Action
128.201.76.252	Active	Moloch
164.124.101.2	Active	Moloch
185.56.175.122	Active	Moloch
216.166.148.187	Active	Moloch
45.36.99.184	Active	Moloch
46.99.175.149	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://46.99.175.149/top111/TEST22-PC_W617601.511F739DF11CD53BB8613D8ECFB9F3D1/5/file/

GET 200 https://45.36.99.184/top111/TEST22-PC_W617601.511F739DF11CD53BB8613D8ECFB9F3D1/5/file/

GET 200 https://185.56.175.122/top111/TEST22-PC_W617601.511F739DF11CD53BB8613D8ECFB9F3D1/5/file/

GET 200 https://128.201.76.252/top111/TEST22-PC_W617601.511F739DF11CD53BB8613D8ECFB9F3D1/5/file/

GET 200 https://216.166.148.187/top111/TEST22-PC_W617601.511F739DF11CD53BB8613D8ECFB9F3D1/5/file/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49202 -> 46.99.175.149:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49205 -> 128.201.76.252:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49206 -> 216.166.148.187:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49203 -> 45.36.99.184:443	2404318	ET CNC Feodo Tracker Reported CnC Server group 19	A Network Trojan was detected
TCP 192.168.56.101:49203 -> 45.36.99.184:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 128.201.76.252:443 -> 192.168.56.101:49205	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 46.99.175.149:443 -> 192.168.56.101:49202	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 216.166.148.187:443 -> 192.168.56.101:49206	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 45.36.99.184:443 -> 192.168.56.101:49203	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49204 -> 185.56.175.122:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 185.56.175.122:443 -> 192.168.56.101:49204	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49202 46.99.175.149:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.101:49205 128.201.76.252:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.101:49206 216.166.148.187:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.101:49203 45.36.99.184:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.101:49204 185.56.175.122:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02

Snort Alerts

No Snort Alerts