NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.215.113.22	Active	Moloch
79.141.72.138	Active	Moloch
79.141.72.156	Active	Moloch
79.141.72.52	Active	Moloch
88.86.102.51	Active	Moloch
88.86.102.52	Active	Moloch

Name	Response	Post-Analysis Lookup
stun.jabbim.cz	A 88.86.102.51	88.86.102.51

TCP Requests
- 192.168.56.101:49198 185.215.113.22:80

UDP Requests

GET 200 http://185.215.113.22/456.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
TCP 185.215.113.22:80 -> 192.168.56.101:49198	2400024	ET DROP Spamhaus DROP Listed Traffic Inbound group 25	Misc Attack
UDP 192.168.56.101:61481 -> 88.86.102.52:3479	2033078	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)	Attempted User Privilege Gain
UDP 88.86.102.52:3479 -> 192.168.56.101:61481	2018908	ET INFO Session Traversal Utilities for NAT (STUN Binding Response)	Generic Protocol Command Decode
UDP 88.86.102.51:3478 -> 192.168.56.101:61481	2016150	ET INFO Session Traversal Utilities for NAT (STUN Binding Response)	Attempted User Privilege Gain
UDP 88.86.102.51:3478 -> 192.168.56.101:61481	2018908	ET INFO Session Traversal Utilities for NAT (STUN Binding Response)	Generic Protocol Command Decode
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2018907	ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag true)	Generic Protocol Command Decode
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2018905	ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)	Generic Protocol Command Decode
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 88.86.102.51:3478	2016149	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)	Attempted User Privilege Gain
TCP 192.168.56.101:49198 -> 185.215.113.22:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 185.215.113.22:80 -> 192.168.56.101:49198	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.215.113.22:80 -> 192.168.56.101:49198	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts