popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 1 DNS 1 TCP 12 UDP 10 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
185.140.53.9 Active Moloch
Name Response Post-Analysis Lookup
1116.hopto.org
A 185.140.53.9
185.140.53.9

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49174 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49182 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
UDP 192.168.56.102:52062 -> 8.8.8.8:53 2028681 ET POLICY DNS Query to DynDNS Domain *.hopto .org Potentially Bad Traffic
UDP 192.168.56.102:64995 -> 8.8.8.8:53 2028681 ET POLICY DNS Query to DynDNS Domain *.hopto .org Potentially Bad Traffic
TCP 192.168.56.102:49175 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
UDP 192.168.56.102:58838 -> 8.8.8.8:53 2028681 ET POLICY DNS Query to DynDNS Domain *.hopto .org Potentially Bad Traffic
TCP 192.168.56.102:49180 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
UDP 192.168.56.102:52336 -> 8.8.8.8:53 2028681 ET POLICY DNS Query to DynDNS Domain *.hopto .org Potentially Bad Traffic
UDP 192.168.56.102:64472 -> 8.8.8.8:53 2028681 ET POLICY DNS Query to DynDNS Domain *.hopto .org Potentially Bad Traffic
TCP 192.168.56.102:49183 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49184 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected
UDP 192.168.56.102:64034 -> 8.8.8.8:53 2028681 ET POLICY DNS Query to DynDNS Domain *.hopto .org Potentially Bad Traffic
TCP 192.168.56.102:49181 -> 185.140.53.9:1116 2025019 ET MALWARE Possible NanoCore C2 60B Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts