NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 01:11
Zscaler launches Zero ...
11.20 01:11
Over 133K Oklahoma med...
11.20 01:11
Operant AI launches 3D...
11.20 01:11
Maxar Space Systems da...
11.20 01:11
Email breach hits Libr...
11.20 01:11
Cyberattack pilfers $2...
11.20 01:11
Bitwarden exploited in...
11.20 01:11
AWS, Sheltered Harbor ...
11.20 01:11
AWS expands MFA requir...
11.20 01:11
IT Sicherheitsnews stü...

NetWork | ZeroBOX

IP Address	Status	Action
139.196.72.155	Active	Moloch
159.69.237.188	Active	Moloch
168.119.39.118	Active	Moloch
186.250.48.5	Active	Moloch
194.9.172.107	Active	Moloch
207.148.81.119	Active	Moloch
51.75.33.122	Active	Moloch
78.47.204.80	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49171 -> 139.196.72.155:8080	2404304	ET CNC Feodo Tracker Reported CnC Server group 5	A Network Trojan was detected
TCP 192.168.56.101:49170 -> 194.9.172.107:8080	2404311	ET CNC Feodo Tracker Reported CnC Server group 12	A Network Trojan was detected
TCP 192.168.56.101:49171 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49172 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 139.196.72.155:8080 -> 192.168.56.101:49173	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts