NetWork | ZeroBOX

Network Analysis

IP Address Status Action
103.75.201.2 Active Moloch
103.75.201.4 Active Moloch
110.232.117.186 Active Moloch
146.59.226.45 Active Moloch
151.106.112.196 Active Moloch
153.126.146.25 Active Moloch
158.69.222.101 Active Moloch
162.214.118.104 Active Moloch
164.68.99.3 Active Moloch
173.212.193.249 Active Moloch
176.56.128.118 Active Moloch
177.87.70.10 Active Moloch
185.157.82.211 Active Moloch
185.4.135.27 Active Moloch
185.8.212.130 Active Moloch
186.250.48.117 Active Moloch
192.99.251.50 Active Moloch
195.154.133.20 Active Moloch
196.218.30.83 Active Moloch
207.38.84.195 Active Moloch
209.126.98.206 Active Moloch
212.237.17.99 Active Moloch
212.24.98.99 Active Moloch
217.182.143.248 Active Moloch
31.24.158.56 Active Moloch
45.118.135.203 Active Moloch
45.142.114.231 Active Moloch
45.176.232.124 Active Moloch
46.55.222.11 Active Moloch
5.9.116.246 Active Moloch
51.91.7.5 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49165 -> 217.182.143.248:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 217.182.143.248:8080 -> 192.168.56.101:49167 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 185.4.135.27:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 185.4.135.27:8080 -> 192.168.56.101:49171 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49166 -> 217.182.143.248:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49174 -> 192.99.251.50:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49173 -> 192.99.251.50:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 146.59.226.45:443 -> 192.168.56.101:49179 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 177.87.70.10:8080 -> 192.168.56.101:49190 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49177 -> 146.59.226.45:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49201 -> 186.250.48.117:7080 2404309 ET CNC Feodo Tracker Reported CnC Server group 10 A Network Trojan was detected
TCP 192.168.56.101:49193 -> 103.75.201.4:443 2404301 ET CNC Feodo Tracker Reported CnC Server group 2 A Network Trojan was detected
TCP 192.168.56.101:49183 -> 103.75.201.2:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49201 -> 186.250.48.117:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49193 -> 103.75.201.4:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49184 -> 103.75.201.2:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49212 -> 176.56.128.118:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49194 -> 103.75.201.4:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49217 -> 207.38.84.195:8080 2404312 ET CNC Feodo Tracker Reported CnC Server group 13 A Network Trojan was detected
TCP 192.168.56.101:49205 -> 46.55.222.11:443 2404317 ET CNC Feodo Tracker Reported CnC Server group 18 A Network Trojan was detected
TCP 192.168.56.101:49170 -> 185.4.135.27:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 207.38.84.195:8080 -> 192.168.56.101:49217 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.99.251.50:443 -> 192.168.56.101:49175 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 46.55.222.11:443 -> 192.168.56.101:49207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 177.87.70.10:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49222 -> 209.126.98.206:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.75.201.4:443 -> 192.168.56.101:49195 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 146.59.226.45:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49200 -> 186.250.48.117:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49211 -> 176.56.128.118:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 186.250.48.117:7080 -> 192.168.56.101:49202 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 176.56.128.118:443 -> 192.168.56.101:49213 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49206 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49215 -> 207.38.84.195:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 209.126.98.206:8080 -> 192.168.56.101:49224 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49216 -> 207.38.84.195:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.75.201.2:443 -> 192.168.56.101:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49223 -> 209.126.98.206:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49189 -> 177.87.70.10:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts