NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 07:11
T-Mobile Caught Hacker...
11.20 07:11
Securing the RAG inges...
11.20 07:11
Atlassian security adv...
11.20 07:11
Westpac NZ CEO Urges F...
11.20 07:11
Nach Cyberattacke: Süd...
11.20 07:11
Nach Cyberattacke: Neu...
11.20 06:11
Apple security advisor...
11.20 06:11
The DOJ Goes After Goo...
11.20 06:11
Qualcomm Expects to Ma...
11.20 06:11
Raspberry Pi Compute M...

NetWork | ZeroBOX

IP Address	Status	Action
103.132.242.26	Active	Moloch
104.168.155.143	Active	Moloch
159.65.88.10	Active	Moloch
164.124.101.2	Active	Moloch
164.90.222.65	Active	Moloch
167.172.199.165	Active	Moloch
182.162.143.56	Active	Moloch
183.111.227.137	Active	Moloch
187.63.160.88	Active	Moloch
66.228.32.31	Active	Moloch
72.15.201.15	Active	Moloch
91.121.146.47	Active	Moloch
91.207.28.33	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

No traffic

ICMP traffic

Source	Destination	ICMP Type	Data
103.132.242.26	192.168.56.102	3
103.132.242.26	192.168.56.102	3
103.132.242.26	192.168.56.102	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 66.228.32.31:7080 -> 192.168.56.102:49181	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49182 -> 182.162.143.56:443	2404306	ET CNC Feodo Tracker Reported CnC Server group 7	A Network Trojan was detected
TCP 192.168.56.102:49185 -> 187.63.160.88:80	2404307	ET CNC Feodo Tracker Reported CnC Server group 8	A Network Trojan was detected
TCP 187.63.160.88:80 -> 192.168.56.102:49185	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49187 -> 167.172.199.165:8080	2404304	ET CNC Feodo Tracker Reported CnC Server group 5	A Network Trojan was detected
TCP 91.121.146.47:8080 -> 192.168.56.102:49179	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 167.172.199.165:8080 -> 192.168.56.102:49187	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 182.162.143.56:443 -> 192.168.56.102:49183	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49189 -> 104.168.155.143:8080	2404300	ET CNC Feodo Tracker Reported CnC Server group 1	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts