NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 06:11
Classic LED Bubble Dis...
11.17 06:11
DIN-Download: Neue Vor...
11.17 06:11
IT Sicherheitsnews stü...
11.17 05:11
[AIS 2024 영상] 최원혁 누리랩 ...
11.17 05:11
[강연 영상] 김직동 개인정보위 과장 “...
11.17 05:11
Diese KI-Oma soll Betr...
11.17 05:11
ChatGPT knackt Rekord:...
11.17 05:11
Ancient TP-Link Backdo...
11.17 04:11
Malware Analysis - Wri...
11.17 03:11
Register Renaming: The...

NetWork | ZeroBOX

IP Address	Status	Action
104.20.67.143	Active	Moloch
164.124.101.2	Active	Moloch
188.165.24.131	Active	Moloch
194.180.48.231	Active	Moloch
54.250.156.221	Active	Moloch

Name	Response	Post-Analysis Lookup
gulf.moneroocean.stream	CNAME monerooceans.stream A 54.250.156.221	54.250.156.221
conn.gta5cheatcode.world	A 194.180.48.231	194.180.48.231
pastebin.com	A 104.20.67.143 A 172.67.34.170 A 104.20.68.143	172.67.34.170
ppanel.freaktorrentz.xyz	A 188.165.24.131	188.165.24.131

TCP Requests

UDP Requests

POST 200 http://ppanel.freaktorrentz.xyz/x/y/z/WebPanel/api/endpoint.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49164 -> 104.20.67.143:443	906200068	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	undefined
TCP 192.168.56.103:49165 -> 188.165.24.131:80	2011341	ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 188.165.24.131:80	2035420	ET MALWARE Win32/Pripyat Activity (POST)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 188.165.24.131:80	2031189	ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing	Misc activity
TCP 192.168.56.103:49166 -> 194.180.48.231:3333	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2027870	ET INFO Observed DNS Query to .world TLD	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 194.180.48.231:3333	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.103:49164 104.20.67.143:443	None	None	None
TLS 1.3 192.168.56.103:49163 54.250.156.221:20128	None	None	None

Snort Alerts

No Snort Alerts