NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.213.208.196	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

POST 200 http://185.213.208.196:8080/client/setClientConfig?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

POST 200 http://185.213.208.196:8080/client/setClientStatus?clientId=test22-PC

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49212 -> 185.213.208.196:80	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49271 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49223 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 185.213.208.196:8080	2011341	ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection	A Network Trojan was detected
TCP 192.168.56.101:49273 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49270 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49272 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49277 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49278 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49274 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49275 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49276 -> 185.213.208.196:8080	2221034	SURICATA HTTP Request unrecognized authorization method	Generic Protocol Command Decode
TCP 192.168.56.101:49212 -> 185.213.208.196:80	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts