NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...
07.06 06:07
The Problem With Bug B...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.163.45.56	Active	Moloch

Name	Response	Post-Analysis Lookup
mofa.iugur.live	A 185.163.45.56	185.163.45.56

TCP Requests
- 192.168.56.101:49201 185.163.45.56:443
  mofa.iugur.live

UDP Requests

GET 404 https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=

GET 404 https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=

GET 404 https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=

GET 404 https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/

GET 404 https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/

GET 404 https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/

GET 404 https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=&e=%EC%9B%90%EA%B2%A9%20%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C%20(404)%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%9D%8C%20%EC%98%A4%EB%A5%98%EB%A5%BC%20%EB%B0%98%ED%99%98%ED%96%88%EC%8A%B5%EB%8B%88%EB%8B%A4.

GET 404 https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=&e=%EC%9B%90%EA%B2%A9%20%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C%20(404)%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%9D%8C%20%EC%98%A4%EB%A5%98%EB%A5%BC%20%EB%B0%98%ED%99%98%ED%96%88%EC%8A%B5%EB%8B%88%EB%8B%A4.

GET 404 https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=&e=%EC%9B%90%EA%B2%A9%20%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C%20(404)%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%9D%8C%20%EC%98%A4%EB%A5%98%EB%A5%BC%20%EB%B0%98%ED%99%98%ED%96%88%EC%8A%B5%EB%8B%88%EB%8B%A4.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49201 -> 185.163.45.56:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49201 185.163.45.56:443	C=US, O=Let's Encrypt, CN=R3	CN=*.iugur.live	e3:d0:2e:6f:dd:cc:f9:aa:87:9f:48:cc:c6:70:fc:71:9b:74:f8:ec

Snort Alerts

No Snort Alerts