NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...
07.06 06:07
The Problem With Bug B...

NetWork | ZeroBOX

IP Address	Status	Action
142.250.199.65	Active	Moloch
142.250.204.110	Active	Moloch
142.250.66.109	Active	Moloch
142.250.66.41	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.217.26.137	Active	Moloch
207.241.227.129	Active	Moloch
67.199.248.10	Active	Moloch
67.199.248.17	Active	Moloch

Name	Response	Post-Analysis Lookup
bit.ly	A 67.199.248.11 A 67.199.248.10	67.199.248.10
accounts.google.com	A 142.250.66.109	216.58.220.141
www.j.mp	A 67.199.248.17 CNAME j.mp A 67.199.248.16	67.199.248.17
ia601409.us.archive.org	A 207.241.227.129	207.241.227.129
yahameinhunbusorkoinai.blogspot.com	CNAME blogspot.l.googleusercontent.com A 142.250.199.65	172.217.175.65
google.com	A 142.250.204.110	216.58.220.142
www.blogger.com	A 172.217.26.137 CNAME blogger.l.google.com	172.217.175.9
resources.blogblog.com	CNAME blogger.l.google.com A 142.250.66.41	172.217.31.137

TCP Requests

UDP Requests

GET 200 https://yahameinhunbusorkoinai.blogspot.com/p/divine11111.html

GET 200 https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css

GET 200 https://www.blogger.com/static/v1/jsbin/1277698886-ieretrofit.js

GET 200 https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js

GET 200 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=9202096335134795169&zx=b73d5666-d098-4854-a4dd-8e948356adfd

GET 200 https://www.blogger.com/static/v1/widgets/1564291244-widgets.js

GET 200 https://resources.blogblog.com/img/icon18_edit_allbkg.gif

GET 200 https://resources.blogblog.com/img/icon18_wrench_allbkg.png

GET 302 https://www.blogger.com/blogin.g?blogspotURL=https://yahameinhunbusorkoinai.blogspot.com/p/divine11111.html&type=blog

GET 200 https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

GET 200 https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

GET 200 https://www.blogger.com/img/share_buttons_20_3.png

GET 200 https://ia601409.us.archive.org/1/items/divonee111/divonee111.txt

GET 301 http://www.j.mp/ddsobpechateessentesathatesesjdw

GET 301 http://bit.ly/ddsobpechateessentesathatesesjdw

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.102	142.250.204.110	8	abcdefghijklmnopqrstuvwabcdefghi
142.250.204.110	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49812 -> 172.217.26.137:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49817 -> 142.250.66.109:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49819 -> 207.241.227.129:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49810 -> 142.250.199.65:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49814 -> 142.250.66.41:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49815 -> 142.250.66.41:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49813 -> 172.217.26.137:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49812 172.217.26.137:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	6d:15:a5:86:b1:43:d2:08:12:2b:dd:b8:2b:a2:75:1c:17:14:4f:37
TLSv1 192.168.56.102:49810 142.250.199.65:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=misc-sni.blogspot.com	9c:32:17:b5:e8:f9:04:a7:4d:a7:f0:b9:db:ca:b3:18:75:b5:cb:50
TLSv1 192.168.56.102:49819 207.241.227.129:443	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.us.archive.org	9c:3c:d6:6d:65:69:f2:95:8c:99:48:e3:e0:7f:14:38:36:4c:ba:d0
TLSv1 192.168.56.102:49814 142.250.66.41:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	6d:15:a5:86:b1:43:d2:08:12:2b:dd:b8:2b:a2:75:1c:17:14:4f:37
TLSv1 192.168.56.102:49815 142.250.66.41:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	6d:15:a5:86:b1:43:d2:08:12:2b:dd:b8:2b:a2:75:1c:17:14:4f:37
TLSv1 192.168.56.102:49813 172.217.26.137:443	None	None	None

Snort Alerts

No Snort Alerts