NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 01:11
Akamai?s Perspective o...
11.16 12:11
김수키 에서 만든 피싱 사이트 동덕여자대...
11.16 12:11
This Week in Security:...
11.16 12:11
Sintesi riepilogativa ...
11.16 12:11
Babble Babble Babble B...
11.16 12:11
Updated whitepaper: Ar...
11.16 12:11
Wie KI räumliche Vorst...
11.16 12:11
Whatsapp erinnert euch...
11.16 12:11
SaaS für Standards dig...
11.16 12:11
Gegen den Trend: Diese...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
198.54.116.130	Active	Moloch

Name	Response	Post-Analysis Lookup
dorothymambrose.live	A 198.54.116.130	198.54.116.130

TCP Requests

UDP Requests

GET 304 http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip

GET 304 http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip

GET 304 http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip

GET 304 http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip

POST 200 http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/Bbf0VKK5GZjWAo2phPwe

POST 200 http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/g5cBEYiSfa9vFvj9Qix6

POST 200 http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/jkHs2LXmxxRKvBtHVYp

POST 200 http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/g5cBEYiSfa9vFvj9Qix6

POST 200 http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/PhZsaXdR1V7zV9wmdXNv

POST 200 http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/jkHs2LXmxxRKvBtHVYp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 198.54.116.130:443 -> 192.168.56.103:49181	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 198.54.116.130:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49185 -> 198.54.116.130:80	2031371	ET MALWARE MICROPSIA CnC Checkin	A Network Trojan was detected
TCP 192.168.56.103:49185 -> 198.54.116.130:80	2032823	ET MALWARE MICROPSIA Screenshot Upload M3	Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 198.54.116.130:80	2032823	ET MALWARE MICROPSIA Screenshot Upload M3	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts