NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 07:11
IT Sicherheitsnews stü...
11.17 06:11
World’s First Virtual ...
11.17 06:11
IT Sicherheitsnews stü...
11.17 06:11
KI und Coding: Wie Kün...
11.17 06:11
Bye-bye, Windows 10: E...
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
13.107.42.12	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
api.onedrive.com	CNAME common-afdrk.fe.1drv.com A 13.107.42.12 CNAME commonafdrk-brs.onedrive.akadns.net CNAME l-0003.l-msedge.net CNAME commonafdrk-geo.onedrive.akadns.net CNAME common.be.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net	13.107.42.12

TCP Requests
- 192.168.56.102:49166 13.107.42.12:443
  api.onedrive.com

UDP Requests

GET 404 https://api.onedrive.com/v1.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL3UvcyFBalVyZDlodU1wUWNjTGt4bXhBV0pjQU1ja2M_ZT1mUnc4VHg/root/content

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49166 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49166 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e

Snort Alerts

No Snort Alerts