NetWork | ZeroBOX

IP Address	Status	Action
104.244.42.193	Active	Moloch
142.250.204.132	Active	Moloch
157.240.215.35	Active	Moloch
164.124.101.2	Active	Moloch
31.14.69.10	Active	Moloch

Name	Response	Post-Analysis Lookup
www.facebook.com	A 157.240.215.35 CNAME star-mini.c10r.facebook.com	157.240.215.35
store2.gofile.io	A 31.14.69.10	31.14.69.10
www.google.com	A 142.250.204.132	172.217.31.132
www.twitter.com	CNAME twitter.com A 104.244.42.193	104.244.42.129

TCP Requests
- 192.168.56.102:49169 31.14.69.10:443
  store2.gofile.io

UDP Requests

GET 200 https://store2.gofile.io/download/44989e53-4040-4cf6-800e-087ac6154184/Iuugtkemaayyziygy.dll

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.102	104.244.42.193	8	abcdefghijklmnopqrstuvwabcdefghi
104.244.42.193	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	104.244.42.193	8	abcdefghijklmnopqrstuvwabcdefghi
104.244.42.193	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	104.244.42.193	8	abcdefghijklmnopqrstuvwabcdefghi
104.244.42.193	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	104.244.42.193	8	abcdefghijklmnopqrstuvwabcdefghi
104.244.42.193	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	142.250.204.132	8	abcdefghijklmnopqrstuvwabcdefghi
142.250.204.132	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	142.250.204.132	8	abcdefghijklmnopqrstuvwabcdefghi
142.250.204.132	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	142.250.204.132	8	abcdefghijklmnopqrstuvwabcdefghi
142.250.204.132	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	142.250.204.132	8	abcdefghijklmnopqrstuvwabcdefghi
142.250.204.132	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	157.240.215.35	8	abcdefghijklmnopqrstuvwabcdefghi
157.240.215.35	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	157.240.215.35	8	abcdefghijklmnopqrstuvwabcdefghi
157.240.215.35	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	157.240.215.35	8	abcdefghijklmnopqrstuvwabcdefghi
157.240.215.35	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	157.240.215.35	8	abcdefghijklmnopqrstuvwabcdefghi
157.240.215.35	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	204.79.197.200	8	abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	204.79.197.200	8	abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	204.79.197.200	8	abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	204.79.197.200	8	abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49169 -> 31.14.69.10:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.102:49169 31.14.69.10:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gofile.io	4c:cc:6b:32:8f:55:d8:cc:fa:f4:4d:ae:80:a1:dd:b7:e3:e2:84:ae

Snort Alerts

No Snort Alerts