NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.04 10:05
mediacje.png
05.04 10:05
Portal orzeczeń - Sąd ...
05.04 04:05
2708.bson
05.04 04:05
289e4f9df20d686b_{4fc7...
05.04 04:05
2616.bson

Latest News
05.05 02:05
Lancing College Shares...
05.05 01:05
ISC Stormcast For Mond...
05.05 01:05
Trump Plans to Tax Mov...
05.05 11:05
Global Ransomware Dama...
05.05 11:05
빌리세움, 코나카드와 손잡고 제주항공 트...
05.05 11:05
Train With Morse Master
05.05 09:05
IT Sicherheitsnews tae...
05.05 09:05
IT Sicherheitsnews woc...
05.05 09:05
IT Sicherheitsnews tae...
05.05 08:05
StealC 악성코드 v2.2.4 등장…...

NetWork | ZeroBOX

IP Address	Status	Action
185.163.45.42	Active	Moloch
146.59.132.186	Active	Moloch
164.124.101.2	Active	Moloch
31.14.69.10	Active	Moloch

Name	Response	Post-Analysis Lookup
cloudhost.myfirewall.org	A 146.59.132.186	146.59.132.186
store2.gofile.io	A 31.14.69.10	31.14.69.10

TCP Requests
- 192.168.56.101:49204 31.14.69.10:443
  store2.gofile.io

UDP Requests

GET 200 https://store2.gofile.io/download/4e000ee8-86dd-407b-8452-140e650fa3e9/Aufvbosfzpz.dll

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 31.14.69.10:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:59369 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:54056 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:56977 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:55450 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:62362 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:61673 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:62902 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:55667 -> 8.8.8.8:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:57460 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:50851 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:65329 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:56887 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:60751 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:62430 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:55629 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic
UDP 192.168.56.101:55667 -> 164.124.101.2:53	2032792	ET INFO Observed DNS Query to DDNS Domain .myfirewall .org	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.101:49204 31.14.69.10:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gofile.io	4c:cc:6b:32:8f:55:d8:cc:fa:f4:4d:ae:80:a1:dd:b7:e3:e2:84:ae

Snort Alerts

No Snort Alerts