NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

NetWork | ZeroBOX

IP Address	Status	Action
103.221.220.15	Active	Moloch
103.27.74.73	Active	Moloch
104.76.75.146	Active	Moloch
164.124.101.2	Active	Moloch
208.91.197.91	Active	Moloch

Name	Response	Post-Analysis Lookup
meettrust.in	A 208.91.197.91	192.185.129.109
aqissarafood.com.my	A 103.27.74.73	103.27.74.73
radiocaca.top	A 103.221.220.15	103.221.220.15
x1.i.lencr.org	CNAME crl.root-x1.letsencrypt.org.edgekey.net CNAME e8652.dscx.akamaiedge.net A 104.76.75.146	104.74.211.103

TCP Requests

UDP Requests

GET 200 http://x1.i.lencr.org/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49174 -> 103.221.220.15:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49174 -> 103.221.220.15:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49172 -> 103.221.220.15:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49172 -> 103.221.220.15:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
UDP 192.168.56.103:50665 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 103.221.220.15:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49168 -> 208.91.197.91:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 103.221.220.15:443 -> 192.168.56.103:49174	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 103.221.220.15:443 -> 192.168.56.103:49174	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 103.221.220.15:443 -> 192.168.56.103:49172	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 103.221.220.15:443 -> 192.168.56.103:49172	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 103.221.220.15:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 103.221.220.15:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 103.221.220.15:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 103.27.74.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 103.221.220.15:443 -> 192.168.56.103:49173	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 103.221.220.15:443 -> 192.168.56.103:49173	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49168 208.91.197.91:443	C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp	C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp	1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68
TLSv1 192.168.56.103:49169 103.27.74.73:443	C=US, O=Let's Encrypt, CN=R3	CN=*.anamuslimpreschool.com	31:f5:04:25:4c:24:41:84:cf:0d:b6:1f:75:76:e9:8f:23:f0:c9:ea

Snort Alerts

No Snort Alerts