NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 08:04
main-292e27553c8f5cb8....
04.27 08:04
6814.91bf0d11abffee40....
04.27 08:04
polyfills-c67a75d1b6f9...
04.27 08:04
framework-ca706bf673a1...
04.27 08:04
ee8b1517-cc4d7300db272...
04.27 08:04
_app-8a13ca4ac05f979e....
04.27 08:04
webpack-6751726d88b2d8...
04.27 08:04
gtm.js.pobrane
04.27 08:04
290-f42c07d7b35e4d71.j...
04.27 08:04
75fc9c18-02b28d24f737c...

Latest News
04.28 02:04
Quick and Easy Digital...
04.28 01:04
Überwachung per KI-Per...
04.28 01:04
Cluely: Wie eine Schum...
04.28 12:04
Huawei Set to Test Pow...
04.28 12:04
윈도우 11 보안 기능 VBS Encla...
04.28 12:04
Big Tech’s Earnings Pr...
04.27 11:04
VESC Mods Made Via Vib...
04.27 09:04
Apple Begins Breaking ...
04.27 08:04
Save Cells from the La...
04.27 07:04
Golang backdoor with a...

NetWork | ZeroBOX

IP Address	Status	Action
148.251.234.83	Active	Moloch
149.28.253.196	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
iplogger.org	A 148.251.234.83	148.251.234.83
www.icodeps.com	A 149.28.253.196	149.28.253.196

TCP Requests

UDP Requests

GET 200 https://www.icodeps.com/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49164 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49164 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49162 -> 149.28.253.196:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.83:443 -> 192.168.56.103:49166	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
UDP 192.168.56.103:50800 -> 164.124.101.2:53	2035948	ET POLICY IP Check Domain (iplogger .org in DNS Lookup)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49165 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49165 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49165 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49165 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49164 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49162 149.28.253.196:443	C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G2	CN=icodeps.com	87:db:69:7b:62:f3:12:4a:c6:40:1e:05:07:04:95:6d:41:8c:f8:26

Snort Alerts

No Snort Alerts