NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.24 01:09
GoogleUpdate.exe
09.24 01:09
ufw.exe
09.24 01:09
lgrn.exe
09.24 01:09
lgfjd.exe
09.24 01:09
otra.exe
09.24 01:09
66f16f7e683b4_Trippers...
09.24 01:09
1.txt.ps1
09.24 11:09
66f18a5501651_ww_a.exe
09.24 11:09
66f1aed72de87_crypted....
09.24 11:09
wsd.exe

Latest News
09.24 02:09
본죽, ‘2024 쇼핑백 콘테스트’ 최종...
09.24 02:09
모델 김수아, 프리미엄 정이품·본케어G-...
09.24 02:09
미스지콜렉션(MISS GEE COLLEC...
09.24 02:09
코어에이아이, 업계 최초 생성형 AI 애...
09.24 02:09
피자는치즈빨 용인 처인구점, 지역 소외아...
09.24 02:09
Digital Audio Workstat...
09.24 02:09
클린앤제이, 고객 서비스 개선 위한 '고...
09.24 02:09
클린앤환경, 배관케어 기술혁신 부문 수상...
09.24 02:09
한국미래복지재단, 미혼모가족협회 협약식 개최
09.24 01:09
Authentication and Aut...

NetWork | ZeroBOX

IP Address	Status	Action
104.211.55.2	Active	Moloch
164.124.101.2	Active	Moloch
172.67.75.172	Active	Moloch

Name	Response	Post-Analysis Lookup
api.ip.sb	CNAME api.ip.sb.cdn.cloudflare.net A 104.26.13.31 A 104.26.12.31 A 172.67.75.172	172.67.75.172

TCP Requests
- 192.168.56.101:49162 104.211.55.2:80
- 192.168.56.101:49163 172.67.75.172:443
  api.ip.sb

UDP Requests

GET 200 https://api.ip.sb/ip

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49163 -> 172.67.75.172:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49162 -> 104.211.55.2:80	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49163 172.67.75.172:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	53:56:0b:3a:91:49:7f:18:59:87:21:98:d3:7f:98:0b:b4:ae:cb:cc

Snort Alerts

No Snort Alerts