NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행
11.16 06:11
WiFi Status Indicator ...
11.16 06:11
PAN-OS Firewall Vulner...
11.16 06:11
Dahua und Delo vereine...
11.16 05:11
NSO 그룹, 소송 중에도 ‘페가수스’로...
11.16 04:11
Warning: DEEPDATA Malw...
11.16 03:11
It’s a Soldering Iron!...
11.16 12:11
Critical Unauthenticat...
11.16 12:11
BASIC Co-Inventor Thom...

NetWork | ZeroBOX

IP Address	Status	Action
142.250.157.109	Active	Moloch
164.124.101.2	Active	Moloch
64.185.227.155	Active	Moloch
79.110.49.21	Active	Moloch

Name	Response	Post-Analysis Lookup
smtp.gmail.com	A 142.250.157.109	142.250.157.108
api.ipify.org	A 64.185.227.155 CNAME api4.ipify.org A 104.237.62.211 A 173.231.16.76	104.237.62.211

TCP Requests

UDP Requests

GET 499 https://api.ipify.org/

GET 200 http://79.110.49.21/dollzx.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49162 -> 79.110.49.21:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 79.110.49.21:80 -> 192.168.56.102:49162	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.168.56.102:49169 -> 64.185.227.155:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 142.250.157.109:587 -> 192.168.56.102:49171	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
TCP 79.110.49.21:80 -> 192.168.56.102:49162	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 79.110.49.21:80 -> 192.168.56.102:49162	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 79.110.49.21:80 -> 192.168.56.102:49162	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.102:49171 -> 142.250.157.109:587	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.102:49169 64.185.227.155:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.ipify.org	f4:76:2d:2c:65:d1:15:be:19:a4:c5:e0:8d:eb:89:1a:b6:75:4a:54
TLS 1.2 192.168.56.102:49171 142.250.157.109:587	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=smtp.gmail.com	55:e5:d4:8a:e3:25:81:65:a2:86:2d:bb:12:a8:44:40:dd:70:62:90

Snort Alerts

No Snort Alerts